Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=populoom.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://populoom.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://populoom.com/ | 200 OK Content-Length: 11157 Content-Type: text/html | clean |
http://populoom.com/media/lib_anahita/js/anahita.js | 200 OK Content-Length: 48434 Content-Type: application/x-javascript | clean |
http://populoom.com/media/system/js/caption.js | 200 OK Content-Length: 11714 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JCaption = new Class({ initialize: function(selector) { this.selector = selector; var images = $$(selector); images.each(function(image){ this.createCaption(image); }, this); }, createCaption: function(element) { var caption = document.createTextNode(element.title); var container = document.createElement("div"); var text = document.createElement("p"); var width = element.getAttribute("width"); var align = Antivirus reports:
| ||
http://populoom.com/components/com_gantry/js/gantry-totop-mt1.2.js | 200 OK Content-Length: 10482 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return c.toString(a)};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('3.0(\'j\',1(){2 a=f.d(\'c-9\');8(a){2 b=6 5.4(3);a.7(\'g\',\'h\').0(\'i\',1(e){e.k();b.l()})}});',22,22,'addEvent|function|var|window|Scroll|Fx|new|setStyle|if|totop|||gantry|id||document|outline|none|click|domready|stop|toTop'.split('|'), Antivirus reports:
| ||
http://populoom.com/templates/shiraz/js/round.js | 200 OK Content-Length: 18164 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('t K={16:\'K\',1L:G,1M:G,1d:G,2f:y(){u(D.2g!=8&&D.1N&&!D.1N[q.16]){q.1L=M;q.1M=M}17 u(D.2g==8){q.1d=M}},2h:D.2i,1O:[],1b:{},2j:y(){u(q.1L||q.1M){D.1N.2L( Antivirus reports:
| ||
http://populoom.com/index.php?option=com_socialengine&view=people&Itemid=4 | 200 OK Content-Length: 32869 Content-Type: text/html | clean |
http://populoom.com/media/lib_anahita/js/search.js | 200 OK Content-Length: 10597 Content-Type: application/x-javascript | clean |
http://populoom.com/media/lib_anahita/js/pagination.js | 200 OK Content-Length: 12426 Content-Type: application/x-javascript | clean |
http://populoom.com/media/lib_anahita/js/socialgraph.js | 200 OK Content-Length: 10760 Content-Type: application/x-javascript | clean |
http://populoom.com/index.php?option=com_socialengine&view=person&id=1&Itemid=4 | 200 OK Content-Length: 15973 Content-Type: text/html | clean |
http://populoom.com/media/lib_anahita/js/gadget.js | 200 OK Content-Length: 10404 Content-Type: application/x-javascript | clean |
http://populoom.com/media/lib_anahita/js/actor.js | 200 OK Content-Length: 14665 Content-Type: application/x-javascript | clean |
http://populoom.com/media/com_socialengine/js/person.js | 200 OK Content-Length: 10901 Content-Type: application/x-javascript | clean |
http://populoom.com/index.php?option=com_socialengine&view=socialgraph&oid=1&Itemid=4 | 200 OK Content-Length: 13665 Content-Type: text/html | clean |
http://populoom.com/index.php?option=com_socialengine&view=socialgraph&graph=followers&oid=1&Itemid=4 | 200 OK Content-Length: 13665 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: populoom.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 17 Sep 2014 01:51:24 GMT
Pragma: no-cache
Server: nginx/1.4.4
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Wed, 17 Sep 2014 01:51:24 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 8d116136496f7ad5655d49ed99264d84=6td28m2g775reac5j2437k86r7; path=/
X-Powered-By: PHP/5.2.17-pl0-gentoo
GET / HTTP/1.1
Host: populoom.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 17 Sep 2014 01:51:24 GMT
Pragma: no-cache
Server: nginx/1.4.4
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Wed, 17 Sep 2014 01:51:24 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 8d116136496f7ad5655d49ed99264d84=6td28m2g775reac5j2437k86r7; path=/
X-Powered-By: PHP/5.2.17-pl0-gentoo
Second query (visit from search engine):
GET / HTTP/1.1
Host: populoom.com
Referer: http://www.google.com/search?q=populoom.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: populoom.com
Referer: http://www.google.com/search?q=populoom.com
Result:
The result is similar to the first query. There are no suspicious redirects found.