Malicious/Suspicious Redirects
| Request | Server response | Status |
URL: http://lottery1234.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: lottery1234.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 31 Aug 2014 11:45:07 GMT Location: http://doctornfrq.com/ Server: Apache Content-Length: 230 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
| Request | Server response | Status |
http://lottery1234.com/ | 200 OK Content-Length: 46314 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.starbene.it <!DOCTYPE html> <!--[if IE 7]> <html class="ie ie7" lang="en-US"> <![endif]--> <!--[if IE 8]> <html class="ie ie8" lang="en-US"> <![endif]--> <!--[if !(IE 7) | !(IE 8) ]><!--> <html lang="en-US"> <!--<![endif]--> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width"> <title> ...[4029 bytes skipped]... | ||
http://lottery1234.com/wp-includes/js/jquery/jquery.js?ver=1.10.2 | 200 OK Content-Length: 93085 Content-Type: application/javascript | clean |
http://lottery1234.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/javascript | clean |
http://lottery1234.com/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/ajax/static/ajax.js?ver=3.8.4 | 200 OK Content-Length: 33 Content-Type: application/javascript | clean |
http://lottery1234.com/wp-content/plugins/sweetcaptcha-revolutionary-free-captcha-service/js/swtcptcf.js?ver=3.8.4 | 200 OK Content-Length: 868 Content-Type: application/javascript | clean |
http://lottery1234.com/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/lightbox/static/lightbox_context.js?ver=3.8.4 | 200 OK Content-Length: 890 Content-Type: application/javascript | clean |
http://lottery1234.com/wp-content/plugins/wp-user-frontend/js/attachment.js?ver=3.8.4 | 200 OK Content-Length: 3700 Content-Type: application/javascript | clean |
http://lottery1234.com/wp-content/plugins/wp-user-frontend/js/wpuf.js?ver=3.8.4 | 200 OK Content-Length: 7800 Content-Type: application/javascript | clean |
http://lottery1234.com/wp-content/plugins/nextgen-3d-flux-slider-template/js/flux.min.js?ver=1.0 | 200 OK Content-Length: 27280 Content-Type: application/javascript | clean |
http://lottery1234.com/wp-includes/js/comment-reply.min.js?ver=3.8.4 | 200 OK Content-Length: 757 Content-Type: application/javascript | clean |
http://lottery1234.com/wp-content/themes/casino/js/jquery.min.js | 200 OK Content-Length: 78601 Content-Type: application/javascript | clean |
http://lottery1234.com/wp-content/plugins/q-and-a-focus-plus-faq/js/q-a-focus-plus.min.js?ver=1.3.8 | 200 OK Content-Length: 1575 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery(document).ready(function($){$("div[id^=qafp-faq]").each(function(){var num=this.id.match(/qafp-faq(\d+)/)[1];var faqContainer=$(".qafp-faqs");var faq=$("#qafp-faq"+num);if(faqContainer.is(".collapsible")){faq.find(".qafp-faq-anchor").bind("click",function(){if(faqContainer.is(".accordion"))$(".qafp-faq-answer").not("#qafp-faq"+num+" .qafp-faq-answer").hide();if(faqContainer.is(".animation-fade"))faq.find(".qafp-faq-answer").fadeToggle();else if(faqContainer.is(".animation-slide"))faq.find Antivirus reports:
| ||
http://code.jquery.com/ui/1.10.3/jquery-ui.js?ver=3.8.4 | 200 OK Content-Length: 300760 Content-Type: application/x-javascript | clean |
http://lottery1234.com/wp-content/plugins/q-and-a-focus-plus-faq/js/ratings.min.js?ver=1.3.8 | 200 OK Content-Length: 508 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery(document).ready(function($){$(".qafp-post-like .qafp-star").click(function(){heart=$(this);post_id=heart.data("post_id");$.ajax({type:"post",url:ajax_var.url,data:"action=post-like&nonce="+ajax_var.nonce+"&post_like=&post_id="+post_id,success:function(count){if(count!="already"){heart.addClass("qafp-voted");new_count=count-1;if(new_count==1)persons="person";else persons="people";heart.siblings(".qafp-count").text("You and "+new_count+" other "+persons+" found this helpful.")}}});return false})}); Antivirus reports:
| ||
http://lottery1234.com/wp-includes/js/jquery/ui/jquery.ui.widget.min.js?ver=1.10.3 | 200 OK Content-Length: 6488 Content-Type: application/javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=lottery1234.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://lottery1234.com/
Result: lottery1234.com is not infected or malware details are not published yet.
Result: lottery1234.com is not infected or malware details are not published yet.