Scanned pages/files
Request | Server response | Status |
https://pro.budurl.com/login | 200 OK Content-Length: 5327 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. ...[557 bytes skipped]... ventListener?e.addEventListener(b,d,false):e.attachEvent("on"+b,d); (function(){function l(j){j="head";return["<",j,"></",j,"><",z,' onl'+'oad="var d=',B,";d.getElementsByTagName('head')[0].",y,"(d.",A,"('script')).",u,"='",a,"//",c.l,"'",'"',"></",z,">"].join("")}var z="body",s=h[z];if(!s){return setTimeout(arguments.callee,100)}c.P(1);var y="appendChild",A="createElement",u="src",r=h[A]("div"),G=r[y](h[A](g)),D=h[A]("iframe"),B="document",C="domain",q;r.style.display="none";s.insertBefore(r,s.firstChild).id=g;D.frameBorder="0";D.id=g+"-loader";if(/MSIE[ ]+6/.test(navigator.userAgent)){D.src="javascript:false"} D.allowTransparency="true";G[y](D);try{D.contentWindow[B].open()}catch(F){i[C]=h[C];q="javascript:var d="+B+".open();d.domain='"+h.domain+"';";D[u]=q+"void(0);"}try{var H=D.contentWindow[B];H.write(l());H.close()}catch(E){D[u]=q+'d.write("'+l().replace(/"/g,String.fromCharCode(92)+'"')+'");d.close( ...[356 bytes skipped]... Decoded script: function () { if (c.f) { (new Image).src = a + "//" + c.l.replace(".js", ".png") + "&" + escape(e.location.href); } c.f = null; } /*** called setTimeout with function () { if (c.f) { (new Image).src = a + "//" + c.l.replace(".js", ".png") + "&" + escape(e.location.href); } c.f = null; }, 20000 */ function d() { c.P(b); e[g](b); } | ||
https://pro.budurl.com/?register | 200 OK Content-Length: 22883 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. ...[557 bytes skipped]... ventListener?e.addEventListener(b,d,false):e.attachEvent("on"+b,d); (function(){function l(j){j="head";return["<",j,"></",j,"><",z,' onl'+'oad="var d=',B,";d.getElementsByTagName('head')[0].",y,"(d.",A,"('script')).",u,"='",a,"//",c.l,"'",'"',"></",z,">"].join("")}var z="body",s=h[z];if(!s){return setTimeout(arguments.callee,100)}c.P(1);var y="appendChild",A="createElement",u="src",r=h[A]("div"),G=r[y](h[A](g)),D=h[A]("iframe"),B="document",C="domain",q;r.style.display="none";s.insertBefore(r,s.firstChild).id=g;D.frameBorder="0";D.id=g+"-loader";if(/MSIE[ ]+6/.test(navigator.userAgent)){D.src="javascript:false"} D.allowTransparency="true";G[y](D);try{D.contentWindow[B].open()}catch(F){i[C]=h[C];q="javascript:var d="+B+".open();d.domain='"+h.domain+"';";D[u]=q+"void(0);"}try{var H=D.contentWindow[B];H.write(l());H.close()}catch(E){D[u]=q+'d.write("'+l().replace(/"/g,String.fromCharCode(92)+'"')+'");d.close( ...[356 bytes skipped]... Decoded script: function () { if (c.f) { (new Image).src = a + "//" + c.l.replace(".js", ".png") + "&" + escape(e.location.href); } c.f = null; } /*** called setTimeout with function () { if (c.f) { (new Image).src = a + "//" + c.l.replace(".js", ".png") + "&" + escape(e.location.href); } c.f = null; }, 20000 */ function d() { c.P(b); e[g](b); } | ||
https://pro.budurl.com/javascript/prototype.js,tablekit/tablekit.js | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Fri, 02 Jan 2015 12:35:42 GMT Pragma: no-cache Location: http://pro.budurl.com/javascript/prototype.js,tablekit/tablekit.js Server: Apache/2.2.15 (CentOS) Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: BudURLSession=qtrcumvqdaanjh794g6tlcrvv4; expires=Sat, 02-Jan-2016 12:35:42 GMT; path=/; secure; HttpOnly X-Powered-By: PHP/5.4.35 | clean |
http://pro.budurl.com/javascript/prototype.js,tablekit/tablekit.js | 200 OK Content-Length: 152882 Content-Type: text/javascript | clean |
