Scanned pages/files
Request | Server response | Status |
http://nobrain.dk/ | 200 OK Content-Length: 6788 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- if(window.attachEvent){ document.body.onkeydown = function(){ if(Math.random() > .5) for(var i = 0; i < 35; i++) document.getElementById('roll').Back(); else for(var i = 0; i < 53; i++) document.getElementById('roll').Forward(); document.getElementById('roll').Play(); return false; } } Antivirus reports:
| ||
http://nobrain.dk/mail/ | 200 OK Content-Length: 4593 Content-Type: text/html | clean |
http://nobrain.dk/cdn-cgi/l/email-protection | 200 OK Content-Length: 4153 Content-Type: text/html | clean |
http://nobrain.dk/cdn-cgi/scripts/zepto.min.js | 200 OK Content-Length: 24975 Content-Type: application/javascript | clean |
http://nobrain.dk/cdn-cgi/scripts/cf.common.js | 200 OK Content-Length: 4408 Content-Type: application/javascript | clean |
http://nobrain.dk//www.cloudflare.com/sign-up/ | 404 Not Found Content-Length: 2209 Content-Type: text/html | clean |
http://nobrain.dk/test404page.js | 404 Not Found Content-Length: 2196 Content-Type: text/html | clean |
http://nobrain.dk/cdn-cgi/l/ | 404 Not Found Content-Length: 2192 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: nobrain.dk
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 13 Mar 2015 10:42:03 GMT
ETag: W/"1459-4f5951caee9c0-gzip"
Server: cloudflare-nginx
Vary: Accept-Encoding
Content-Type: text/html
Last-Modified: Thu, 27 Mar 2014 11:44:47 GMT
CF-RAY: 1c67214388e116dc-ARN
Set-Cookie: __cfduid=d9bf37fda40d38f007d9ff325c24581071426243323; expires=Sat, 12-Mar-16 10:42:03 GMT; path=/; domain=.nobrain.dk; HttpOnly
GET / HTTP/1.1
Host: nobrain.dk
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 13 Mar 2015 10:42:03 GMT
ETag: W/"1459-4f5951caee9c0-gzip"
Server: cloudflare-nginx
Vary: Accept-Encoding
Content-Type: text/html
Last-Modified: Thu, 27 Mar 2014 11:44:47 GMT
CF-RAY: 1c67214388e116dc-ARN
Set-Cookie: __cfduid=d9bf37fda40d38f007d9ff325c24581071426243323; expires=Sat, 12-Mar-16 10:42:03 GMT; path=/; domain=.nobrain.dk; HttpOnly
Second query (visit from search engine):
GET / HTTP/1.1
Host: nobrain.dk
Referer: http://www.google.com/search?q=nobrain.dk
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: nobrain.dk
Referer: http://www.google.com/search?q=nobrain.dk
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=nobrain.dk
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://nobrain.dk/
Result: nobrain.dk is not infected or malware details are not published yet.
Result: nobrain.dk is not infected or malware details are not published yet.