Scanned pages/files
Request | Server response | Status |
http://rodiziodegatas.net/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 30 Oct 2014 20:59:41 GMT Location: http://www.rodiziodegatas.net/ Server: Apache Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Pingback: http://www.rodiziodegatas.net/xmlrpc.php | clean |
http://www.rodiziodegatas.net/ | 200 OK Content-Length: 38096 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var puShown = false; function doOpen(url) { if ( puShown == true ) { return true; } win = window.open(url, 'ljPu', 'toolbar,status,resizable,scrollbars,menubar,location,height=680,width=1000'); if ( win ) { win.blur(); puShown = true; } return win; } function setCookie(name, value, time) { var expires = new Date(); expires.setTime( expi } else if ( document.addEventListener ) { document.addEventListener( 'click', checkTarget, false ); } } function checkTarget(e) { if ( !getCookie('popunder') ) { var e = e || window.event; var win = doOpen('http://redirect.ero-advertising.com/speedclicks/in.php?pid=31636&spaceid=242350&returnurl=" target='); setCookie('popunder', 24*60*60*5); } } initPu(); Antivirus reports:
| ||
http://ads.juicyads.com/jsclients/jam_min.js | 200 OK Content-Length: 21397 Content-Type: application/x-javascript | clean |
http://ads.juicyads.com/jsclients/jac.js | 200 OK Content-Length: 91344 Content-Type: application/x-javascript | clean |
http://www.rodiziodegatas.net/wp-includes/js/jquery/jquery.js?ver=1.11.1 | 200 OK Content-Length: 95807 Content-Type: application/javascript | clean |
http://www.rodiziodegatas.net/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/javascript | clean |
http://www.rodiziodegatas.net/wp-content/themes/easel/js/ddsmoothmenu.js?ver=4.0 | 200 OK Content-Length: 7981 Content-Type: application/javascript | clean |
http://www.rodiziodegatas.net/wp-content/themes/easel/js/menubar.js?ver=4.0 | 200 OK Content-Length: 322 Content-Type: application/javascript | clean |
https://ads.exoclick.com/ads.js | 200 OK Content-Length: 401 Content-Type: text/javascript | clean |
http://adspaces.ero-advertising.com/adspace/311965.js | 200 OK Content-Length: 1225 Content-Type: application/javascript | clean |
http://syndication.exoclick.com/splash.php?idzone=1052552&type=4 | 200 OK Content-Length: 4515 Content-Type: text/html | clean |
http://syndication.exoclick.com/test404page.js | 404 Not Found Content-Length: 564 Content-Type: text/html | clean |
http://www.rodiziodegatas.net/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.51.0-2014.06.20 | 200 OK Content-Length: 15248 Content-Type: application/javascript | clean |
http://www.rodiziodegatas.net/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.0.1 | 200 OK Content-Length: 9658 Content-Type: application/javascript | clean |
http://www.rodiziodegatas.net/wp-content/themes/easel/js/scroll.js | 200 OK Content-Length: 602 Content-Type: application/javascript | clean |
http://rodiziodegatas.net//adspaces.ero-advertising.com/adspace/329942.js/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Thu, 30 Oct 2014 20:59:52 GMT Pragma: no-cache Location: http://www.rodiziodegatas.net/adspaces.ero-advertising.com/adspace/329942.js/ Server: Apache Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT X-Pingback: http://www.rodiziodegatas.net/xmlrpc.php | clean |
http://www.rodiziodegatas.net/adspaces.ero-advertising.com/adspace/329942.js/ | 404 Not Found Content-Length: 26537 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var puShown = false; function doOpen(url) { if ( puShown == true ) { return true; } win = window.open(url, 'ljPu', 'toolbar,status,resizable,scrollbars,menubar,location,height=680,width=1000'); if ( win ) { win.blur(); puShown = true; } return win; } function setCookie(name, value, time) { var expires = new Date(); expires.setTime( expi } else if ( document.addEventListener ) { document.addEventListener( 'click', checkTarget, false ); } } function checkTarget(e) { if ( !getCookie('popunder') ) { var e = e || window.event; var win = doOpen('http://redirect.ero-advertising.com/speedclicks/in.php?pid=31636&spaceid=242350&returnurl=" target='); setCookie('popunder', 24*60*60*5); } } initPu(); Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: rodiziodegatas.net
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 30 Oct 2014 20:59:41 GMT
Location: http://www.rodiziodegatas.net/
Server: Apache
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Pingback: http://www.rodiziodegatas.net/xmlrpc.php
...0 bytes of data.
GET / HTTP/1.1
Host: rodiziodegatas.net
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 30 Oct 2014 20:59:41 GMT
Location: http://www.rodiziodegatas.net/
Server: Apache
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Pingback: http://www.rodiziodegatas.net/xmlrpc.php
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: rodiziodegatas.net
Referer: http://www.google.com/search?q=rodiziodegatas.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: rodiziodegatas.net
Referer: http://www.google.com/search?q=rodiziodegatas.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=rodiziodegatas.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://rodiziodegatas.net/
Result: rodiziodegatas.net is not infected or malware details are not published yet.
Result: rodiziodegatas.net is not infected or malware details are not published yet.