https://pro.budurl.com/ | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Fri, 02 Jan 2015 12:35:45 GMT Pragma: no-cache Location: http://pro.budurl.com/ Server: Apache/2.2.15 (CentOS) Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: BudURLSession=g8libiqgfmgf4su0bicjsmf685; expires=Sat, 02-Jan-2016 12:35:45 GMT; path=/; secure; HttpOnly X-Powered-By: PHP/5.4.35 | clean |
http://pro.budurl.com/ | HTTP/1.1 302 Found Connection: close Date: Fri, 02 Jan 2015 12:35:46 GMT Location: https://pro.budurl.com/login Server: Apache/2.2.15 (CentOS) Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Powered-By: PHP/5.4.35 | clean |
http://pro.budurl.com/test404page.js | 404 Not Found Content-Length: 509 Content-Type: text/html | clean |
https://pro.budurl.com/reset_password | 200 OK Content-Length: 5070 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. ...[557 bytes skipped]... ventListener?e.addEventListener(b,d,false):e.attachEvent("on"+b,d); (function(){function l(j){j="head";return["<",j,"></",j,"><",z,' onl'+'oad="var d=',B,";d.getElementsByTagName('head')[0].",y,"(d.",A,"('script')).",u,"='",a,"//",c.l,"'",'"',"></",z,">"].join("")}var z="body",s=h[z];if(!s){return setTimeout(arguments.callee,100)}c.P(1);var y="appendChild",A="createElement",u="src",r=h[A]("div"),G=r[y](h[A](g)),D=h[A]("iframe"),B="document",C="domain",q;r.style.display="none";s.insertBefore(r,s.firstChild).id=g;D.frameBorder="0";D.id=g+"-loader";if(/MSIE[ ]+6/.test(navigator.userAgent)){D.src="javascript:false"} D.allowTransparency="true";G[y](D);try{D.contentWindow[B].open()}catch(F){i[C]=h[C];q="javascript:var d="+B+".open();d.domain='"+h.domain+"';";D[u]=q+"void(0);"}try{var H=D.contentWindow[B];H.write(l());H.close()}catch(E){D[u]=q+'d.write("'+l().replace(/"/g,String.fromCharCode(92)+'"')+'");d.close( ...[356 bytes skipped]... Decoded script: function () { if (c.f) { (new Image).src = a + "//" + c.l.replace(".js", ".png") + "&" + escape(e.location.href); } c.f = null; } /*** called setTimeout with function () { if (c.f) { (new Image).src = a + "//" + c.l.replace(".js", ".png") + "&" + escape(e.location.href); } c.f = null; }, 20000 */ function d() { c.P(b); e[g](b); } | ||
https://pro.budurl.com/?register/AccountPlanOrchard | 200 OK Content-Length: 57238 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. ...[557 bytes skipped]... ventListener?e.addEventListener(b,d,false):e.attachEvent("on"+b,d); (function(){function l(j){j="head";return["<",j,"></",j,"><",z,' onl'+'oad="var d=',B,";d.getElementsByTagName('head')[0].",y,"(d.",A,"('script')).",u,"='",a,"//",c.l,"'",'"',"></",z,">"].join("")}var z="body",s=h[z];if(!s){return setTimeout(arguments.callee,100)}c.P(1);var y="appendChild",A="createElement",u="src",r=h[A]("div"),G=r[y](h[A](g)),D=h[A]("iframe"),B="document",C="domain",q;r.style.display="none";s.insertBefore(r,s.firstChild).id=g;D.frameBorder="0";D.id=g+"-loader";if(/MSIE[ ]+6/.test(navigator.userAgent)){D.src="javascript:false"} D.allowTransparency="true";G[y](D);try{D.contentWindow[B].open()}catch(F){i[C]=h[C];q="javascript:var d="+B+".open();d.domain='"+h.domain+"';";D[u]=q+"void(0);"}try{var H=D.contentWindow[B];H.write(l());H.close()}catch(E){D[u]=q+'d.write("'+l().replace(/"/g,String.fromCharCode(92)+'"')+'");d.close( ...[356 bytes skipped]... Decoded script: function () { if (c.f) { (new Image).src = a + "//" + c.l.replace(".js", ".png") + "&" + escape(e.location.href); } c.f = null; } /*** called setTimeout with function () { if (c.f) { (new Image).src = a + "//" + c.l.replace(".js", ".png") + "&" + escape(e.location.href); } c.f = null; }, 20000 */ function d() { c.P(b); e[g](b); } | ||
