Scanned pages/files
Request | Server response | Status |
http://www.gemalto.com/ | 200 OK Content-Length: 39772 Content-Type: text/html | clean |
http://www.gemalto.com/_dotcom_template/js/libs/jquery-1.7.2.min.js | 200 OK Content-Length: 94840 Content-Type: application/x-javascript | clean |
http://www.gemalto.com/_dotcom_template/js/libs/jquery.backgroundposition.js | 200 OK Content-Length: 2099 Content-Type: application/x-javascript | clean |
http://www.gemalto.com/_dotcom_template/js/libs/jquery.scrollTo-min.js | 200 OK Content-Length: 2264 Content-Type: application/x-javascript | clean |
http://www.gemalto.com/_dotcom_template/js/libs/jquery.localscroll-min.js | 200 OK Content-Length: 1562 Content-Type: application/x-javascript | clean |
http://www.gemalto.com/_dotcom_template/js/libs/lectric.js | 200 OK Content-Length: 14052 Content-Type: application/x-javascript | clean |
http://www.gemalto.com/_dotcom_template/js/init.js | 200 OK Content-Length: 68030 Content-Type: application/x-javascript | clean |
http://content.mkt51.net/lp/static/js/iMAWebCookie.js?37bdffcb-130518afa6f-d7c8ec57ae636c7258d3eb0ef0e531f2&h=www.pages05.net | 200 OK Content-Length: 40474 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function() { var version = 1.24, page = {}, cookiespace = 'com.silverpop.iMA', vtrendzCookieSpace = 'com.vtrenz.iMA', metaspace = 'com.silverpop.', webTrackingOptInPrefix = 'webtrackingoptin', pageVisitCookie = '.page_visit', websyncTTL = 1000 * 24 * 60 * 60 * 1000, sessionTTL = 20 * 60 * 1000, clickStreamKeys = ["spMail } charToValue['='.charCodeAt(0)] = -2; return charToValue; } onloadcallstack.push(initialize); onloadcallstack.push(pageview); onloadcallstack.push(appendCookieToLinks); var initWebTracking = function() { for (var i = 0; i < onloadcallstack.length; i++) { onloadcallstack[i](); } }; addLoadEvent(initWebTracking); })(); Antivirus reports:
| ||
http://www.gemalto.com/_dotcom_template/js/jquery.prettyPhoto.js | 200 OK Content-Length: 22061 Content-Type: application/x-javascript | clean |
http://www.gemalto.com/companyinfo/subscription.html | 200 OK Content-Length: 29296 Content-Type: text/html | clean |
http://www.gemalto.com/_dotcom_template/js/jquery.idTabs.min.js | 200 OK Content-Length: 2350 Content-Type: application/x-javascript | clean |
http://www.gemalto.com/php/js/common.js | 200 OK Content-Length: 1660 Content-Type: application/x-javascript | clean |
http://www.gemalto.com/php/js/subscribe.js | 200 OK Content-Length: 2137 Content-Type: application/x-javascript | clean |
http://www.gemalto.com/_dotcom_template/js/jquery.ba-postmessage.min.js | 200 OK Content-Length: 1040 Content-Type: application/x-javascript | clean |
http://www.gemalto.com/index.html | 200 OK Content-Length: 39772 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: gemalto.com
Result:
GET / HTTP/1.1
Host: gemalto.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: gemalto.com
Referer: http://www.google.com/search?q=gemalto.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: gemalto.com
Referer: http://www.google.com/search?q=gemalto.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=gemalto.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://gemalto.com/
Result: gemalto.com is not infected or malware details are not published yet.
Result: gemalto.com is not infected or malware details are not published yet.