Scanned pages/files
Request | Server response | Status |
http://birmingham365.org/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 10 May 2014 22:13:46 GMT Location: http://www.birmingham365.org/ Server: Apache/2 Vary: Accept-Encoding Content-Length: 237 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.birmingham365.org/ | 200 OK Content-Length: 72592 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write("<a href='/search/results/keyword/1/events/date/up/none/none/none/" + day0 +"/" + day7 +"/none/none/none/none'>7</a>"); document.write("<a href='/search/results/keyword/1/events/date/up/none/none/none/" + day0 +"/" + day14 +"/none/none/none/none'>14</a>"); document.write("<a href='/search/results/keyword/1/events/date/up/none/none/none/" + day0 +"/" + day30 +"/none/none/none/none'>30</a>"); Antivirus reports:
| ||
http://www.birmingham365.org/js/jquery-1.7.1.min.js | 200 OK Content-Length: 93868 Content-Type: application/javascript | clean |
http://birmingham365.org/js/jquery-ui-1.8.18.custom.min.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 10 May 2014 22:13:51 GMT Location: http://www.birmingham365.org/js/jquery-ui-1.8.18.custom.min.js Server: Apache/2 Vary: Accept-Encoding Content-Length: 270 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.birmingham365.org/js/jquery-ui-1.8.18.custom.min.js | 200 OK Content-Length: 103600 Content-Type: application/javascript | clean |
http://birmingham365.org/js/scripts.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 10 May 2014 22:13:53 GMT Location: http://www.birmingham365.org/js/scripts.js Server: Apache/2 Vary: Accept-Encoding Content-Length: 250 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.birmingham365.org/js/scripts.js | 200 OK Content-Length: 17576 Content-Type: application/javascript | clean |
http://birmingham365.org/js/common.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 10 May 2014 22:13:54 GMT Location: http://www.birmingham365.org/js/common.js Server: Apache/2 Vary: Accept-Encoding Content-Length: 249 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.birmingham365.org/js/common.js | 200 OK Content-Length: 22222 Content-Type: application/javascript | clean |
http://birmingham365.org/js/fancybox/fancybox/jquery.fancybox-1.3.4.pack.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 10 May 2014 22:13:55 GMT Location: http://www.birmingham365.org/js/fancybox/fancybox/jquery.fancybox-1.3.4.pack.js Server: Apache/2 Vary: Accept-Encoding Content-Length: 287 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.birmingham365.org/js/fancybox/fancybox/jquery.fancybox-1.3.4.pack.js | 200 OK Content-Length: 15624 Content-Type: application/javascript | clean |
http://birmingham365.org/site/spotlight_box/spotlight.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 10 May 2014 22:13:56 GMT Location: http://www.birmingham365.org/site/spotlight_box/spotlight.js Server: Apache/2 Vary: Accept-Encoding Content-Length: 268 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.birmingham365.org/site/spotlight_box/spotlight.js | 200 OK Content-Length: 13088 Content-Type: application/javascript | clean |
http://birmingham365.org/js/jquery.semantictabs.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 10 May 2014 22:13:57 GMT Location: http://www.birmingham365.org/js/jquery.semantictabs.js Server: Apache/2 Vary: Accept-Encoding Content-Length: 262 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.birmingham365.org/js/jquery.semantictabs.js | 200 OK Content-Length: 3458 Content-Type: application/javascript | clean |
http://birmingham365.org/js/jquery.qtip.min.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 10 May 2014 22:13:58 GMT Location: http://www.birmingham365.org/js/jquery.qtip.min.js Server: Apache/2 Vary: Accept-Encoding Content-Length: 258 Content-Type: text/html; charset=iso-8859-1 X-Pad: avoid browser bug | clean |
http://www.birmingham365.org/js/jquery.qtip.min.js | 200 OK Content-Length: 40069 Content-Type: application/javascript | clean |
http://birmingham365.org/js/jquery.corner.src.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 10 May 2014 22:14:00 GMT Location: http://www.birmingham365.org/js/jquery.corner.src.js Server: Apache/2 Vary: Accept-Encoding Content-Length: 260 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.birmingham365.org/js/jquery.corner.src.js | 200 OK Content-Length: 40833 Content-Type: application/javascript | clean |
http://birmingham365.org/js/roundedno.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 10 May 2014 22:14:01 GMT Location: http://www.birmingham365.org/js/roundedno.js Server: Apache/2 Vary: Accept-Encoding Content-Length: 252 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.birmingham365.org/js/roundedno.js | 200 OK Content-Length: 21 Content-Type: application/javascript | clean |
