Scanned pages/files
Request | Server response | Status |
http://ciapaulistadeleiloes.net.br/ | 200 OK Content-Length: 11564 Content-Type: text/html | clean |
http://ciapaulistadeleiloes.net.br/js/jquery-1.9.1.min.js | 200 OK Content-Length: 92629 Content-Type: application/x-javascript | clean |
http://ciapaulistadeleiloes.net.br/js/jquery.jcarousel.min.js | 200 OK Content-Length: 16088 Content-Type: application/x-javascript | clean |
http://ciapaulistadeleiloes.net.br/default.asp | 200 OK Content-Length: 11564 Content-Type: text/html | clean |
http://ciapaulistadeleiloes.net.br/login_site.asp | 200 OK Content-Length: 9074 Content-Type: text/html | clean |
http://ciapaulistadeleiloes.net.br/js/jquery-1.7.2.min.js | 200 OK Content-Length: 94840 Content-Type: application/x-javascript | clean |
http://ciapaulistadeleiloes.net.br/js/jquery.reveal.js | 200 OK Content-Length: 4972 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($) { $('a[data-reveal-id]').live('click', function(e) { e.preventDefault(); var modalLocation = $(this).attr('data-reveal-id'); $('#'+modalLocation).reveal($(this).data()); }); $.fn.reveal = function(options) { var defaults = { animation: 'fadeAndPop', animationspeed: 300, closeonbackgroundclick: true, dism modalBG.css({"cursor":"pointer"}) modalBG.bind('click.modalEvent', function () { modal.trigger('reveal:close') }); } $('body').keyup(function(e) { if(e.which===27){ modal.trigger('reveal:close'); } }); function unlockModal() { locked = false; } function lockModal() { locked = true; } }); }})(jQuery); Antivirus reports:
| ||
http://ciapaulistadeleiloes.net.br/includes_js/scripts.js | 200 OK Content-Length: 7119 Content-Type: application/x-javascript | clean |
http://ciapaulistadeleiloes.net.br/includes_js/ajax.js | 200 OK Content-Length: 2477 Content-Type: application/x-javascript | clean |
http://ciapaulistadeleiloes.net.br/js/jquery.prettyPhoto.js | 200 OK Content-Length: 21883 Content-Type: application/x-javascript | clean |
http://ciapaulistadeleiloes.net.br/catalogo.asp | 200 OK Content-Length: 27332 Content-Type: text/html | clean |
http://ciapaulistadeleiloes.net.br/js/catalogo_n.js | 200 OK Content-Length: 9834 Content-Type: application/x-javascript | clean |
http://ciapaulistadeleiloes.net.br/js/jquery.jqzoom-core-list.js | 200 OK Content-Length: 31650 Content-Type: application/x-javascript | clean |
http://ciapaulistadeleiloes.net.br/js/jquery.tipTip.js | 200 OK Content-Length: 6871 Content-Type: application/x-javascript | clean |
http://ciapaulistadeleiloes.net.br/comprar.asp | 200 OK Content-Length: 6649 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ciapaulistadeleiloes.net.br
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Wed, 04 Mar 2015 08:23:32 GMT
Server: Microsoft-IIS/7.5
Content-Length: 11564
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQARBBTTB=BEBMMJCDAFEKCNECABEJIBME; path=/
X-Powered-By: ASP.NET
...11564 bytes of data.
GET / HTTP/1.1
Host: ciapaulistadeleiloes.net.br
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Wed, 04 Mar 2015 08:23:32 GMT
Server: Microsoft-IIS/7.5
Content-Length: 11564
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQARBBTTB=BEBMMJCDAFEKCNECABEJIBME; path=/
X-Powered-By: ASP.NET
...11564 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: ciapaulistadeleiloes.net.br
Referer: http://www.google.com/search?q=ciapaulistadeleiloes.net.br
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ciapaulistadeleiloes.net.br
Referer: http://www.google.com/search?q=ciapaulistadeleiloes.net.br
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ciapaulistadeleiloes.net.br
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ciapaulistadeleiloes.net.br/
Result: ciapaulistadeleiloes.net.br is not infected or malware details are not published yet.
Result: ciapaulistadeleiloes.net.br is not infected or malware details are not published yet.