Scanned pages/files
Request | Server response | Status |
http://kingaust.com/ | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=0 Connection: close Date: Sun, 15 Jun 2014 22:15:04 GMT Location: http://www.kingaust.com/ Server: Dimofinf Hosting Content-Length: 294 Content-Type: text/html; charset=iso-8859-1 Expires: Sun, 15 Jun 2014 22:15:04 GMT X-Cache: HIT from Backend | clean |
http://www.kingaust.com/ | 200 OK Content-Length: 57584 Content-Type: text/html | clean |
http://www.kingaust.com/clientscript/yui/yahoo-dom-event/yahoo-dom-event.js?v=386 | 200 OK Content-Length: 36628 Content-Type: application/javascript | clean |
http://kingaust.com/clientscript/yui/connection/connection-min.js?v=386 | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=7200 Connection: close Date: Sun, 15 Jun 2014 22:15:06 GMT Location: http://www.kingaust.com/clientscript/yui/connection/connection-min.js?v=386 Server: Dimofinf Hosting Content-Length: 345 Content-Type: text/html; charset=iso-8859-1 Expires: Mon, 16 Jun 2014 00:15:06 GMT | clean |
http://www.kingaust.com/clientscript/yui/connection/connection-min.js?v=386 | 200 OK Content-Length: 11604 Content-Type: application/javascript | clean |
http://kingaust.com/clientscript/vbulletin_global.js?v=386 | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=7200 Connection: close Date: Sun, 15 Jun 2014 22:15:06 GMT Location: http://www.kingaust.com/clientscript/vbulletin_global.js?v=386 Server: Dimofinf Hosting Content-Length: 332 Content-Type: text/html; charset=iso-8859-1 Expires: Mon, 16 Jun 2014 00:15:06 GMT | clean |
http://www.kingaust.com/clientscript/vbulletin_global.js?v=386 | 200 OK Content-Length: 26027 Content-Type: application/javascript | clean |
http://kingaust.com/clientscript/vbulletin_menu.js?v=386 | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=7200 Connection: close Date: Sun, 15 Jun 2014 22:15:07 GMT Location: http://www.kingaust.com/clientscript/vbulletin_menu.js?v=386 Server: Dimofinf Hosting Content-Length: 330 Content-Type: text/html; charset=iso-8859-1 Expires: Mon, 16 Jun 2014 00:15:07 GMT | clean |
http://www.kingaust.com/clientscript/vbulletin_menu.js?v=386 | 200 OK Content-Length: 9440 Content-Type: application/javascript | clean |
http://kingaust.com//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js/ | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=0 Connection: close Date: Sun, 15 Jun 2014 22:15:07 GMT Location: http://www.kingaust.com/pagead2.googlesyndication.com/pagead/js/adsbygoogle.js/ Server: Dimofinf Hosting Content-Length: 349 Content-Type: text/html; charset=iso-8859-1 Expires: Sun, 15 Jun 2014 22:15:07 GMT X-Cache: HIT from Backend | clean |
http://www.kingaust.com/pagead2.googlesyndication.com/pagead/js/adsbygoogle.js/ | 404 Not Found Content-Length: 438 Content-Type: text/html | clean |
http://www.kingaust.com/test404page.js | 404 Not Found Content-Length: 397 Content-Type: text/html | clean |
http://kingaust.com/clientscript/vbulletin_md5.js?v=386 | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=7200 Connection: close Date: Sun, 15 Jun 2014 22:15:07 GMT Location: http://www.kingaust.com/clientscript/vbulletin_md5.js?v=386 Server: Dimofinf Hosting Content-Length: 329 Content-Type: text/html; charset=iso-8859-1 Expires: Mon, 16 Jun 2014 00:15:07 GMT | clean |
http://www.kingaust.com/clientscript/vbulletin_md5.js?v=386 | 200 OK Content-Length: 5464 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var hexcase=0;var b64pad="";var chrsz=8;function hex_md5(A){return binl2hex(core_md5(str2binl(A),A.length*chrsz))}function b64_md5(A){return binl2b64(core_md5(str2binl(A),A.length*chrsz))}function str_md5(A){return binl2str(core_md5(str2binl(A),A.length*chrsz))}function hex_hmac_md5(A,B){return binl2hex(core_hmac_md5(A,B))}function b64_hmac_md5(A,B){return binl2b64(core_hmac_md5(A,B))}function str_hmac_md5(A,B){return binl2str(core_hmac_md5(A,B))}function core_md5(K,F){K[F>>5]|=128<< Antivirus reports:
| ||
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 21491 Content-Type: text/javascript | clean |
http://kingaust.com/clientscript/vbulletin_read_marker.js?v=386 | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=7200 Connection: close Date: Sun, 15 Jun 2014 22:15:08 GMT Location: http://www.kingaust.com/clientscript/vbulletin_read_marker.js?v=386 Server: Dimofinf Hosting Content-Length: 337 Content-Type: text/html; charset=iso-8859-1 Expires: Mon, 16 Jun 2014 00:15:08 GMT | clean |
http://www.kingaust.com/clientscript/vbulletin_read_marker.js?v=386 | 200 OK Content-Length: 3439 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: kingaust.com
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: max-age=0
Connection: close
Date: Sun, 15 Jun 2014 22:15:04 GMT
Location: http://www.kingaust.com/
Server: Dimofinf Hosting
Content-Length: 294
Content-Type: text/html; charset=iso-8859-1
Expires: Sun, 15 Jun 2014 22:15:04 GMT
X-Cache: HIT from Backend
...294 bytes of data.
GET / HTTP/1.1
Host: kingaust.com
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: max-age=0
Connection: close
Date: Sun, 15 Jun 2014 22:15:04 GMT
Location: http://www.kingaust.com/
Server: Dimofinf Hosting
Content-Length: 294
Content-Type: text/html; charset=iso-8859-1
Expires: Sun, 15 Jun 2014 22:15:04 GMT
X-Cache: HIT from Backend
...294 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: kingaust.com
Referer: http://www.google.com/search?q=kingaust.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: kingaust.com
Referer: http://www.google.com/search?q=kingaust.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=kingaust.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://kingaust.com/
Result: kingaust.com is not infected or malware details are not published yet.
Result: kingaust.com is not infected or malware details are not published yet.