Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=gfwatchershq.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://gfwatchershq.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 25 Dec 2014 12:01:12 GMT Location: http://www.gfwatchershq.com/ Server: nginx/1.6.2 Vary: Cookie Content-Length: 0 Content-Type: text/html; charset=UTF-8 | clean |
http://www.gfwatchershq.com/ | 200 OK Content-Length: 62877 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: 122.155.168.105 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head profile="http://gmpg.org/xfn/11"> <title>View the hottest Watch My GF Photos and Videos on the web. Exclusive WatchMyGirlfriend content, videos and more.</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />< ...[4014 bytes skipped]... | ||
http://www.gfwatchershq.com/wp-content/plugins/adrotate/library/jquery.clicktracker.js | 200 OK Content-Length: 830 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery(document).ready(function() { jQuery("a.gofollow").click(function(){ jQuery(this).each(function() { var tracker = jQuery(this).attr("data-track"); var debug = jQuery(this).attr("data-debug"); jQuery.post( '//' + location.host + '/wp-content/plugins/adrotate/library/clicktracker.php', { track: tracker } ); if(debug == 1) { alert('Tracker: ' + tracker + '\n\nTracker must be defined for clicktracking to work.'); } }); }); }); Antivirus reports:
| ||
http://www.gfwatchershq.com/wp-includes/js/jquery/jquery.js | 200 OK Content-Length: 95807 Content-Type: application/javascript | clean |
http://www.gfwatchershq.com/wp-includes/js/jquery/jquery-migrate.min.js | 200 OK Content-Length: 7200 Content-Type: application/javascript | clean |
http://www.gfwatchershq.com/wp-content/themes/canvas/includes/js/superfish.js | 200 OK Content-Length: 3789 Content-Type: application/javascript | clean |
http://www.gfwatchershq.com/wp-content/themes/canvas/includes/js/woo_tabs.js | 200 OK Content-Length: 1071 Content-Type: application/javascript | clean |
http://www.gfwatchershq.com/wp-content/themes/canvas/includes/js/general.js | 200 OK Content-Length: 22 Content-Type: application/javascript | clean |
http://122.155.168.105/ads/inpage/pub/collect.js | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://122.155.168.105/test404page.js | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://www.statcounter.com/counter/counter_xhtml.js | 200 OK Content-Length: 21363 Content-Type: application/x-javascript | clean |
http://www.gfwatchershq.com/wp-content/plugins/like-gate/assets/share/jquery.cookie.min.js | 200 OK Content-Length: 1279 Content-Type: application/javascript | clean |
http://www.gfwatchershq.com/wp-content/plugins/like-gate/assets/main.min.js | 200 OK Content-Length: 2173 Content-Type: application/javascript | clean |
http://www.gfwatchershq.com/wp-content/plugins/wp-bannerize/js/wpBannerizeFrontend.min.js | 200 OK Content-Length: 420 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: gfwatchershq.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 25 Dec 2014 12:01:12 GMT
Location: http://www.gfwatchershq.com/
Server: nginx/1.6.2
Vary: Cookie
Content-Length: 0
Content-Type: text/html; charset=UTF-8
...0 bytes of data.
GET / HTTP/1.1
Host: gfwatchershq.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 25 Dec 2014 12:01:12 GMT
Location: http://www.gfwatchershq.com/
Server: nginx/1.6.2
Vary: Cookie
Content-Length: 0
Content-Type: text/html; charset=UTF-8
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: gfwatchershq.com
Referer: http://www.google.com/search?q=gfwatchershq.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: gfwatchershq.com
Referer: http://www.google.com/search?q=gfwatchershq.com
Result:
The result is similar to the first query. There are no suspicious redirects found.