Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ospvi.com.sapo.pt
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.ospvi.com.sapo.pt/ | HTTP/1.1 302 Found Connection: close Date: Mon, 25 Aug 2014 18:56:24 GMT Location: http://ospvi.com.sapo.pt/ Server: Apache/1.3.33 (Unix) Content-Type: text/html; charset=iso-8859-1 | clean |
http://ospvi.com.sapo.pt/ | 200 OK Content-Length: 2713 Content-Type: text/html | clean |
http://ospvi.com.sapo.pt/test404page.js | HTTP/1.1 302 Found Connection: close Date: Mon, 25 Aug 2014 18:56:25 GMT Location: http://404.s.sapo.pt/ Server: Apache/1.3.33 (Unix) Content-Type: text/html; charset=iso-8859-1 Expires: Fri, Jan 1 1999 00:00:00 GMT | clean |
http://404.s.sapo.pt/ | 404 Not Found Content-Length: 4068 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) Object.extend = function(destination, source) { for (var property in source) { destination[property] = source[property]; } return destination; }; var aParams = {}; var url=document.URL; if(url.match(/\?(.+)/i)) { var queryStr = url.replace(/^(.*)\?([^\#]+)(\#(.*))?/g, "$2"); if(queryStr.length > 0) { var aQueryStr = queryStr.split(/[;&]/); for(var i=0; i < aQueryStr.length; i++) { var pairVar = aQueryStr[i].split('='); aParams[decodeURIComponent(pairVar[0])] = (typeof(pairVar[1]) != 'undefined' && pairVar[1]) ? decodeURIComponent(pairVar[1]) : ''; } } } Antivirus reports:
| ||
http://404.s.sapo.pt/test404page.js | 404 Not Found Content-Length: 4068 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) Object.extend = function(destination, source) { for (var property in source) { destination[property] = source[property]; } return destination; }; var aParams = {}; var url=document.URL; if(url.match(/\?(.+)/i)) { var queryStr = url.replace(/^(.*)\?([^\#]+)(\#(.*))?/g, "$2"); if(queryStr.length > 0) { var aQueryStr = queryStr.split(/[;&]/); for(var i=0; i < aQueryStr.length; i++) { var pairVar = aQueryStr[i].split('='); aParams[decodeURIComponent(pairVar[0])] = (typeof(pairVar[1]) != 'undefined' && pairVar[1]) ? decodeURIComponent(pairVar[1]) : ''; } } } Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ospvi.com.sapo.pt
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate, no-cache="Set-Cookie", private
Connection: close
Date: Mon, 25 Aug 2014 18:56:24 GMT
Pragma: no-cache
Accept-Ranges: bytes
ETag: "1294427-a99-5350ffe5"
Server: Apache/1.3.33 (Unix)
Content-Length: 2713
Content-Type: text/html
Expires: Fri, Jan 1 1999 00:00:00 GMT
Last-Modified: Fri, 18 Apr 2014 10:35:17 GMT
...2713 bytes of data.
GET / HTTP/1.1
Host: ospvi.com.sapo.pt
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate, no-cache="Set-Cookie", private
Connection: close
Date: Mon, 25 Aug 2014 18:56:24 GMT
Pragma: no-cache
Accept-Ranges: bytes
ETag: "1294427-a99-5350ffe5"
Server: Apache/1.3.33 (Unix)
Content-Length: 2713
Content-Type: text/html
Expires: Fri, Jan 1 1999 00:00:00 GMT
Last-Modified: Fri, 18 Apr 2014 10:35:17 GMT
...2713 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: ospvi.com.sapo.pt
Referer: http://www.google.com/search?q=ospvi.com.sapo.pt
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ospvi.com.sapo.pt
Referer: http://www.google.com/search?q=ospvi.com.sapo.pt
Result:
The result is similar to the first query. There are no suspicious redirects found.