Scanned pages/files
Request | Server response | Status |
http://democlientnet.com/ | HTTP/1.1 302 Found Cache-Control: no-cache, no-store, must-revalidate Date: Mon, 07 Jul 2014 09:36:36 GMT Pragma: no-cache Location: http://www.godaddy.com/ Server: Microsoft-IIS/7.0 Content-Length: 140 Expires: 0 P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR OUR IND" | clean |
http://www.godaddy.com/ | 200 OK Content-Length: 125509 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _gaDataLayer = _gaDataLayer || []; _gaDataLayer.push({ 'shopperId': '' }); _gaDataLayer.push({ 'privateLabelId': '1' }); _gaDataLayer.push({ 'isc': '' }); _gaDataLayer.push({ 'server': 'M1PWCORPWEB145' }); _gaDataLayer.push({ 'segmentId': '0' }); var _gaq = _gaq || []; _gaq.push(['_setDomainName', 'godaddy.com']); Antivirus reports:
| ||
http://img2.wsimg.com/shared/js/1.8.0/global.20120918.min.js | 200 OK Content-Length: 92807 Content-Type: application/x-javascript | clean |
http://democlientnet.com//cdn.optimizely.com/js/116723926.js/ | HTTP/1.1 302 Found Cache-Control: no-cache, no-store, must-revalidate Date: Mon, 07 Jul 2014 09:36:41 GMT Pragma: no-cache Location: http://www.godaddy.com/ Server: Microsoft-IIS/7.0 Content-Length: 140 Expires: 0 P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR OUR IND" | clean |
http://www.godaddy.com/test404page.js | 404 Not Found Content-Length: 1245 Content-Type: text/html | clean |
http://img2.wsimg.com/pc/js/1/gd_cds_2014v1_js_20140701.min.js | 200 OK Content-Length: 69827 Content-Type: application/x-javascript | clean |
http://img2.wsimg.com/fos/script/sales17.min.js | 200 OK Content-Length: 18367 Content-Type: application/x-javascript | clean |
http://img2.wsimg.com/fos/hp/rebrand/js/homepage_script_20140410.min.js | 200 OK Content-Length: 9477 Content-Type: application/x-javascript | clean |
http://img2.wsimg.com/fos/script/atlantis_jquery14.min.js | 200 OK Content-Length: 57553 Content-Type: application/x-javascript | clean |
http://img2.wsimg.com/shared/js/jquery.plugins.min.20111019.js | 200 OK Content-Length: 41309 Content-Type: application/x-javascript | clean |
http://img2.wsimg.com/fos/lib/gd-swipe/js/swipe-v2.2.min.js | 200 OK Content-Length: 5554 Content-Type: application/x-javascript | clean |
http://img2.wsimg.com/fos/lib/gd-swipe/js/gd-swipe-v2.min.js | 200 OK Content-Length: 1330 Content-Type: application/x-javascript | clean |
http://img2.wsimg.com/starfield/fos.share/v1.3/fos.share-20140505.min.js | 200 OK Content-Length: 17878 Content-Type: application/x-javascript | clean |
http://img2.wsimg.com/fastball/js_lib/FastballLibrary0006.min.js?version=2 | 200 OK Content-Length: 4056 Content-Type: application/x-javascript | clean |
http://img2.wsimg.com/fos/201401/global/vendor/bootstrap/js/bootstrap.min.js | 200 OK Content-Length: 27822 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: democlientnet.com
Result:
HTTP/1.1 302 Found
Cache-Control: no-cache, no-store, must-revalidate
Date: Mon, 07 Jul 2014 09:36:36 GMT
Pragma: no-cache
Location: http://www.godaddy.com/
Server: Microsoft-IIS/7.0
Content-Length: 140
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR OUR IND"
...140 bytes of data.
GET / HTTP/1.1
Host: democlientnet.com
Result:
HTTP/1.1 302 Found
Cache-Control: no-cache, no-store, must-revalidate
Date: Mon, 07 Jul 2014 09:36:36 GMT
Pragma: no-cache
Location: http://www.godaddy.com/
Server: Microsoft-IIS/7.0
Content-Length: 140
Expires: 0
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR OUR IND"
...140 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: democlientnet.com
Referer: http://www.google.com/search?q=democlientnet.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: democlientnet.com
Referer: http://www.google.com/search?q=democlientnet.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=democlientnet.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://democlientnet.com/
Result: democlientnet.com is not infected or malware details are not published yet.
Result: democlientnet.com is not infected or malware details are not published yet.