Scanned pages/files
| Request | Server response | Status |
http://all4pda.org/ | 200 OK Content-Length: 78947 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. (function(){ var D=new Date(),d=document,b='body',ce='createElement',ac='appendChild',st='style',ds='display',n='none',gi='getElementById'; var i=d[ce]('iframe');i[st][ds]=n;d[gi]("MarketGidScriptRootC569073")[ac](i);try{var iw=i.contentWindow.document;iw.open();iw.writeln("<ht"+"ml><bo"+"dy></bo"+"dy></ht"+"ml>");iw.close();var c=iw[b];} catch(e){var iw=d;var c=d[gi]("MarketGidScriptRootC569073");}var dv=iw[ce]('div');dv.id="MG_ID";dv[st][ds]=n;dv.innerHTML=569073;c[ac](dv); var s=iw[ce]('script');s.async='async';s.defer='defer';s.charset='utf-8';s.src="http://jsc.marketgid.com/a/l/all4pda.org.569073.js?t="+D.getYear()+D.getMonth()+D.getDate()+D.getHours();c[ac](s);})(); | ||
http://all4pda.org/plugins/system/cdscriptegrator/libraries/jquery/gzip/js.php?files[]=js/jquery-1.7.2.min.js&files[]=js/jquery-noconflict.js | 200 OK Content-Length: 94862 Content-Type: application/x-javascript | clean |
http://all4pda.org/plugins/system/cdscriptegrator/libraries/jqueryui/gzip/js.php?files[]=js/jquery-ui-1.8.20.custom.min.js | 200 OK Content-Length: 206732 Content-Type: application/x-javascript | clean |
http://all4pda.org/media/zoo/assets/js/responsive.js?ver=20130219 | 200 OK Content-Length: 1561 Content-Type: application/x-javascript | clean |
http://all4pda.org/components/com_zoo/assets/js/default.js?ver=20130219 | 200 OK Content-Length: 1455 Content-Type: application/x-javascript | clean |
http://all4pda.org/cache/widgetkit/widgetkit-9184df3c.js | 200 OK Content-Length: 20205 Content-Type: application/x-javascript | clean |
http://all4pda.org/media/system/js/mootools-core.js | 200 OK Content-Length: 96362 Content-Type: application/x-javascript | clean |
http://all4pda.org/media/system/js/core.js | 200 OK Content-Length: 4784 Content-Type: application/x-javascript | clean |
http://all4pda.org/templates/yoo_downtown/warp/js/warp.js | 200 OK Content-Length: 6834 Content-Type: application/x-javascript | clean |
http://all4pda.org/templates/yoo_downtown/warp/js/accordionmenu.js | 200 OK Content-Length: 1504 Content-Type: application/x-javascript | clean |
http://all4pda.org/templates/yoo_downtown/warp/js/dropdownmenu.js | 200 OK Content-Length: 5399 Content-Type: application/x-javascript | clean |
http://all4pda.org/templates/yoo_downtown/js/template.js | 200 OK Content-Length: 1113 Content-Type: application/x-javascript | clean |
http://all4pda.org/templates/yoo_downtown/warp/js/search.js | 200 OK Content-Length: 4058 Content-Type: application/x-javascript | clean |
http://all4pda.org//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js/ | 404 Not Found Content-Length: 58190 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. (function(){ var D=new Date(),d=document,b='body',ce='createElement',ac='appendChild',st='style',ds='display',n='none',gi='getElementById'; var i=d[ce]('iframe');i[st][ds]=n;d[gi]("MarketGidScriptRootC569073")[ac](i);try{var iw=i.contentWindow.document;iw.open();iw.writeln("<ht"+"ml><bo"+"dy></bo"+"dy></ht"+"ml>");iw.close();var c=iw[b];} catch(e){var iw=d;var c=d[gi]("MarketGidScriptRootC569073");}var dv=iw[ce]('div');dv.id="MG_ID";dv[st][ds]=n;dv.innerHTML=569073;c[ac](dv); var s=iw[ce]('script');s.async='async';s.defer='defer';s.charset='utf-8';s.src="http://jsc.marketgid.com/a/l/all4pda.org.569073.js?t="+D.getYear()+D.getMonth()+D.getDate()+D.getHours();c[ac](s);})(); | ||
http://all4pda.org/media/system/js/caption.js | 200 OK Content-Length: 729 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: all4pda.org
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Mon, 08 Dec 2014 21:07:52 GMT
Pragma: no-cache
Server: nginx/1.2.4
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=utf-8
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 745d43121ec653830156aef7fc71851c=dsqvhto74d3qg1oa9bl81d7b47; path=/
X-Powered-By: PHP/5.4.21
GET / HTTP/1.1
Host: all4pda.org
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Mon, 08 Dec 2014 21:07:52 GMT
Pragma: no-cache
Server: nginx/1.2.4
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=utf-8
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 745d43121ec653830156aef7fc71851c=dsqvhto74d3qg1oa9bl81d7b47; path=/
X-Powered-By: PHP/5.4.21
Second query (visit from search engine):
GET / HTTP/1.1
Host: all4pda.org
Referer: http://www.google.com/search?q=all4pda.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: all4pda.org
Referer: http://www.google.com/search?q=all4pda.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=all4pda.org
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://all4pda.org/
Result: all4pda.org is not infected or malware details are not published yet.
Result: all4pda.org is not infected or malware details are not published yet.