Scanned pages/files
Request | Server response | Status |
http://bonifiedoffer.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 09 May 2014 11:35:18 GMT Location: http://developers.org Server: Apache/2.0.46 (Red Hat) Content-Length: 315 Content-Type: text/html; charset=iso-8859-1 | clean |
http://developers.org/ | 200 OK Content-Length: 151892 Content-Type: text/html | clean |
http://developers.org/wp-includes/js/jquery/jquery.js?ver=1.10.2 | 200 OK Content-Length: 93085 Content-Type: application/javascript | clean |
http://developers.org/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/javascript | clean |
http://bonifiedoffer.com//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 09 May 2014 11:35:23 GMT Location: http://developers.orgpagead2.googlesyndication.com/pagead/js/adsbygoogle.js/ Server: Apache/2.0.46 (Red Hat) Content-Length: 370 Content-Type: text/html; charset=iso-8859-1 | clean |
http://developers.orgpagead2.googlesyndication.com/pagead/js/adsbygoogle.js/ | 500 Can't connect to developers.orgpagead2.googlesyndication.com:80 (Bad hostname) Content-Length: 218 Content-Type: text/plain | clean |
http://developers.orgpagead2.googlesyndication.com/test404page.js | 500 Can't connect to developers.orgpagead2.googlesyndication.com:80 (Bad hostname) Content-Length: 218 Content-Type: text/plain | clean |
http://developers.org/wp-content/plugins/g-lock-double-opt-in-manager/js/glock2.min.js | 200 OK Content-Length: 69612 Content-Type: application/javascript | clean |
http://developers.org/wp-content/plugins/g-lock-double-opt-in-manager/js/gsom_s.min.js | 200 OK Content-Length: 4054 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function gsom_isEmail(a){return a.match(/\b([_a-z0-9-]+(\.[_a-z0-9-]+)*)@([_a-z0-9-]+(\.[_a-z0-9-]+)*)(\.([a-z]{2,10}))\b/gi)}function gsmoStripSymbols(a){return a.replace(/[\s]+/g,"_").replace(/[^A-Za-z0-9\_]+/g,"").substring(0,20)}function gsomBuildForm(e){e=e||{};var b=e.arr||[],d=e.place||"gsom-fields-list",a=e.makeDivs||false,c=a?"div":"li";if(glock.isDef(b)){for(var f=0;f<b.length;f++){MakeFormFieldListItem({ul:d,label:b[f].label,type:b[f].type,value:b[f].value,name:b[f].name,checked:b[ Antivirus reports:
| ||
http://developers.org/wp-content/themes/carton/library/js/masonry.js?ver=3.1.1 | 200 OK Content-Length: 81030 Content-Type: application/javascript | clean |
http://developers.org/wp-content/themes/carton/library/js/harvey.js?ver=3.8.3 | 200 OK Content-Length: 5705 Content-Type: application/javascript | clean |
http://developers.org/wp-content/themes/carton/library/js/theme.js?ver=3.8.3 | 200 OK Content-Length: 2212 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: bonifiedoffer.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Fri, 09 May 2014 11:35:18 GMT
Location: http://developers.org
Server: Apache/2.0.46 (Red Hat)
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1
...315 bytes of data.
GET / HTTP/1.1
Host: bonifiedoffer.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Fri, 09 May 2014 11:35:18 GMT
Location: http://developers.org
Server: Apache/2.0.46 (Red Hat)
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1
...315 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: bonifiedoffer.com
Referer: http://www.google.com/search?q=bonifiedoffer.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: bonifiedoffer.com
Referer: http://www.google.com/search?q=bonifiedoffer.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=bonifiedoffer.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://bonifiedoffer.com/
Result: bonifiedoffer.com is not infected or malware details are not published yet.
Result: bonifiedoffer.com is not infected or malware details are not published yet.