Scanned pages/files
Request | Server response | Status |
http://energytaxcreditxchange.com/ | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=900 Connection: close Date: Tue, 05 Aug 2014 22:48:14 GMT Age: 1 Location: http://taxxchange.com Server: Microsoft-IIS/7.5 Content-Length: 0 Content-Type: text/html X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET | clean |
http://taxxchange.com/ | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=900 Connection: close Date: Tue, 05 Aug 2014 22:48:15 GMT Age: 1 Location: http://cohencidence.com Server: Microsoft-IIS/7.5 Content-Length: 0 Content-Type: text/html X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET | clean |
http://cohencidence.com/ | 200 OK Content-Length: 35663 Content-Type: text/html | clean |
http://cohencidence.com/wp-includes/js/jquery/jquery.js?ver=1.10.2 | 200 OK Content-Length: 93085 Content-Type: application/x-javascript | clean |
http://cohencidence.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/x-javascript | clean |
http://cohencidence.com/wp-content/themes/action_child/assets/javascripts/skeleton-key-prescripts.js | 200 OK Content-Length: 1373 Content-Type: application/x-javascript | clean |
http://cohencidence.com/wp-content/plugins/revslider/rs-plugin/js/jquery.themepunch.plugins.min.js?ver=3.8.3 | 200 OK Content-Length: 17128 Content-Type: application/x-javascript | clean |
http://cohencidence.com/wp-content/plugins/revslider/rs-plugin/js/jquery.themepunch.revolution.min.js?ver=3.8.3 | 200 OK Content-Length: 54559 Content-Type: application/x-javascript | clean |
http://cohencidence.com/wp-content/plugins/wp-jackbox/jackbox/js/jackbox-scripts.js?ver=3.8.3 | 200 OK Content-Length: 1691 Content-Type: application/x-javascript | clean |
http://www.google-analytics.com/ga.js | 200 OK Content-Length: 40219 Content-Type: text/javascript | clean |
http://w.sharethis.com/button/buttons.js | 200 OK Content-Length: 149265 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if(typeof(stlib)=="undefined"){var stlib={}}if(!stlib.functions){stlib.functions=[];stlib.functionCount=0}stlib.global={};stlib.global.hash=document.location.href.split("#");stlib.global.hash.shift();stlib.global.hash=stlib.global.hash.join("#");stlib.dynamicOn=true;stlib.debugOn=false;stlib.debug={count:0,messages:[],debug:function(b,a){if(a&&(typeof console)!="undefined"){console.log(b)}stlib.debug.messages.push(b)},show:function(a){for(message in stlib.debug.messages){if((typeof conso Antivirus reports:
| ||
http://wd-edge.sharethis.com/button/getAppDefault.esi?cb=stLight.allDefault&app=all&publisher=fd41b9de-2858-4999-b5ea-5fc231b78e04&domain=cohencidence.com | 200 OK Content-Length: 237 Content-Type: text/javascript | clean |
http://wd-edge.sharethis.com/button/checkOAuth.esi | 200 OK Content-Length: 22 Content-Type: text/javascript | clean |
http://cohencidence.com/wp-content/themes/action_child/assets/javascripts/isotope/jquery.isotope.js | 200 OK Content-Length: 43300 Content-Type: application/x-javascript | clean |
http://cohencidence.com/wp-content/themes/action_child/assets/javascripts/isotope/modernizr.custom.69142.js | 200 OK Content-Length: 8545 Content-Type: application/x-javascript | clean |
http://cohencidence.com/wp-content/themes/action_child/assets/javascripts/superfish/jquery.hoverIntent.js | 200 OK Content-Length: 5056 Content-Type: application/x-javascript | clean |
http://cohencidence.com/wp-content/themes/action_child/assets/javascripts/superfish/superfish.js | 200 OK Content-Length: 6980 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: energytaxcreditxchange.com
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: max-age=900
Connection: close
Date: Tue, 05 Aug 2014 22:48:14 GMT
Age: 1
Location: http://taxxchange.com
Server: Microsoft-IIS/7.5
Content-Length: 0
Content-Type: text/html
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
...0 bytes of data.
GET / HTTP/1.1
Host: energytaxcreditxchange.com
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: max-age=900
Connection: close
Date: Tue, 05 Aug 2014 22:48:14 GMT
Age: 1
Location: http://taxxchange.com
Server: Microsoft-IIS/7.5
Content-Length: 0
Content-Type: text/html
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: energytaxcreditxchange.com
Referer: http://www.google.com/search?q=energytaxcreditxchange.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: energytaxcreditxchange.com
Referer: http://www.google.com/search?q=energytaxcreditxchange.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=energytaxcreditxchange.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://energytaxcreditxchange.com/
Result: energytaxcreditxchange.com is not infected or malware details are not published yet.
Result: energytaxcreditxchange.com is not infected or malware details are not published yet.