Scanned pages/files
Request | Server response | Status |
http://www.gpsys.com.br/ | HTTP/1.1 200 OK Connection: close Date: Sat, 06 Jun 2015 02:56:58 GMT Accept-Ranges: bytes ETag: "2ed327-25cd-516c12d982c40" Server: Apache Vary: Accept-Encoding Content-Length: 9677 Content-Type: text/html Last-Modified: Sat, 23 May 2015 15:10:33 GMT | clean |
http://migre.me/q2jf8 | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 06 Jun 2015 02:56:54 GMT Location: http://www.gpsys.com.br/Install.exe Server: Apache/2.2.14 (Ubuntu) Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=utf-8 Set-Cookie: mum=16fdd67468690c3bef6165eb94bc92a0; expires=Sun, 10-May-2020 02:56:54 GMT X-Powered-By: PHP/5.3.2-1ubuntu4.30 | clean |
http://www.gpsys.com.br/install.exe | 404 Not Found Content-Length: 18717 Content-Type: text/html | clean |
http://www.gpsys.com.br/chat/image.php?tl=PGEgaHJlZj1cImphdmFzY3JpcHQ6dm9pZCh3aW5kb3cub3BlbignaHR0cDovL3d3dy5ncHN5cy5jb20uYnIvY2hhdC9jaGF0LnBocCcsJycsJ3dpZHRoPTU5MCxoZWlnaHQ9NjEwLGxlZnQ9MCx0b3A9MCxyZXNpemFibGU9eWVzLG1lbnViYXI9bm8sbG9jYXRpb249eWVzLHN0YXR1cz15ZXMsc2Nyb2xsYmFycz15ZXMnKSlcIiA8IS0tY2xhc3MtLT4-PCEtLXRleHQtLT48L2E-&tlont=RW50cmUgZW0gY29udGF0bw__&tloft=RGVpeGUgc3VhIE1lc3NhZ2Vt | 404 Not Found Content-Length: 18717 Content-Type: text/html | clean |
http://www.gpsys.com.br/solucao/desenvolvimento-de-sites/ | 200 OK Content-Length: 19592 Content-Type: text/html | clean |
http://www.gpsys.com.br/solucao/criacao-de-sites-em-bh/ | 404 Not Found Content-Length: 18717 Content-Type: text/html | clean |
http://www.gpsys.com.br/solucao/loja-virtual-ecommerce/ | HTTP/1.1 200 OK Connection: close Date: Sat, 06 Jun 2015 02:57:06 GMT Server: Apache Vary: Accept-Encoding Content-Type: text/html; charset=UTF-8 X-Pingback: http://www.gpsys.com.br/xmlrpc.php | clean |
http://www.gpsys.com.br/wp-content/uploads/2014/11/ | 200 OK Content-Length: 2063 Content-Type: text/html | clean |
http://mihantools.net/tools/click-l/click-l.js | 200 OK Content-Length: 460 Content-Type: application/javascript | clean |
http://www.gpsys.com.br/test404page.js | 404 Not Found Content-Length: 18717 Content-Type: text/html | clean |
http://www.gpsys.com.br/email-marketing/ | 200 OK Content-Length: 15015 Content-Type: text/html | clean |
http://www.gpsys.com.br/novo/contratar/?plan=1 | 200 OK Content-Length: 8217 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: HACKED BY X\\\ ...[69 bytes skipped]... t type=\"text/javascript\"> var SPklikkanan = \'TILANG\';</script> <script type=\"text/javascript\" src=\"https://googledrive.com/host/0B6KVua7D2SLCNDN2RW1ORmhZRWs/sp_tilang.js\"></script> <body bgcolor = black> <body oncontextmenu=\'return false;\' onkeydown=\'return false;\' onmousedown=\'return false;\'> <center> <h1> <font color= red><blink>HACKED BY X\\\'1N73CT,PATCH YOUR SECURITY SYSTEM<blink></font> </h1> </center> <hr > <br> <br> <script type=\'text/javascript\'> //<![CDATA[ shortcut={all_shortcuts:{},add:function(a,b,c){var d={type:\"keydown\",propagate:!1,disable_in_input:!1,target:document,keycode:!1};if(c)for(var e in d)\"undefined\"==typeof c[e]&&(c[e]=d[e]);else c=d;d=c.target,\"string\"==typeof c.target&&(d=document.g ...[8332 bytes skipped]... | ||