http://birmingham365.org/user/login | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 10 May 2014 22:14:02 GMT Location: http://www.birmingham365.org/user/login Server: Apache/2 Vary: Accept-Encoding Content-Length: 247 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.birmingham365.org/user/login | 200 OK Content-Length: 61047 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write("<a href='/search/results/keyword/1/events/date/up/none/none/none/" + day0 +"/" + day7 +"/none/none/none/none'>7</a>"); document.write("<a href='/search/results/keyword/1/events/date/up/none/none/none/" + day0 +"/" + day14 +"/none/none/none/none'>14</a>"); document.write("<a href='/search/results/keyword/1/events/date/up/none/none/none/" + day0 +"/" + day30 +"/none/none/none/none'>30</a>"); Antivirus reports:
| ||
http://platform.twitter.com/widgets.js | 200 OK Content-Length: 98240 Content-Type: application/javascript | clean |
http://birmingham365.org//connect.facebook.net/en_US/all.js/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 10 May 2014 22:14:04 GMT Location: http://www.birmingham365.org/connect.facebook.net/en_US/all.js/ Server: Apache/2 Vary: Accept-Encoding Content-Length: 271 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.birmingham365.org/connect.facebook.net/en_us/all.js/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 10 May 2014 22:14:05 GMT Location: http://www.birmingham365.org/ Server: Apache/2 Vary: Accept-Encoding Content-Length: 116 Content-Type: text/html; charset=UTF-8 X-Powered-By: PHP/5.3.3-7+squeeze14 | clean |
http://www.birmingham365.org/test404page.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 10 May 2014 22:14:05 GMT Location: http://www.birmingham365.org/ Server: Apache/2 Vary: Accept-Encoding Content-Length: 116 Content-Type: text/html; charset=UTF-8 X-Powered-By: PHP/5.3.3-7+squeeze14 | clean |
http://birmingham365.org/index.php/user/login | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 10 May 2014 22:14:06 GMT Location: http://www.birmingham365.org/index.php/user/login Server: Apache/2 Vary: Accept-Encoding Content-Length: 257 Content-Type: text/html; charset=iso-8859-1 X-Pad: avoid browser bug | clean |
http://www.birmingham365.org/index.php/user/login | 200 OK Content-Length: 61059 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write("<a href='/search/results/keyword/1/events/date/up/none/none/none/" + day0 +"/" + day7 +"/none/none/none/none'>7</a>"); document.write("<a href='/search/results/keyword/1/events/date/up/none/none/none/" + day0 +"/" + day14 +"/none/none/none/none'>14</a>"); document.write("<a href='/search/results/keyword/1/events/date/up/none/none/none/" + day0 +"/" + day30 +"/none/none/none/none'>30</a>"); Antivirus reports:
| ||
http://www.birmingham365.org//connect.facebook.net/en_US/all.js/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 10 May 2014 22:14:08 GMT Location: http://www.birmingham365.org/ Server: Apache/2 Vary: Accept-Encoding Content-Length: 116 Content-Type: text/html; charset=UTF-8 X-Powered-By: PHP/5.3.3-7+squeeze14 | clean |
http://birmingham365.org/categories/index/9/1365/PLACES_MUSEUMS_+_ATTRACTIONS | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 10 May 2014 22:14:08 GMT Location: http://www.birmingham365.org/categories/index/9/1365/PLACES_MUSEUMS_+_ATTRACTIONS Server: Apache/2 Vary: Accept-Encoding Content-Length: 289 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.birmingham365.org/categories/index/9/1365/places_museums_+_attractions | 200 OK Content-Length: 208673 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write("<a href='/search/results/keyword/1/events/date/up/none/none/none/" + day0 +"/" + day7 +"/none/none/none/none'>7</a>"); document.write("<a href='/search/results/keyword/1/events/date/up/none/none/none/" + day0 +"/" + day14 +"/none/none/none/none'>14</a>"); document.write("<a href='/search/results/keyword/1/events/date/up/none/none/none/" + day0 +"/" + day30 +"/none/none/none/none'>30</a>"); Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: birmingham365.org
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 10 May 2014 22:13:46 GMT
Location: http://www.birmingham365.org/
Server: Apache/2
Vary: Accept-Encoding
Content-Length: 237
Content-Type: text/html; charset=iso-8859-1
...237 bytes of data.
GET / HTTP/1.1
Host: birmingham365.org
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 10 May 2014 22:13:46 GMT
Location: http://www.birmingham365.org/
Server: Apache/2
Vary: Accept-Encoding
Content-Length: 237
Content-Type: text/html; charset=iso-8859-1
...237 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: birmingham365.org
Referer: http://www.google.com/search?q=birmingham365.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: birmingham365.org
Referer: http://www.google.com/search?q=birmingham365.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=birmingham365.org
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://birmingham365.org/
Result: birmingham365.org is not infected or malware details are not published yet.
Result: birmingham365.org is not infected or malware details are not published yet.