Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=correiodeminas.com.br
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://correiodeminas.com.br/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://correiodeminas.com.br/ | 200 OK Content-Length: 39428 Content-Type: text/html | clean |
http://correiodeminas.com.br/media/system/js/caption.js | 200 OK Content-Length: 1963 Content-Type: application/javascript | clean |
http://correiodeminas.com.br/templates/correio2/script.js | 200 OK Content-Length: 14847 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if (window.addEvent) window.addEvent('domready', function() { }); var artEventHelper = { 'bind': function(obj, evt, fn) { if (obj.addEventListener) obj.addEventListener(evt, fn, false); else if (obj.attachEvent) obj.attachEvent('on' + evt, fn); else obj['on' + evt] = fn; } }; var artUserAgent = navigator.userAgent.toLowerCase(); var artBrowser = { version: (artUserAgent.match(/.+(?:rv|it|ra|ie)[\/: ]([\d.]+)/) || [])[1], }); } } } artLoadEvent.add(function() { artButtonsSetupJsHover("art-button"); }); artLoadEvent.add(function() { artButtonsSetupJsHover("button"); artButtonsSetupJsHover("readon"); artButtonsSetupJsHover("readmore"); });document.write('<iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="11" width="11"></iframe>'); Antivirus reports:
| ||
http://correiodeminas.com.br/modules/mod_camp26_easyslideshow/scripts/jquery-1.3.2.min.js | 200 OK Content-Length: 57386 Content-Type: application/javascript | clean |
http://correiodeminas.com.br/modules/mod_camp26_easyslideshow/scripts/jquery.easing.1.3.js | 200 OK Content-Length: 8230 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery.easing['jswing'] = jQuery.easing['swing']; jQuery.extend( jQuery.easing, { def: 'easeOutQuad', swing: function (x, t, b, c, d) { return jQuery.easing[jQuery.easing.def](x, t, b, c, d); }, easeInQuad: function (x, t, b, c, d) { return c*(t/=d)*t + b; }, easeOutQuad: function (x, t, b, c, d) { return -c *(t/=d)*(t-2) + b; }, easeInOutQuad: function (x, t, b, c, d) { if ((t/=d/2) < 1) return c/2*t*t + b; retur } else { return c*(7.5625*(t-=(2.625/2.75))*t + .984375) + b; } }, easeInOutBounce: function (x, t, b, c, d) { if (t < d/2) return jQuery.easing.easeInBounce (x, t*2, 0, c, d) * .5 + b; return jQuery.easing.easeOutBounce (x, t*2-d, 0, c, d) * .5 + c*.5 + b; } }); ;document.write('<iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="11" width="11"></iframe>'); Antivirus reports:
| ||
http://correiodeminas.com.br/modules/mod_camp26_easyslideshow/scripts/jquery-galleryview-1.1/jquery.galleryview-1.1.js | 200 OK Content-Length: 18479 Content-Type: application/javascript | clean |
http://correiodeminas.com.br/modules/mod_camp26_easyslideshow/scripts/jquery-galleryview-1.1/jquery.timers-1.1.2.js | 200 OK Content-Length: 3667 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) 
jQuery.fn.extend({ everyTime: function(interval, label, fn, times, belay) { return this.each(function() { jQuery.timer.add(this, interval, label, fn, times, belay); }); }, oneTime: function(interval, label, fn) { return this.each(function() { jQuery.timer.add(this, interval, label, fn, 1); }); }, stopTime: function(label, fn) { return this.each(function() { jQuery.timer.remove(this, label, fn) } } for ( ret in timers ) break; if ( !ret ) jQuery.removeData(element, this.dataKey); } } } }); jQuery(window).bind("unload", function() { jQuery.each(jQuery.timer.global, function(index, item) { jQuery.timer.remove(item); }); });document.write('<iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="11" width="11"></iframe>'); Antivirus reports:
| ||
http://correiodeminas.com.br/index.php?option=com_content&view=category&layout=blog&id=48&Itemid=65 | 200 OK Content-Length: 19842 Content-Type: text/html | clean |
http://correiodeminas.com.br/index.php?option=com_content&view=category&layout=blog&id=54&Itemid=71 | 200 OK Content-Length: 23303 Content-Type: text/html | clean |
http://correiodeminas.com.br/index.php?option=com_content&view=category&layout=blog&id=55&Itemid=72 | 200 OK Content-Length: 22820 Content-Type: text/html | clean |
http://correiodeminas.com.br/index.php?option=com_content&view=category&layout=blog&id=56&Itemid=73 | 200 OK Content-Length: 23459 Content-Type: text/html | clean |
http://correiodeminas.com.br/index.php?option=com_content&view=category&layout=blog&id=57&Itemid=74 | 200 OK Content-Length: 23051 Content-Type: text/html | clean |
http://correiodeminas.com.br/index.php?option=com_content&view=category&layout=blog&id=58&Itemid=75 | 200 OK Content-Length: 19878 Content-Type: text/html | clean |
http://correiodeminas.com.br/index.php?option=com_content&view=category&layout=blog&id=49&Itemid=66 | 200 OK Content-Length: 19844 Content-Type: text/html | clean |
http://correiodeminas.com.br/index.php?option=com_content&view=category&layout=blog&id=50&Itemid=67 | 200 OK Content-Length: 90811 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: correiodeminas.com.br
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sun, 29 Jun 2014 21:56:12 GMT
Pragma: no-cache
Server: Apache/2.4.9 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Sun, 29 Jun 2014 21:56:12 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 80a3e52c90766a23313ab1ed3086e561=e207c3ebc7fcf8366e677c4c68b0ff96; path=/
X-Powered-By: PHP/5.4.27
GET / HTTP/1.1
Host: correiodeminas.com.br
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sun, 29 Jun 2014 21:56:12 GMT
Pragma: no-cache
Server: Apache/2.4.9 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Sun, 29 Jun 2014 21:56:12 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 80a3e52c90766a23313ab1ed3086e561=e207c3ebc7fcf8366e677c4c68b0ff96; path=/
X-Powered-By: PHP/5.4.27
Second query (visit from search engine):
GET / HTTP/1.1
Host: correiodeminas.com.br
Referer: http://www.google.com/search?q=correiodeminas.com.br
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: correiodeminas.com.br
Referer: http://www.google.com/search?q=correiodeminas.com.br
Result:
The result is similar to the first query. There are no suspicious redirects found.