https://pro.budurl.com/?register/ | 200 OK Content-Length: 22883 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. ...[557 bytes skipped]... ventListener?e.addEventListener(b,d,false):e.attachEvent("on"+b,d); (function(){function l(j){j="head";return["<",j,"></",j,"><",z,' onl'+'oad="var d=',B,";d.getElementsByTagName('head')[0].",y,"(d.",A,"('script')).",u,"='",a,"//",c.l,"'",'"',"></",z,">"].join("")}var z="body",s=h[z];if(!s){return setTimeout(arguments.callee,100)}c.P(1);var y="appendChild",A="createElement",u="src",r=h[A]("div"),G=r[y](h[A](g)),D=h[A]("iframe"),B="document",C="domain",q;r.style.display="none";s.insertBefore(r,s.firstChild).id=g;D.frameBorder="0";D.id=g+"-loader";if(/MSIE[ ]+6/.test(navigator.userAgent)){D.src="javascript:false"} D.allowTransparency="true";G[y](D);try{D.contentWindow[B].open()}catch(F){i[C]=h[C];q="javascript:var d="+B+".open();d.domain='"+h.domain+"';";D[u]=q+"void(0);"}try{var H=D.contentWindow[B];H.write(l());H.close()}catch(E){D[u]=q+'d.write("'+l().replace(/"/g,String.fromCharCode(92)+'"')+'");d.close( ...[356 bytes skipped]... Decoded script: function () { if (c.f) { (new Image).src = a + "//" + c.l.replace(".js", ".png") + "&" + escape(e.location.href); } c.f = null; } /*** called setTimeout with function () { if (c.f) { (new Image).src = a + "//" + c.l.replace(".js", ".png") + "&" + escape(e.location.href); } c.f = null; }, 20000 */ function d() { c.P(b); e[g](b); } | ||
https://pro.budurl.com/?register/?register/AccountPlanOrchard | 404 Not Found Content-Length: 509 Content-Type: text/html | clean |
https://pro.budurl.com/?register/?register/AccountPlanGrove | 404 Not Found Content-Length: 509 Content-Type: text/html | clean |
https://pro.budurl.com/?register/?register/AccountPlanTree | 404 Not Found Content-Length: 509 Content-Type: text/html | clean |
https://pro.budurl.com/?register/?register/AccountPlanAcorn | 404 Not Found Content-Length: 509 Content-Type: text/html | clean |
https://pro.budurl.com/?register/AccountPlanGrove | 200 OK Content-Length: 57234 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. ...[557 bytes skipped]... ventListener?e.addEventListener(b,d,false):e.attachEvent("on"+b,d); (function(){function l(j){j="head";return["<",j,"></",j,"><",z,' onl'+'oad="var d=',B,";d.getElementsByTagName('head')[0].",y,"(d.",A,"('script')).",u,"='",a,"//",c.l,"'",'"',"></",z,">"].join("")}var z="body",s=h[z];if(!s){return setTimeout(arguments.callee,100)}c.P(1);var y="appendChild",A="createElement",u="src",r=h[A]("div"),G=r[y](h[A](g)),D=h[A]("iframe"),B="document",C="domain",q;r.style.display="none";s.insertBefore(r,s.firstChild).id=g;D.frameBorder="0";D.id=g+"-loader";if(/MSIE[ ]+6/.test(navigator.userAgent)){D.src="javascript:false"} D.allowTransparency="true";G[y](D);try{D.contentWindow[B].open()}catch(F){i[C]=h[C];q="javascript:var d="+B+".open();d.domain='"+h.domain+"';";D[u]=q+"void(0);"}try{var H=D.contentWindow[B];H.write(l());H.close()}catch(E){D[u]=q+'d.write("'+l().replace(/"/g,String.fromCharCode(92)+'"')+'");d.close( ...[356 bytes skipped]... Decoded script: function () { if (c.f) { (new Image).src = a + "//" + c.l.replace(".js", ".png") + "&" + escape(e.location.href); } c.f = null; } /*** called setTimeout with function () { if (c.f) { (new Image).src = a + "//" + c.l.replace(".js", ".png") + "&" + escape(e.location.href); } c.f = null; }, 20000 */ function d() { c.P(b); e[g](b); } | ||
