Scanned pages/files
Request | Server response | Status |
http://tmflex.com/ | 200 OK Content-Length: 14258 Content-Type: text/html | clean |
http://tmflex.com/thickbox/jquery.js | 200 OK Content-Length: 232651 Content-Type: application/x-javascript | clean |
http://tmflex.com/thickbox/thickbox.js | 200 OK Content-Length: 11941 Content-Type: application/x-javascript | clean |
http://tmflex.com/index.aspx | 200 OK Content-Length: 23456 Content-Type: text/html | clean |
http://tmflex.com/WebResource.axd?d=nGIWWj6e7FExLQ_4odREzaMBITjex_VG_ObB0DuLxig3cCMLLT-oRnpkWxKSHOxXoWxzer23SuYI3638TnlWD-sRriu7Mg2AuaYofUolNmw1&t=634487380385082500 | 200 OK Content-Length: 21725 Content-Type: application/x-javascript | clean |
http://tmflex.com/ScriptResource.axd?d=QfVQzdhQuqd66LqQub6XJ8keza-UDS11aKwShRyQjvcbRSRpvwUyX14VlH-e_4RoJoPzFyhHP0bAOdHgAo_PiU6cMzSD1pH4IIlaU4wiJ_AfLzoosCunLN1rRQdmP26SSr8SEtpG5PUc_buLlPlQeg4gYigAvJUfWWEnnnG43EQWQp0zcpb58udRhiGbid890&t=2610f696 | 200 OK Content-Length: 300165 Content-Type: application/x-javascript | clean |
http://tmflex.com/ScriptResource.axd?d=xt86Sda2lg3Djj_nV2vQtaDS9PtQcPZhGkRFGDCfRmU-8rOCetDx1AOhSu-QUXUqQu8iy2NHPaeKesRe1CYyMHHt16X_WRYRjlUtwILwRY-rAHra1pNDEuPFXxoqWnonyFJG9gWWSZR0oKrftEwAAU9fmhbuA7KjV8GHaid7bsSEL67g2X8ZNoLKBDLlgCld0&t=2610f696 | 200 OK Content-Length: 99856 Content-Type: application/x-javascript | clean |
http://tmflex.com/ScriptResource.axd?d=_2_NAmYUWEt3N9aO9UpNokXynffuMKjRXKgmZ5ilc7h4l7YoaXAR04op3hy4xsF2yeXxG8kIurk3S71IergRxJ2OvcwBwO3_1SyGnCB0R1kkTqb2qDGYRvzsfjfpb4FZ2axLpUwTMadbgLLK_c7W_A2&t=fffffffffa10e962 | 200 OK Content-Length: 34266 Content-Type: text/javascript | clean |
http://tmflex.com/ScriptResource.axd?d=oonz2JQCyaoOzOoL9lEOehRwCc-8qQ4FsMqeDWfdrgG4YkDhh8elNuHp_ZYYoQJFn4zBcreJy-dYNY_Lhk2jg0hTyU9wZQNkajUa9HZXFRldp1WgSHC2P_OJwACcVa88e7jwdkvTvh8pM1NF_3FZBB9eOjgcnQkKen56GXSnmck1&t=fffffffffa10e962 | 200 OK Content-Length: 25797 Content-Type: text/javascript | clean |
http://tmflex.com/ScriptResource.axd?d=r9SxL35b4VowbgtxlMg9A46v-VCDnLatL1zcbZoLGOoMnlGi-IZhsNB39XKvZERaiMmSJxvuDyrM3rqbndfyHonAHTpmTZTHCDHm89ZRAUT3oVvN9sNDUoJj3MY2d9NRI3qKxUt7aMPK5QMuhyfqdA2&t=fffffffffa10e962 | 200 OK Content-Length: 72397 Content-Type: text/javascript | clean |
http://tmflex.com/ScriptResource.axd?d=FKTLokMeDQR8ntLjc5etbVzaYsVS-aPvgR-vXpSQimr_okhkTz4LTWsshFYI7kppKPNgkSxH3tzkxZ2GMj6578y09boh5M1F4X28aVyWiMb56l9QVtX9Sz4WcsVfX_iiIYFvQLqpG0UBALBG_JVfPA2&t=fffffffffa10e962 | 200 OK Content-Length: 5953 Content-Type: text/javascript | clean |
http://tmflex.com/ScriptResource.axd?d=6WZovRLTcDDTPsE1jaaBmC1gItrSFr8yQ7TKT_ImKg01pXtU9yDw_AKyGf565_aQ4DYgqNd22isFIs3azdQ9N7553n--Q64jLde7Q8dueY_RulXreFfylXvIITLrqFA9yuaZqFpnnZwWXDRtauVyisKSPpGFcYNyXGpVX2-0Y501&t=fffffffffa10e962 | 200 OK Content-Length: 4819 Content-Type: text/javascript | clean |
http://tmflex.com/ScriptResource.axd?d=i1qfU9dFKUqG0pOn9NT3TvJdBI9zg_BXtQp3gen26Ms4EgR03eO5YoWIvKcsflJkf3xgbuNYhwEhnCbSl25_4v0w8ofFnEX68olFzK_7gpClYttIlkoZ7fDpvlXEgzLKLQl60ds22k1HOb1ARtrzkw2&t=fffffffffa10e962 | 200 OK Content-Length: 58661 Content-Type: text/javascript | clean |
http://tmflex.com/ScriptResource.axd?d=zJnTSLs9ZeTYQVN6XP0RKoL81LNsVh-O0foKh30w1FcOq8dld7YWg-glveADEQvzHiYrn357O3AWjU2aADambS5bczRAlsaj9aS-u2GBeLL04JBtVAhzVRSjxBfSDrlcrOSqq9V5WDMU47Xbp5DXMJCleVN9tGaTQV6sdCo-ZDY1&t=fffffffffa10e962 | 200 OK Content-Length: 10041 Content-Type: text/javascript | clean |
http://tmflex.com/busqueda.aspx | 200 OK Content-Length: 19766 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) Sys.Application.add_init(function() { $create(Telerik.Web.UI.RadFormDecorator, {"clientStateFieldID":"cpFamilias_RadFormDecorator1_ClientState","decoratedControls":15,"enabled":true,"skin":"Default"}, null, null, $get("cpFamilias_RadFormDecorator1")); }); Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: tmflex.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 04 Oct 2014 16:00:31 GMT
Server: Microsoft-IIS/6.0
Content-Length: 14258
Content-Type: text/html; charset=utf-8
Set-Cookie: ASP.NET_SessionId=yl2zirnll2gjp1trt0zmnxdg; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
...14258 bytes of data.
GET / HTTP/1.1
Host: tmflex.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 04 Oct 2014 16:00:31 GMT
Server: Microsoft-IIS/6.0
Content-Length: 14258
Content-Type: text/html; charset=utf-8
Set-Cookie: ASP.NET_SessionId=yl2zirnll2gjp1trt0zmnxdg; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
...14258 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: tmflex.com
Referer: http://www.google.com/search?q=tmflex.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: tmflex.com
Referer: http://www.google.com/search?q=tmflex.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=tmflex.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://tmflex.com/
Result: tmflex.com is not infected or malware details are not published yet.
Result: tmflex.com is not infected or malware details are not published yet.