Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=92styles.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://92styles.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://92styles.com/ | 200 OK Content-Length: 28195 Content-Type: text/html | clean |
http://92styles.com/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/ajax/static/ajax.js?ver=3.8.4 | 200 OK Content-Length: 33 Content-Type: application/javascript | clean |
http://92styles.com/wp-includes/js/jquery/jquery.js?ver=1.10.2 | 200 OK Content-Length: 93085 Content-Type: application/javascript | clean |
http://92styles.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7199 Content-Type: application/javascript | clean |
http://92styles.com/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/ajax/static/persist.js?ver=3.8.4 | 200 OK Content-Length: 24995 Content-Type: application/javascript | clean |
http://92styles.com/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/ajax/static/store.js?ver=3.8.4 | 200 OK Content-Length: 5337 Content-Type: application/javascript | clean |
http://92styles.com/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/ajax/static/ngg_store.js?ver=3.8.4 | 200 OK Content-Length: 891 Content-Type: application/javascript | clean |
http://92styles.com/wp-content/plugins/SocialGallery/js/socialGalleryEpic.js?ver=3.8.4 | 200 OK Content-Length: 16447 Content-Type: application/javascript | clean |
http://92styles.com/wp-content/plugins/SocialGallery/js/jgestures.min.js?ver=3.8.4 | 200 OK Content-Length: 15951 Content-Type: application/javascript | clean |
http://92styles.com/wp-content/plugins/anti-spam/js/anti-spam.js?ver=2.2 | 200 OK Content-Length: 1850 Content-Type: application/javascript | clean |
http://92styles.com/wp-content/plugins/adrotate/library/jquery.clicktracker.js?ver=0.5 | 200 OK Content-Length: 830 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery(document).ready(function() { jQuery("a.gofollow").click(function(){ jQuery(this).each(function() { var tracker = jQuery(this).attr("data-track"); var debug = jQuery(this).attr("data-debug"); jQuery.post( '//' + location.host + '/wp-content/plugins/adrotate/library/clicktracker.php', { track: tracker } ); if(debug == 1) { alert('Tracker: ' + tracker + '\n\nTracker must be defined for clicktracking to work.'); } }); }); }); Antivirus reports:
| ||
http://92styles.com/wp-content/plugins/modal-dialog/cookie.js?ver=1.0 | 200 OK Content-Length: 3713 Content-Type: application/javascript | clean |
http://92styles.com/wp-content/plugins/modal-dialog/colorbox/jquery.colorbox-min.js?ver=1.5.6 | 200 OK Content-Length: 11859 Content-Type: application/javascript | clean |
http://92styles.com/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/lightbox/static/lightbox_context.js?ver=3.8.4 | 200 OK Content-Length: 890 Content-Type: application/javascript | clean |
http://html5shim.googlecode.com/svn/trunk/html5.js?ver=3.8.4 | 200 OK Content-Length: 2429 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: 92styles.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 06 Oct 2014 13:32:27 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Link: <http://92styles.com/?p=11>; rel=shortlink
Set-Cookie: 60gpBAK=R1224194687; path=/; expires=Mon, 06-Oct-2014 14:34:58 GMT
Set-Cookie: 60gp=R4049202072; path=/; expires=Mon, 06-Oct-2014 14:40:55 GMT
X-Pingback: http://92styles.com/xmlrpc.php
X-Powered-By: PHP/5.4.30
GET / HTTP/1.1
Host: 92styles.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 06 Oct 2014 13:32:27 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Link: <http://92styles.com/?p=11>; rel=shortlink
Set-Cookie: 60gpBAK=R1224194687; path=/; expires=Mon, 06-Oct-2014 14:34:58 GMT
Set-Cookie: 60gp=R4049202072; path=/; expires=Mon, 06-Oct-2014 14:40:55 GMT
X-Pingback: http://92styles.com/xmlrpc.php
X-Powered-By: PHP/5.4.30
Second query (visit from search engine):
GET / HTTP/1.1
Host: 92styles.com
Referer: http://www.google.com/search?q=92styles.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: 92styles.com
Referer: http://www.google.com/search?q=92styles.com
Result:
The result is similar to the first query. There are no suspicious redirects found.