Scanned pages/files
Request | Server response | Status |
http://pchconsultores.net/ | 200 OK Content-Length: 715 Content-Type: text/html | clean |
http://pchconsultores.net/.htpasswds/ | 200 OK Content-Length: 224 Content-Type: text/html | clean |
http://pchconsultores.net/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
http://pchconsultores.net/OpenScholar/ | 200 OK Content-Length: 264 Content-Type: text/html | clean |
http://pchconsultores.net/OpenScholar/sites/ | 200 OK Content-Length: 292 Content-Type: text/html | clean |
http://pchconsultores.net/OpenScholar/sites/default/ | 200 OK Content-Length: 426 Content-Type: text/html | clean |
http://pchconsultores.net/OpenScholar/sites/default/default.settings.php | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://pchconsultores.net/OpenScholar/sites/default/files/ | 200 OK Content-Length: 292 Content-Type: text/html | clean |
http://pchconsultores.net/OpenScholar/sites/default/settings.php | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://pchconsultores.net/cgi-bin/ | 403 Forbidden Content-Length: 329 Content-Type: text/html | clean |
http://pchconsultores.net/particuliers.secure.lcl/ | 200 OK Content-Length: 288 Content-Type: text/html | clean |
http://pchconsultores.net/particuliers.secure.lcl/outil/ | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sat, 12 Dec 2015 13:16:47 GMT Location: 81cd9a357e543a86bfef95cc2b0e3f82 Server: Apache Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.3.29 | clean |
http://pchconsultores.net/particuliers.secure.lcl/outil/81cd9a357e543a86bfef95cc2b0e3f82 | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 12 Dec 2015 13:16:47 GMT Location: http://pchconsultores.net/particuliers.secure.lcl/outil/81cd9a357e543a86bfef95cc2b0e3f82/ Server: Apache Content-Length: 297 Content-Type: text/html; charset=iso-8859-1 | clean |
http://pchconsultores.net/particuliers.secure.lcl/outil/81cd9a357e543a86bfef95cc2b0e3f82/ | 200 OK Content-Length: 36903 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- HTML Encryption provided by iWEBTOOL.com --> <!-- document.write(unescape('%3C%21%44%4F%43%54%59%50%45%20%68%74%6D%6C%3E%0A%3C%68%74%6D%6C%20%63%6C%61%73%73%3D%22%20%6A%73%20%66%6C%65%78%62%6F%78%20%63%61%6E%76%61%73%20%63%61%6E%76%61%73%74%65%78%74%20%77%65%62%67%6C%20%6E%6F%2D%74%6F%75%63%68%20%67%65%6F%6C%6F%63%61%74%69%6F%6E%20%70%6F%73%74%6D%65%73%73%61%67%65%20%6E%6F%2D%77%65%62%73%71%6C%64%61%74%61%62%61%73%65%20%69%6E%64%65%78%65%64%64%62%20%68%61%73%68%63%6 Decoded script: <!DOCTYPE html> <html class=" js flexbox canvas canvastext webgl no-touch geolocation postmessage no-websqldatabase indexeddb hashchange history draganddrop websockets rgba hsla multiplebgs backgroundsize borderimage borderradius boxshadow textshadow opacity cssanimations csscolumns cssgradients no-cssreflections csstransforms csstransforms3d csstransitions fontface generatedcontent video audio localstorage sessionstorage webworkers applicationcache svg inlinesvg smil svgclippa <iframe id="idInfo" allowtransparency="true" onload="calcSizeFrame(this);" src="index_fichiers/accesPagePublie.htm" class="framePage" frameborder="0" height="446" width="300px"> </iframe> </div> </div> </div> </form> </div> </div> </div> </div> <form id="formLogout" method="POST" action="/outil/uaut/Login/logout"></form> </div> </body></html> Antivirus reports:
| ||
http://pchconsultores.net/pchconsultores/ | 200 OK Content-Length: 7957 Content-Type: text/html | clean |
http://pchconsultores.net/pchconsultores/misc/jquery.js?v=1.4.4 | 200 OK Content-Length: 78602 Content-Type: application/javascript | clean |
http://pchconsultores.net/pchconsultores/misc/jquery.once.js?v=1.2 | 200 OK Content-Length: 2974 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: pchconsultores.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 12 Dec 2015 13:16:42 GMT
Server: Apache
Content-Length: 715
Content-Type: text/html;charset=ISO-8859-1
...715 bytes of data.
GET / HTTP/1.1
Host: pchconsultores.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 12 Dec 2015 13:16:42 GMT
Server: Apache
Content-Length: 715
Content-Type: text/html;charset=ISO-8859-1
...715 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: pchconsultores.net
Referer: http://www.google.com/search?q=pchconsultores.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: pchconsultores.net
Referer: http://www.google.com/search?q=pchconsultores.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=pchconsultores.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://pchconsultores.net/
Result: pchconsultores.net is not infected or malware details are not published yet.
Result: pchconsultores.net is not infected or malware details are not published yet.