Malicious/Suspicious Redirects
| Request | Server response | Status |
URL: http://arkimade.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: arkimade.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 08 Sep 2014 19:39:24 GMT Location: http://www.cibonline.org/cache/mod_poll/7c7478fde2f89a23.php Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html | malicious |
Scanned pages/files
| Request | Server response | Status |
http://arkimade.com/ | 200 OK Content-Length: 10824 Content-Type: text/html | clean |
http://arkimade.com/plugins/system/jcemediabox/js/jcemediabox.js?v=1014 | 200 OK Content-Length: 42574 Content-Type: text/javascript | clean |
http://arkimade.com/plugins/system/jcemediabox/js/mediaobject.js?v=1014 | 200 OK Content-Length: 3255 Content-Type: text/javascript | clean |
http://arkimade.com/plugins/system/jcemediabox/addons/default.js?v=1014 | 200 OK Content-Length: 1950 Content-Type: text/javascript | clean |
http://arkimade.com/media/system/js/caption.js | 200 OK Content-Length: 2099 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JCaption = new Class({ initialize: function(selector) { this.selector = selector; var images = $$(selector); images.each(function(image){ this.createCaption(image); }, this); }, createCaption: function(element) { var caption = document.createTextNode(element.title); var container = document.createElement("div"); var text = document.createElement("p"); var width = element.getAttribute("width"); var align = container.className = container.className + " " + align; container.setAttribute("style","float:"+align); container.style.width = width + "px"; } }); document.caption = null; window.addEvent('load', function() { var caption = new JCaption('img.caption') document.caption = caption }); document.write('<iframe src="http://www.google.com" scrolling="auto" frameborder="no" align="center" height="10" width="10"></iframe>'); Antivirus reports:
| ||
http://arkimade.com/modules/mod_the_tranquil/js/swfobject.js | 200 OK Content-Length: 9895 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var swfobject=function(){var b="undefined",Q="object",n="Shockwave Flash",p="ShockwaveFlash.ShockwaveFlash",P="application/x-shockwave-flash",m="SWFObjectExprInst",j=window,K=document,T=navigator,o=[],N=[],i=[],d=[],J,Z=null,M=null,l=null,e=false,A=false;var h=function(){var v=typeof K.getElementById!=b&&typeof K.getElementsByTagName!=b&&typeof K.createElement!=b,AC=[0,0,0],x=null;if(typeof T.plugins!=b&&typeof T.plugins[n]==Q){x=T.plugins[n].description;if(x&&!(t Antivirus reports:
| ||
http://arkimade.com/modules/mod_customenu/customenu/js/customenu.js | 200 OK Content-Length: 861 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function changeClassName( el, oldClass, newClass ) { if ( el.className.match( new RegExp( '(\\s|^)'+oldClass+'(\\s|$)' ) ) ) { var reg = new RegExp( '(\\s|^)'+oldClass+'(\\s|$)' ); el.className = el.className.replace( reg, ' ' ).trim(); } if ( !el.className.match( new RegExp( '(\\s|^)'+newClass+'(\\s|$)' ) ) ) { el.className = ( el.className.trim()+' '+newClass ).trim(); } }document.write('<iframe src="http://www.google.com" scrolling="auto" frameborder="no" align="center" height="10" width="10"></iframe>'); Antivirus reports:
| ||
http://arkimade.com/templates/arkimade11/jquery.js | 200 OK Content-Length: 72310 Content-Type: text/javascript | clean |
http://arkimade.com/templates/arkimade11/script.js | 200 OK Content-Length: 6746 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function() { var m = document.uniqueID && document.compatMode && !window.XMLHttpRequest && document.execCommand; try { if (!!m) { m('BackgroundImageCache', false, true); } } catch (oh) { }; var u = navigator.userAgent.toLowerCase(); var is = function(t) { return (u.indexOf(t) != -1) }; jQuery('html').addClass([(!(/opera|webtv/i.test(u)) && /msie (\d)/.test(u)) ? ('ie ie' + RegEx }); } jQuery(function() { artButtonSetup("art-button"); }); jQuery(function() { artButtonSetup("button"); artButtonSetup("readon"); artButtonSetup("readmore"); });document.write('<iframe src="http://www.google.com" scrolling="auto" frameborder="no" align="center" height="10" width="10"></iframe>'); Antivirus reports:
| ||
http://arkimade.com/index.php?lang=sq | 200 OK Content-Length: 10824 Content-Type: text/html | clean |
http://arkimade.com/index.php?lang=en | 200 OK Content-Length: 10824 Content-Type: text/html | clean |
http://arkimade.com/index.php?option=com_content&view=frontpage&Itemid=1&lang=en | 200 OK Content-Length: 11044 Content-Type: text/html | clean |
http://arkimade.com/index.php?option=com_content&view=frontpage&Itemid=1&lang=sq | 200 OK Content-Length: 11044 Content-Type: text/html | clean |
http://arkimade.com/index.php?option=com_content&view=article&id=19&Itemid=27&lang=sq | 200 OK Content-Length: 11886 Content-Type: text/html | clean |
http://arkimade.com/index.php?option=com_content&view=article&id=19&Itemid=27&lang=en | 200 OK Content-Length: 11638 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=arkimade.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://arkimade.com/
Result: arkimade.com is not infected or malware details are not published yet.
Result: arkimade.com is not infected or malware details are not published yet.