Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=baguiocity.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://baguiocity.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://baguiocity.com/ | 200 OK Content-Length: 47576 Content-Type: text/html | clean |
http://baguiocity.com/misc/jquery.js?b | 200 OK Content-Length: 31101 Content-Type: application/javascript | clean |
http://baguiocity.com/misc/drupal.js?b | 200 OK Content-Length: 10131 Content-Type: application/javascript | clean |
http://baguiocity.com/modules/mollom/mollom.js?b | 200 OK Content-Length: 1510 Content-Type: application/javascript | clean |
http://baguiocity.com/modules/panels/js/panels.js?b | 200 OK Content-Length: 826 Content-Type: application/javascript | clean |
http://baguiocity.com/modules/video/js/video.js?b | 200 OK Content-Length: 1221 Content-Type: application/javascript | clean |
http://baguiocity.com/themes/collab/script.js?b | 200 OK Content-Length: 9475 Content-Type: application/javascript | clean |
http://baguiocity.com/online_directory_sections/advertising-art-and-sign | 200 OK Content-Length: 17207 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!--jQuery.extend(Drupal.settings, { "CToolsAJAX": { "scripts": { "/misc/jquery.js?b": true, "/misc/drupal.js?b": true, "/modules/mollom/mollom.js?b": true, "/modules/panels/js/panels.js?b": true, "/modules/video/js/video.js?b": true }, "css": { "/modules/cck/theme/content-module.css?b": true, "/modules/ckeditor/ckeditor.css?b": true, "/modules/ctools/css/ctools.css?b": true, "/modules/filefield/filefield.css?b": true, "/modules/mollom/mollom.css?b": true, "/modules/node/node.css?b": true, "/modules/panels/css/panels.css?b": true, "/modules/system/defaults.css?b": true, "/modules/system/system.css?b": true, "/modules/system/system-menus.css?b": true, "/modules/user/user.css?b": true, "/modules/video/css/video.css?b": true, "/modules/views/css/views.css?b": true, "/themes/collab/style.css?b": true } } }); Antivirus reports:
| ||
http://baguiocity.com/news?field_news_region_nid=All&field_news_section_nid=21 | 200 OK Content-Length: 34446 Content-Type: text/html | clean |
http://baguiocity.com/misc/jquery.form.js?b | 200 OK Content-Length: 6347 Content-Type: application/javascript | clean |
http://baguiocity.com/modules/views/js/base.js?b | 200 OK Content-Length: 3625 Content-Type: application/javascript | clean |
http://baguiocity.com/modules/views/js/dependent.js?b | 200 OK Content-Length: 6895 Content-Type: application/javascript | clean |
http://baguiocity.com/modules/views/js/ajax_view.js?b | 200 OK Content-Length: 6971 Content-Type: application/javascript | clean |
http://baguiocity.com/editorialsectionopinions | 200 OK Content-Length: 24738 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!--jQuery.extend(Drupal.settings, { "CToolsAJAX": { "scripts": { "/misc/jquery.js?b": true, "/misc/drupal.js?b": true, "/modules/mollom/mollom.js?b": true, "/modules/panels/js/panels.js?b": true, "/modules/video/js/video.js?b": true }, "css": { "/modules/cck/theme/content-module.css?b": true, "/modules/ckeditor/ckeditor.css?b": true, "/modules/ctools/css/ctools.css?b": true, "/modules/filefield/filefield.css?b": true, "/modules/mollom/mollom.css?b": true, "/modules/node/node.css?b": true, "/modules/panels/css/panels.css?b": true, "/modules/system/defaults.css?b": true, "/modules/system/system.css?b": true, "/modules/system/system-menus.css?b": true, "/modules/user/user.css?b": true, "/modules/video/css/video.css?b": true, "/modules/views/css/views.css?b": true, "/themes/collab/style.css?b": true } } }); Antivirus reports:
| ||
http://baguiocity.com/news?field_news_region_nid=All&field_news_section_nid=22 | 200 OK Content-Length: 300676 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: baguiocity.com
Result:
HTTP/1.1 200 OK
Cache-Control: store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sat, 27 Sep 2014 16:37:27 GMT
Server: Apache
Content-Type: text/html; charset=utf-8
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 27 Sep 2014 16:37:27 GMT
Set-Cookie: SESS23b8fa7f74745b73774b7a823da9a90a=4d981ccdd6d4f48db82be78a4f665b3c; expires=Mon, 20-Oct-2014 20:10:47 GMT; path=/; domain=.baguiocity.com
X-Powered-By: PHP/5.3.27
GET / HTTP/1.1
Host: baguiocity.com
Result:
HTTP/1.1 200 OK
Cache-Control: store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sat, 27 Sep 2014 16:37:27 GMT
Server: Apache
Content-Type: text/html; charset=utf-8
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sat, 27 Sep 2014 16:37:27 GMT
Set-Cookie: SESS23b8fa7f74745b73774b7a823da9a90a=4d981ccdd6d4f48db82be78a4f665b3c; expires=Mon, 20-Oct-2014 20:10:47 GMT; path=/; domain=.baguiocity.com
X-Powered-By: PHP/5.3.27
Second query (visit from search engine):
GET / HTTP/1.1
Host: baguiocity.com
Referer: http://www.google.com/search?q=baguiocity.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: baguiocity.com
Referer: http://www.google.com/search?q=baguiocity.com
Result:
The result is similar to the first query. There are no suspicious redirects found.