Scanned pages/files
| Request | Server response | Status |
http://www.goodposts.com/ | 200 OK Content-Length: 29750 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked By D3s!6n37 ...[5374 bytes skipped]... elines</a></li><li><a href="http://www.goodposts.com/page/11/writing-tips/">Writing Tips</a></li><li><a href="http://www.goodposts.com/page/18/contact-us/">Contact Us</a></li><li><a href="http://www.goodposts.com/page/17/article-sample/">Article Sample</a></li><li><a href="http://www.goodposts.com/page/22/hacked-by-d3s6n37/">Hacked By D3s!6n37</a></li><li><a href="http://www.goodposts.com/page/23//"></a></li><li><a href="http://www.goodposts.com/page/24/kkk/">kkk</a></li> </ul> </div><!-- menu --> </div><!-- row --> <div class="row"> <!-- LEFT SIDEBAR --> <div class="large-3 column left-menu"> <script type="text/javascript"><!-- google_ad_client = "ca ...[29688 bytes skipped]... | ||
http://www.goodposts.com/templates/classic/library/js/vendor/css3-mediaqueries.js | 200 OK Content-Length: 22117 Content-Type: application/javascript | clean |
http://www.goodposts.com/templates/classic/library/js/vendor/modernizr-2.6.2.min.js | 200 OK Content-Length: 15414 Content-Type: application/javascript | clean |
http://w.sharethis.com/button/buttons.js | 200 OK Content-Length: 149179 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if(typeof(stlib)=="undefined"){var stlib={}}if(!stlib.functions){stlib.functions=[];stlib.functionCount=0}stlib.global={};stlib.global.hash=document.location.href.split("#");stlib.global.hash.shift();stlib.global.hash=stlib.global.hash.join("#");stlib.dynamicOn=true;stlib.debugOn=false;stlib.debug={count:0,messages:[],debug:function(b,a){if(a&&(typeof console)!="undefined"){console.log(b)}stlib.debug.messages.push(b)},show:function(a){for(message in stlib.debug.messages){if((typeof conso Antivirus reports:
| ||
http://www.goodposts.com/js/tiny_mce/tiny_mce.js | 200 OK Content-Length: 181309 Content-Type: application/javascript | clean |
http://www.goodposts.com/js/tiny_mce/tiny_mce_init.js | 200 OK Content-Length: 1716 Content-Type: application/javascript | clean |
http://www.goodposts.com/comments/javascripts/comment-reply.js | 200 OK Content-Length: 1363 Content-Type: application/javascript | clean |
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 21245 Content-Type: text/javascript | clean |
http://www.goodposts.com//s7.addthis.com/js/300/addthis_widget.js/ | 404 Not Found Content-Length: 321 Content-Type: text/html | clean |
http://www.goodposts.com/test404page.js | 404 Not Found Content-Length: 295 Content-Type: text/html | clean |
http://resources.infolinks.com/js/infolinks_main.js | 200 OK Content-Length: 2258 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: goodposts.com
Result:
GET / HTTP/1.1
Host: goodposts.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: goodposts.com
Referer: http://www.google.com/search?q=goodposts.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: goodposts.com
Referer: http://www.google.com/search?q=goodposts.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=goodposts.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://goodposts.com/
Result: goodposts.com is not infected or malware details are not published yet.
Result: goodposts.com is not infected or malware details are not published yet.