http://www.gpsys.com.br/novo/contratar/\"https://googledrive.com/host/0B6KVua7D2SLCNDN2RW1ORmhZRWs/sp_tilang.js\" | 200 OK Content-Length: 8217 Content-Type: text/html | clean |
http://www.gpsys.com.br/novo/contratar/\"https://googledrive.com/host/0B6KVua7D2SLCNDN2RW1ORmhZRWs/\"https://googledrive.com/host/0B6KVua7D2SLCNDN2RW1ORmhZRWs/sp_tilang.js\" | 200 OK Content-Length: 8217 Content-Type: text/html | clean |
http://www.gpsys.com.br/novo/contratar/\"https://googledrive.com/host/0B6KVua7D2SLCNDN2RW1ORmhZRWs/\"https://googledrive.com/host/0B6KVua7D2SLCNDN2RW1ORmhZRWs/\"https://googledrive.com/host/0B6KVua7D2SLCNDN2RW1ORmhZRWs/sp_tilang.js\" | 200 OK Content-Length: 8217 Content-Type: text/html | clean |
http://www.gpsys.com.br/novo/contratar/\"https://googledrive.com/host/0B6KVua7D2SLCNDN2RW1ORmhZRWs/\"https://googledrive.com/host/0B6KVua7D2SLCNDN2RW1ORmhZRWs/\"https://googledrive.com/host/0B6KVua7D2SLCNDN2RW1ORmhZRWs/\"https://googledrive.com/host/0B6KVua7D2SLCNDN2RW1ORmhZRWs/sp_tilang.js\" | 200 OK Content-Length: 8217 Content-Type: text/html | clean |
http://www.gpsys.com.br/novo/contratar/\"https://googledrive.com/host/0B6KVua7D2SLCNDN2RW1ORmhZRWs/\"https://googledrive.com/host/0B6KVua7D2SLCNDN2RW1ORmhZRWs/\"https://googledrive.com/host/0B6KVua7D2SLCNDN2RW1ORmhZRWs/\"https://googledrive.com/host/0B6KVua7D2SLCNDN2RW1ORmhZRWs/\"https://googledrive.com/host/0B6KVua7D2SLCNDN2RW1ORmhZRWs/sp_tilang.js\" | 200 OK Content-Length: 8217 Content-Type: text/html | clean |
http://www.gpsys.com.br/novo/contratar/\"https://googledrive.com/host/0B6KVua7D2SLCNDN2RW1ORmhZRWs/\"https://googledrive.com/host/0B6KVua7D2SLCNDN2RW1ORmhZRWs/\"https://googledrive.com/host/0B6KVua7D2SLCNDN2RW1ORmhZRWs/\"https://googledrive.com/host/0B6KVua7D2SLCNDN2RW1ORmhZRWs/\"https://googledrive.com/host/0B6KVua7D2SLCNDN2RW1ORmhZRWs/\"https://googledrive.com/host/0B6KVua7D2SLCNDN2RW1ORmhZRWs/sp_tilang.js\" | 200 OK Content-Length: 8217 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: gpsys.com.br
Result:
GET / HTTP/1.1
Host: gpsys.com.br
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: gpsys.com.br
Referer: http://www.google.com/search?q=gpsys.com.br
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: gpsys.com.br
Referer: http://www.google.com/search?q=gpsys.com.br
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=gpsys.com.br
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://gpsys.com.br/
Result: gpsys.com.br is not infected or malware details are not published yet.
Result: gpsys.com.br is not infected or malware details are not published yet.