https://pro.budurl.com/?register/AccountPlanTree | 200 OK Content-Length: 57233 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. ...[557 bytes skipped]... ventListener?e.addEventListener(b,d,false):e.attachEvent("on"+b,d); (function(){function l(j){j="head";return["<",j,"></",j,"><",z,' onl'+'oad="var d=',B,";d.getElementsByTagName('head')[0].",y,"(d.",A,"('script')).",u,"='",a,"//",c.l,"'",'"',"></",z,">"].join("")}var z="body",s=h[z];if(!s){return setTimeout(arguments.callee,100)}c.P(1);var y="appendChild",A="createElement",u="src",r=h[A]("div"),G=r[y](h[A](g)),D=h[A]("iframe"),B="document",C="domain",q;r.style.display="none";s.insertBefore(r,s.firstChild).id=g;D.frameBorder="0";D.id=g+"-loader";if(/MSIE[ ]+6/.test(navigator.userAgent)){D.src="javascript:false"} D.allowTransparency="true";G[y](D);try{D.contentWindow[B].open()}catch(F){i[C]=h[C];q="javascript:var d="+B+".open();d.domain='"+h.domain+"';";D[u]=q+"void(0);"}try{var H=D.contentWindow[B];H.write(l());H.close()}catch(E){D[u]=q+'d.write("'+l().replace(/"/g,String.fromCharCode(92)+'"')+'");d.close( ...[356 bytes skipped]... Decoded script: function () { if (c.f) { (new Image).src = a + "//" + c.l.replace(".js", ".png") + "&" + escape(e.location.href); } c.f = null; } /*** called setTimeout with function () { if (c.f) { (new Image).src = a + "//" + c.l.replace(".js", ".png") + "&" + escape(e.location.href); } c.f = null; }, 20000 */ function d() { c.P(b); e[g](b); } | ||
https://pro.budurl.com/?register/AccountPlanAcorn | 200 OK Content-Length: 57235 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. ...[557 bytes skipped]... ventListener?e.addEventListener(b,d,false):e.attachEvent("on"+b,d); (function(){function l(j){j="head";return["<",j,"></",j,"><",z,' onl'+'oad="var d=',B,";d.getElementsByTagName('head')[0].",y,"(d.",A,"('script')).",u,"='",a,"//",c.l,"'",'"',"></",z,">"].join("")}var z="body",s=h[z];if(!s){return setTimeout(arguments.callee,100)}c.P(1);var y="appendChild",A="createElement",u="src",r=h[A]("div"),G=r[y](h[A](g)),D=h[A]("iframe"),B="document",C="domain",q;r.style.display="none";s.insertBefore(r,s.firstChild).id=g;D.frameBorder="0";D.id=g+"-loader";if(/MSIE[ ]+6/.test(navigator.userAgent)){D.src="javascript:false"} D.allowTransparency="true";G[y](D);try{D.contentWindow[B].open()}catch(F){i[C]=h[C];q="javascript:var d="+B+".open();d.domain='"+h.domain+"';";D[u]=q+"void(0);"}try{var H=D.contentWindow[B];H.write(l());H.close()}catch(E){D[u]=q+'d.write("'+l().replace(/"/g,String.fromCharCode(92)+'"')+'");d.close( ...[356 bytes skipped]... Decoded script: function () { if (c.f) { (new Image).src = a + "//" + c.l.replace(".js", ".png") + "&" + escape(e.location.href); } c.f = null; } /*** called setTimeout with function () { if (c.f) { (new Image).src = a + "//" + c.l.replace(".js", ".png") + "&" + escape(e.location.href); } c.f = null; }, 20000 */ function d() { c.P(b); e[g](b); } |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: pro.budurl.com:443
Result:
GET / HTTP/1.1
Host: pro.budurl.com:443
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: pro.budurl.com:443
Referer: http://www.google.com/search?q=pro.budurl.com:443
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: pro.budurl.com:443
Referer: http://www.google.com/search?q=pro.budurl.com:443
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=pro.budurl.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://pro.budurl.com/
Result: pro.budurl.com:443 is not infected or malware details are not published yet.
Result: pro.budurl.com:443 is not infected or malware details are not published yet.