Scanned pages/files
Request | Server response | Status |
http://escrivaninha.net.br/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 28 Feb 2015 15:27:08 GMT Location: http://www.escrivaninha.net.br/ Server: ghs Content-Length: 228 Content-Type: text/html; charset=UTF-8 Alternate-Protocol: 80:quic,p=0.08 X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block | clean |
http://www.escrivaninha.net.br/ | 200 OK Content-Length: 119634 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var postperpage=30; var numshowpage=4; var upPageWord ='« Previous'; var downPageWord ='Next »'; var urlactivepage=location.href; var home_page="/"; Antivirus reports:
| ||
http://connect.facebook.net/en_US/all.js | 200 OK Content-Length: 161933 Content-Type: application/x-javascript | clean |
http://static.ak.fbcdn.net/connect.php/js/FB.Share | 200 OK Content-Length: 164107 Content-Type: application/x-javascript | clean |
https://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js | 200 OK Content-Length: 93100 Content-Type: text/javascript | clean |
https://aisuka-project.googlecode.com/svn/highlight.pack.js | 200 OK Content-Length: 22562 Content-Type: text/plain | clean |
http://aisuka-project.googlecode.com/test404page.js | 404 Not Found Content-Length: 1439 Content-Type: text/html | clean |
http://aisuka-project.googlecode.com//www.google.com/ | 404 Not Found Content-Length: 1425 Content-Type: text/html | clean |
http://static.boo-box.com/javascripts/embed.js | 200 OK Content-Length: 23239 Content-Type: application/x-javascript | clean |
http://auto.clickafiliados.com.br/auto.js | 200 OK Content-Length: 1583 Content-Type: application/javascript | clean |
http://floats.clickafiliados.com.br/js/float.js | 200 OK Content-Length: 2642 Content-Type: application/javascript | clean |
http://ja.revolvermaps.com/2/2.js?i=0d7mgczlefr&m=5&s=130&c=ff0000&t=1 | 200 OK Content-Length: 2021 Content-Type: application/javascript | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.5/jquery.min.js | 200 OK Content-Length: 85925 Content-Type: text/javascript | clean |
http://yourjavascript.com/11215013191/jquery.colorbox-min.js | 200 OK Content-Length: 9284 Content-Type: text/javascript | clean |
https://aisuka-project.googlecode.com/svn/navigation.js | 200 OK Content-Length: 5238 Content-Type: text/plain | clean |
https://aisuka-project.googlecode.com/svn/\""+home_page+"feeds/posts/summary?max-results=1&alt=json-in-script&callback=hitungtotaldata\" | 404 Not Found Content-Length: 251 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: escrivaninha.net.br
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 28 Feb 2015 15:27:08 GMT
Location: http://www.escrivaninha.net.br/
Server: ghs
Content-Length: 228
Content-Type: text/html; charset=UTF-8
Alternate-Protocol: 80:quic,p=0.08
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
...228 bytes of data.
GET / HTTP/1.1
Host: escrivaninha.net.br
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 28 Feb 2015 15:27:08 GMT
Location: http://www.escrivaninha.net.br/
Server: ghs
Content-Length: 228
Content-Type: text/html; charset=UTF-8
Alternate-Protocol: 80:quic,p=0.08
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
...228 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: escrivaninha.net.br
Referer: http://www.google.com/search?q=escrivaninha.net.br
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: escrivaninha.net.br
Referer: http://www.google.com/search?q=escrivaninha.net.br
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=escrivaninha.net.br
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://escrivaninha.net.br/
Result: escrivaninha.net.br is not infected or malware details are not published yet.
Result: escrivaninha.net.br is not infected or malware details are not published yet.