Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://v9hotel.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: v9hotel.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Sun, 20 Jul 2014 21:17:51 GMT Pragma: no-cache Location: http://kmlps.mrslove.com/ Server: Microsoft-IIS/6.0 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=khp2d039gn1hd3fdnacmip13g0; path=/ X-Powered-By: ASP.NET X-Powered-By: PHP/5.2.10 | malicious |
Scanned pages/files
Request | Server response | Status |
http://v9hotel.com/ | 200 OK Content-Length: 19557 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var focus_width=440 var focus_height=120 var text_height=0 var swf_height = focus_height+text_height var pics=''; var links=''; var texts=''; pics=pics+'http://v9hotel.com/upimg/201209/image/20120911024258522.jpg|'; links=links+'|'; texts=texts+'ÓÅ»ÝÐÅÏ¢|'; links=links.substring(0,links.length-1); texts=texts.substring(0,texts.length-1); pics=pics.substring(0,pics.length-1) document.write('<param name="menu" value="false"><param name=wmode value="opaque">'); document.write('<param name="FlashVars" value="pics='+pics+'&links='+links+'&texts='+texts+'&borderwidth='+focus_width+'&borderheight='+focus_height+'&textheight='+text_height+'">'); document.write('</object>'); Antivirus reports:
| ||
http://v9hotel.com/js/swfobject.js | 200 OK Content-Length: 6880 Content-Type: application/x-javascript | clean |
http://v9hotel.com/news.php?typeid=20 | 200 OK Content-Length: 9849 Content-Type: text/html | clean |
http://v9hotel.com/js/zoom.js | 200 OK Content-Length: 102 Content-Type: application/x-javascript | clean |
http://v9hotel.com/news.php?typeid=21 | 200 OK Content-Length: 9885 Content-Type: text/html | clean |
http://v9hotel.com/news.php?typeid=22 | 200 OK Content-Length: 9885 Content-Type: text/html | clean |
http://v9hotel.com/index.php | 200 OK Content-Length: 19557 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var focus_width=440 var focus_height=120 var text_height=0 var swf_height = focus_height+text_height var pics=''; var links=''; var texts=''; pics=pics+'http://v9hotel.com/upimg/201209/image/20120911024258522.jpg|'; links=links+'|'; texts=texts+'ÓÅ»ÝÐÅÏ¢|'; links=links.substring(0,links.length-1); texts=texts.substring(0,texts.length-1); pics=pics.substring(0,pics.length-1) document.write('<param name="menu" value="false"><param name=wmode value="opaque">'); document.write('<param name="FlashVars" value="pics='+pics+'&links='+links+'&texts='+texts+'&borderwidth='+focus_width+'&borderheight='+focus_height+'&textheight='+text_height+'">'); document.write('</object>'); Antivirus reports:
| ||
http://v9hotel.com/about.php?id=1 | 200 OK Content-Length: 9907 Content-Type: text/html | clean |
http://v9hotel.com/news.php?typeid=11 | 200 OK Content-Length: 9833 Content-Type: text/html | clean |
http://v9hotel.com/news.php?typeid=12 | 200 OK Content-Length: 9465 Content-Type: text/html | clean |
http://v9hotel.com/news.php?typeid=13 | 200 OK Content-Length: 9465 Content-Type: text/html | clean |
http://v9hotel.com/news.php?typeid=14 | 200 OK Content-Length: 9465 Content-Type: text/html | clean |
http://v9hotel.com/user.php | 200 OK Content-Length: 81 Content-Type: text/html | clean |
http://v9hotel.com/test404page.js | 404 Not Found Content-Length: 1308 Content-Type: text/html | clean |
http://v9hotel.com/news.php?typeid=19 | 200 OK Content-Length: 12666 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=v9hotel.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://v9hotel.com/
Result: v9hotel.com is not infected or malware details are not published yet.
Result: v9hotel.com is not infected or malware details are not published yet.