Scanned pages/files
| Request | Server response | Status |
http://euprovei.com.br/ | 200 OK Content-Length: 1768 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked By LadyZcute | Indonesian Female Cyber HackinG <html><meta name="keywords" content="Hacked By LadyZcute | Indonesian Female Cyber HackinG"> <meta name="description" content="HackeD By LadyZcute | Indonesian Female Cyber Hacking "> <link rel="icon" href="http://ladyzcute.yn.lt/images/Ladyzcute-Pink-Heart.ico" type="image/x-icon" /> <link rel="shortcut icon" href="http://ladyzcute.yn.lt/images/Ladyzcute-Pink-Heart.ico" type="image/x-icon" /> <body><link href="iframe.css" rel="stylesheet" media="handheld ...[1561 bytes skipped]... | ||
http://euprovei.com.br/test404page.js | HTTP/1.1 302 Moved Temporarily Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Wed, 29 Jul 2015 05:16:19 GMT Pragma: no-cache Via: 1.1 varnish-v4 Age: 0 Location: http://www.euprovei.com.br/test404page.js Server: Apache Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT Last-Modified: Wed, 29 Jul 2015 05:16:20 GMT Set-Cookie: PHPSESSID=6e1ml3rmu6038f2fv1rr1e6df4; path=/ X-Pingback: http://www.euprovei.com.br/xmlrpc.php X-UA-Compatible: IE=EmulateIE7 X-Varnish: 14318736 | clean |
http://www.euprovei.com.br/test404page.js | 404 Not Found Content-Length: 19829 Content-Type: text/html | clean |
http://twittercounter.com/embed/?username=luizgonsales&style=bird | 200 OK Content-Length: 444 Content-Type: text/html | clean |
http://twittercounter.com/test404page.js | 404 Not Found Content-Length: 65387 Content-Type: text/html | clean |
http://cdn.twittercounter.com/js/dist/initial.2528af63d2b6b91b754be48d73d7aa6063575a5b.js | 200 OK Content-Length: 89014 Content-Type: application/javascript | clean |
http://cdn.twittercounter.com/js/dist/libraries.2528af63d2b6b91b754be48d73d7aa6063575a5b.js | 200 OK Content-Length: 301184 Content-Type: application/javascript | clean |
http://cdn.twittercounter.com/js/app.2528af63d2b6b91b754be48d73d7aa6063575a5b.js | 200 OK Content-Length: 28466 Content-Type: application/javascript | clean |
http://cdn.twittercounter.com/js/charts/charts.2528af63d2b6b91b754be48d73d7aa6063575a5b.js | 200 OK Content-Length: 86141 Content-Type: application/javascript | clean |
http://cdn.twittercounter.com/js/pages/profile.2528af63d2b6b91b754be48d73d7aa6063575a5b.js | 200 OK Content-Length: 11682 Content-Type: application/javascript | clean |
http://cdn.twittercounter.com/js/classes/class.graphselectors.2528af63d2b6b91b754be48d73d7aa6063575a5b.js | 200 OK Content-Length: 22842 Content-Type: application/javascript | clean |
http://twittercounter.com/ | 200 OK Content-Length: 76882 Content-Type: text/html | clean |
http://twittercounter.com//fast.wistia.com/assets/external/popover-v1.js/ | 404 Not Found Content-Length: 65402 Content-Type: text/html | clean |
http://twittercounter.com/pages/featured | 200 OK Content-Length: 81081 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. ...[466 bytes skipped]... ner?f.addEventListener(r,s,false):f.attachEvent("on"+r,s);var ld=function(){function p(hd){ hd="head";return["<",hd,"></",hd,"><",i,' onl' + 'oad="var d=',g,";d.getElementsByTagName('head')[0].",j,"(d.",h,"('script')).",k,"='",l,"//",a.l,"'",'"',"></",i,">"].join("")}var i="body",m=d[i];if(!m){ return setTimeout(ld,100)}a.P(1);var j="appendChild",h="createElement",k="src",n=d[h]("div"),v=n[j](d[h](z)),b=d[h]("iframe"),g="document",e="domain",o;n.style.display="none";m.insertBefore(n,m.firstChild).id=z;b.frameBorder="0";b.id=z+"-loader";if(/MSIE[ ]+6/.test(navigator.userAgent)){ b.src="javascript:false"}b.allowTransparency="true";v[j](b);try{ b.contentWindow[g].open()}catch(w){ c[e]=d[e];o="javascript:var d="+g+".open();d.domain='"+d.domain+"';";b[k]=o+"void(0);"}try{ var t=b.contentWindow[g];t.write(p());t.close()}catch(x){ b[k]=o+'d.write("'+p().replace(/"/g,String.fromC ...[226 bytes skipped]... Decoded script: function s() { a.P(r); f[z](r); } | ||
http://cdn.twittercounter.com/js/pages/payment.2528af63d2b6b91b754be48d73d7aa6063575a5b.js | 200 OK Content-Length: 8671 Content-Type: application/javascript | clean |
http://twittercounter.com/pages/ | 404 Not Found Content-Length: 60411 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: euprovei.com.br
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 29 Jul 2015 05:16:18 GMT
Accept-Ranges: bytes
ETag: "1b4bca1-6e8-4b2c1fc4a4280"
Server: Apache
Content-Length: 1768
Content-Type: text/html
Last-Modified: Mon, 28 Nov 2011 02:08:58 GMT
...1768 bytes of data.
GET / HTTP/1.1
Host: euprovei.com.br
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 29 Jul 2015 05:16:18 GMT
Accept-Ranges: bytes
ETag: "1b4bca1-6e8-4b2c1fc4a4280"
Server: Apache
Content-Length: 1768
Content-Type: text/html
Last-Modified: Mon, 28 Nov 2011 02:08:58 GMT
...1768 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: euprovei.com.br
Referer: http://www.google.com/search?q=euprovei.com.br
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: euprovei.com.br
Referer: http://www.google.com/search?q=euprovei.com.br
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=euprovei.com.br
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://euprovei.com.br/
Result: euprovei.com.br is not infected or malware details are not published yet.
Result: euprovei.com.br is not infected or malware details are not published yet.