Some 80 IDS alerts for this domain - Request to a *.tk domain alerted!

Is it blocked or alerted? → https://urlquery.net/report.php?id=1455312328071
Not directly but Avast will block a dangerous redirect. **
The address you entered is unnecessarily exposing the following response headers which divulge its choice of web platform:
Server: nginx/1.0.14 alerted as “Outdated Web Server Nginx Found: nginx/1.0.14”
X-Powered-By: PHP/5.3.10
Result
It looks like 9 cookies are being set without the “HttpOnly” flag being set (name : value):

PHPSESSID : 0tjo1g61qq37ogag6odd0qi3b0
s1466 : 1%3A1%3A%3A%3A
ip : 54.235.159.202
gp_vote :
gp_count : 50
fb_vote :
fb_count : 81
twit_vote :
twit_count : 92
Unless the cookie legitimately needs to be read by JavaScript on the client, the “HttpOnly” flag should always be set to ensure it cannot be read by the client and used in an XSS attack. * Consider here for instance: http://www.domxssscanner.com/scan?url=http%3A%2F%2Ffilebit3cc.com%2F
and yes “jquery.cookie.js” is flagged as dom xss “source” :smiley:

Vulnerable retirable code detected: -http://filebit3cc.com/
Detected libraries:
jquery - 1.7.2 : -http://dl19.file2bitcc.tk//skins/default/js/jquery.min.js
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery-ui-dialog - 1.8.18 : -http://dl19.file2bitcc.tk//skins/default/js/jquery-ui-1.8.18.custom.min.js
Info: Severity: medium
http://bugs.jqueryui.com/ticket/6016
2 vulnerable libraries detected

Quttera has detected this suspicious file: index
Severity: Suspicious
Reason: Detected suspicious redirection to external web resources at HTTP level.
Details: Detected HTTP redirection to -http://dl19.file2bitcc.tk. ** AOS flags as dangerous site and blocks this!
File size[byte]: 0
File type: Unknown
Page/File MD5: 00000000000000000000000000000000
Scan duration[sec]: 0.001000

Sucuri also flags as: Suspicious domain detected. Details: http://sucuri.net/malware/malware-entry-mwblacklisted35

</di

We are being protected as Avast also prevents us from landing there!

polonus

Suricata keeps warning for “ET POLICY HTTP Request to a *.tk domain”, for instance here: https://urlquery.net/report/46c82e82-06b5-470c-9e62-56b2d45d8c72
But here it is only alerted as suspicious by ForcePoint ThreatSeeker: https://www.virustotal.com/nl/url/55a01654a40c9ffac6c0aade667434cb6f9dd41af81aa1246c6a8bd50c8ada72/analysis/1512576116/

polonus

Update

This one going out here

< meta htxp-equiv=“refresh” content=“1; URL=htxp://domain.dot.tk/p/?d=VURDURGITSIN.TK&i=198.71.230.24&c=1&ro=0&ref=https%3A%2F%2Fwww.google.com%2Furl%3Fsa%3Dt%26rct%3Dj%26q%3D%26esrc%3Ds%26source%3Dweb%26cd%3D3%26cad%3Drja%26uact%3D8%26ved%3DczwNoJ4bh%26url%3Dhttp%253A%252F%252Fvurdurgitsin.tk%252F%26ei%3D05Zb82JDLdXJCo6Fpt4%26usg%3D2QufmWSGtnur0OyKAQ4&_=1516056050567”/>
re: https://urlquery.net/report/0c1bbd28-17c2-4a07-a026-7e9e195239f4
and many more for that particular IP. - https://urlquery.net/report/0c1bbd28-17c2-4a07-a026-7e9e195239f4

https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=vurdurgitsin.tk%2F&ref_sel=GSP2&ua_sel=ff&fs=1

Read on the background of such dns requests here: https://live.paloaltonetworks.com/t5/Threat-Articles/What-are-suspicious-DNS-queries/ta-p/71454

errors on above website

info: [script] -code.jquery.com/jquery-1.12.4.js
info: [script] -code.jquery.com/ui/1.12.1/jquery-ui.js
info: [script] -maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
info: [script] -domain.dot.tk/js/dos.js
info: [script] -domain.dot.tk/js/searchr.js
info: [img] -domain.dot.tk/images.v2/icon-dashboard.png
info: [img] -domain.dot.tk/images.v2/icon-plus.png
info: [img] -domain.dot.tk/images.v2/icon-privacy.png
info: [img] -domain.dot.tk/images.v2/icon-dashboard-green.png
info: [img] -domain.dot.tk/images.v2/network.png
info: [img] -domain.dot.tk/images.v2/freenom-world.png
info: [img] -uses.freenom.world/FFFFFF-1.0.png
info: [iframe] -domain.dot.tk/p/?d=VURDURGITSIN.TK&i=-204.152.206.106&c=1&ro=0&ref= etc.
info: [decodingLevel=0] found JavaScript
error: undefined variable $
error: undefined function $
error: line:3: SyntaxError: missing = in XML attribute:
error: line:3:
error: line:3: …^

polonus (volunteer website security analyst and website error-hunter)