Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=demeor.org
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://demeor.org/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://demeor.org/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 06 Sep 2014 06:25:24 GMT Location: http://www.demeor.org/ Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8 Set-Cookie: 60gpBAK=R1224190331; path=/; expires=Sat, 06-Sep-2014 07:36:04 GMT Set-Cookie: 60gp=R2337131510; path=/; expires=Sat, 06-Sep-2014 07:26:36 GMT X-Pingback: http://www.demeor.org/xmlrpc.php X-Powered-By: PHP/5.2.17 | clean |
http://www.demeor.org/ | 200 OK Content-Length: 22797 Content-Type: text/html | clean |
http://www.demeor.org/wp-includes/js/jquery/jquery.js?ver=1.11.0 | 200 OK Content-Length: 96402 Content-Type: application/javascript | clean |
http://www.demeor.org/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/javascript | clean |
http://www.demeor.org/wp-content/plugins/wp-plus-one/wp-plus-one.js?ver=3.9.2 | 200 OK Content-Length: 1138 Content-Type: application/javascript | clean |
http://www.demeor.org/wp-content/plugins/google-analyticator/external-tracking.min.js?ver=6.2 | 200 OK Content-Length: 927 Content-Type: application/javascript | clean |
http://www.demeor.org/wp-content/plugins/cforms/js/cforms.js | 200 OK Content-Length: 17733 Content-Type: application/javascript | clean |
http://www.demeor.org/wp-content/plugins/fv-wordpress-flowplayer/flowplayer/flowplayer.min.js | 200 OK Content-Length: 19779 Content-Type: application/javascript | clean |
http://www.demeor.org/wp-content/plugins/fv-wordpress-flowplayer/js/checkvideo.js | 200 OK Content-Length: 2798 Content-Type: application/javascript | clean |
http://www.demeor.org/wp-content/themes/DEMEOR_2/script.js | 200 OK Content-Length: 7215 Content-Type: application/javascript | clean |
http://www.demeor.org/wp-content/plugins/g-lock-double-opt-in-manager/js/glock2.min.js | 200 OK Content-Length: 69612 Content-Type: application/javascript | clean |
http://www.demeor.org/wp-content/plugins/g-lock-double-opt-in-manager/js/gsom_s.min.js | 200 OK Content-Length: 4054 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function gsom_isEmail(a){return a.match(/\b([_a-z0-9-]+(\.[_a-z0-9-]+)*)@([_a-z0-9-]+(\.[_a-z0-9-]+)*)(\.([a-z]{2,10}))\b/gi)}function gsmoStripSymbols(a){return a.replace(/[\s]+/g,"_").replace(/[^A-Za-z0-9\_]+/g,"").substring(0,20)}function gsomBuildForm(e){e=e||{};var b=e.arr||[],d=e.place||"gsom-fields-list",a=e.makeDivs||false,c=a?"div":"li";if(glock.isDef(b)){for(var f=0;f<b.length;f++){MakeFormFieldListItem({ul:d,label:b[f].label,type:b[f].type,value:b[f].value,name:b[f].name,checked:b[ Antivirus reports:
| ||
http://www.demeor.org/wp-includes/js/jquery/ui/jquery.ui.core.min.js?ver=1.10.4 | 200 OK Content-Length: 4289 Content-Type: application/javascript | clean |
http://www.demeor.org/wp-includes/js/jquery/ui/jquery.ui.datepicker.min.js?ver=1.10.4 | 200 OK Content-Length: 35806 Content-Type: application/javascript | clean |
http://www.demeor.org/wp-includes/js/comment-reply.min.js?ver=3.9.2 | 200 OK Content-Length: 757 Content-Type: application/javascript | clean |
http://demeor.org/test404page.js | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Sat, 06 Sep 2014 06:25:30 GMT Pragma: no-cache Location: http://www.demeor.org/test404page.js Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT Set-Cookie: 60gpBAK=R1224191420; path=/; expires=Sat, 06-Sep-2014 07:30:37 GMT Set-Cookie: 60gp=R477270443; path=/; expires=Sat, 06-Sep-2014 07:45:37 GMT X-Pingback: http://www.demeor.org/xmlrpc.php X-Powered-By: PHP/5.2.17 | clean |
http://www.demeor.org/test404page.js | 404 Not Found Content-Length: 19433 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: demeor.org
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 06 Sep 2014 06:25:24 GMT
Location: http://www.demeor.org/
Server: Apache
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Set-Cookie: 60gpBAK=R1224190331; path=/; expires=Sat, 06-Sep-2014 07:36:04 GMT
Set-Cookie: 60gp=R2337131510; path=/; expires=Sat, 06-Sep-2014 07:26:36 GMT
X-Pingback: http://www.demeor.org/xmlrpc.php
X-Powered-By: PHP/5.2.17
...0 bytes of data.
GET / HTTP/1.1
Host: demeor.org
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 06 Sep 2014 06:25:24 GMT
Location: http://www.demeor.org/
Server: Apache
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Set-Cookie: 60gpBAK=R1224190331; path=/; expires=Sat, 06-Sep-2014 07:36:04 GMT
Set-Cookie: 60gp=R2337131510; path=/; expires=Sat, 06-Sep-2014 07:26:36 GMT
X-Pingback: http://www.demeor.org/xmlrpc.php
X-Powered-By: PHP/5.2.17
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: demeor.org
Referer: http://www.google.com/search?q=demeor.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: demeor.org
Referer: http://www.google.com/search?q=demeor.org
Result:
The result is similar to the first query. There are no suspicious redirects found.