Scanned pages/files
Request | Server response | Status |
http://watch32.info/ | HTTP/1.1 200 OK Connection: close Date: Sun, 07 Sep 2014 18:31:35 GMT Server: nginx/1.4.3 Content-Type: text/html; charset=iso-8859-1 | clean |
http://watch32.com/ | 200 OK Content-Length: 133966 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. (function(){ var D=new Date(),d=document,b='body',ce='createElement',ac='appendChild',st='style',ds='display',n='none',gi='getElementById'; var i=d[ce]('iframe');i[st][ds]=n;d[gi]("MarketGidScriptRootC6616")[ac](i);try{var iw=i.contentWindow.document;iw.open();iw.writeln("<ht"+"ml><bo"+"dy></bo"+"dy></ht"+"ml>");iw.close();var c=iw[b];} catch(e){var iw=d;var c=d[gi]("MarketGidScriptRootC6616");}var dv=iw[ce]('div');dv.id="MG_ID";dv[st][ds]=n;dv.innerHTML=6616;c[ac](dv); var s=iw[ce]('script');s.async='async';s.defer='defer';s.charset='utf-8';s.src="http://jsc.mgid.com/w/a/watch32.com.6616.js?t="+D.getYear()+D.getMonth()+D.getDate()+D.getHours();c[ac](s);})(); | ||
http://watch32.com/js/base64.js | 200 OK Content-Length: 3031 Content-Type: application/javascript | clean |
https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js | 200 OK Content-Length: 92629 Content-Type: text/javascript | clean |
http://watch32.com/js/load.js | 200 OK Content-Length: 11821 Content-Type: application/javascript | clean |
http://watch32.com/js/tooltips.js | 200 OK Content-Length: 37852 Content-Type: application/x-javascript | clean |
http://cdn.directrev.com/js/gp.min.js | 200 OK Content-Length: 1290 Content-Type: application/x-javascript | clean |
http://watch32.info//go.onclasrv.com/apu.php?zoneid=45713/ | HTTP/1.1 200 OK Connection: close Date: Sun, 07 Sep 2014 18:31:39 GMT Server: nginx/1.4.3 Content-Type: text/html; charset=iso-8859-1 | clean |
http://watch32.comapu.php?zoneid=45713/ | 500 Can't connect to watch32.comapu.php:80 (Bad hostname) Content-Length: 168 Content-Type: text/plain | clean |
http://watch32.comapu.php?zoneid=45713/test404page.js | 500 Can't connect to watch32.comapu.php:80 (Bad hostname) Content-Length: 168 Content-Type: text/plain | clean |
http://www.adcash.com/script/java.php?option=rotateur&rotateur=149239 | 200 OK Content-Length: 6873 Content-Type: text/html | clean |
http://watch32.com/plugins/media.js | 200 OK Content-Length: 146 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: watch32.info
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 07 Sep 2014 18:31:35 GMT
Server: nginx/1.4.3
Content-Type: text/html; charset=iso-8859-1
GET / HTTP/1.1
Host: watch32.info
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 07 Sep 2014 18:31:35 GMT
Server: nginx/1.4.3
Content-Type: text/html; charset=iso-8859-1
Second query (visit from search engine):
GET / HTTP/1.1
Host: watch32.info
Referer: http://www.google.com/search?q=watch32.info
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: watch32.info
Referer: http://www.google.com/search?q=watch32.info
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=watch32.info
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://watch32.info/
Result: watch32.info is not infected or malware details are not published yet.
Result: watch32.info is not infected or malware details are not published yet.