Scanned pages/files
Request | Server response | Status |
http://rumonline.co.za/ | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=60 Connection: close Date: Sun, 11 May 2014 00:03:25 GMT Location: http://www.rumonline.co.za/ Server: nginx Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Sun, 11 May 2014 00:04:25 GMT Set-Cookie: wfvt_405789162=536ebe4dbe1cf; expires=Sun, 11-May-2014 00:33:25 GMT; path=/ X-Pingback: http://www.rumonline.co.za/xmlrpc.php X-Powered-By: PHP/5.3.28 | clean |
http://www.rumonline.co.za/ | 200 OK Content-Length: 61698 Content-Type: text/html | clean |
http://www.rumonline.co.za/wp-includes/js/jquery/jquery.js?ver=1.8.3 | 200 OK Content-Length: 93658 Content-Type: application/javascript | clean |
http://static.addynamo.net/ad/js/deliverAds.js | 200 OK Content-Length: 3571 Content-Type: application/x-javascript | clean |
http://www.flickr.com/badge_code_v2.gne?count=8&display=random&size=s&layout=x&source=user&user=78397527@N04 | 200 OK Content-Length: 2701 Content-Type: application/x-javascript | clean |
http://www.rumonline.co.za/wp-content/themes/www2/assets/js/jquery.fitvids.js?ver=2.2 | 200 OK Content-Length: 3010 Content-Type: application/javascript | clean |
http://www.rumonline.co.za/wp-content/themes/www2/assets/js/jquery.flexslider.js?ver=2.2 | 200 OK Content-Length: 41110 Content-Type: application/javascript | clean |
http://www.rumonline.co.za/wp-content/themes/www2/assets/js/ddsmoothmenu.js?ver=2.2 | 200 OK Content-Length: 11643 Content-Type: application/javascript | clean |
http://www.rumonline.co.za/wp-content/themes/www2/assets/js/jquery.carouFredSel-6.2.0-packed.js?ver=6.0.2 | 200 OK Content-Length: 36065 Content-Type: application/javascript | clean |
http://www.rumonline.co.za/wp-content/themes/www2/assets/js/jquery.imagesloaded.min.js?ver=6.0.2 | 200 OK Content-Length: 1047 Content-Type: application/javascript | clean |
http://www.rumonline.co.za/wp-content/themes/www2/assets/js/custom.js?ver=2.2 | 200 OK Content-Length: 10901 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery.noConflict(); jQuery(document).ready(function(){ jQuery('.video-thumb').each(function(){ var obj = jQuery(this); var v = obj.attr('video'); var vi = obj.attr('video-id'); if(typeof(v)!='undefined' && v !=''&& typeof(vi)!='undefined' && vi !=''){ if(v=='youtube'){ obj.html('<img src="http://img.youtube.com/vi/'+vi+'/3.jpg" alt="" />'); }else{ } }); jQuery(window).scroll(function() { if(jQuery(this).scrollTop() != 0) { jQuery('#sttotop').fadeIn(); } else { jQuery('#sttotop').fadeOut(); } }); jQuery('#sttotop').click(function() { jQuery('body,html').animate({scrollTop:0},800); }); }); Antivirus reports:
| ||
http://rumonline.co.za/test404page.js | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Sun, 11 May 2014 00:03:33 GMT Pragma: no-cache Location: http://www.rumonline.co.za/test404page.js Server: nginx Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT Set-Cookie: wfvt_405789162=536ebe5535606; expires=Sun, 11-May-2014 00:33:33 GMT; path=/ X-Pingback: http://www.rumonline.co.za/xmlrpc.php X-Powered-By: PHP/5.3.28 | clean |
http://www.rumonline.co.za/test404page.js | 404 Not Found Content-Length: 45920 Content-Type: text/html | clean |
http://www.rumonline.co.za/home/ | 200 OK Content-Length: 45830 Content-Type: text/html | clean |
http://www.rumonline.co.za/wp-includes/js/comment-reply.min.js?ver=3.5.2 | 200 OK Content-Length: 786 Content-Type: application/javascript | clean |
http://www.rumonline.co.za/contact-us/ | 200 OK Content-Length: 45942 Content-Type: text/html | clean |
http://www.rumonline.co.za/contact/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Sun, 11 May 2014 00:03:37 GMT Pragma: no-cache Location: http://www.rumonline.co.za/contact-us/ Server: nginx Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT Set-Cookie: wfvt_405789162=536ebe59d5263; expires=Sun, 11-May-2014 00:33:37 GMT; path=/ X-Pingback: http://www.rumonline.co.za/xmlrpc.php X-Powered-By: PHP/5.3.28 | clean |
http://www.rumonline.co.za/category/fashion/ | 200 OK Content-Length: 45424 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: rumonline.co.za
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: max-age=60
Connection: close
Date: Sun, 11 May 2014 00:03:25 GMT
Location: http://www.rumonline.co.za/
Server: nginx
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Expires: Sun, 11 May 2014 00:04:25 GMT
Set-Cookie: wfvt_405789162=536ebe4dbe1cf; expires=Sun, 11-May-2014 00:33:25 GMT; path=/
X-Pingback: http://www.rumonline.co.za/xmlrpc.php
X-Powered-By: PHP/5.3.28
...0 bytes of data.
GET / HTTP/1.1
Host: rumonline.co.za
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: max-age=60
Connection: close
Date: Sun, 11 May 2014 00:03:25 GMT
Location: http://www.rumonline.co.za/
Server: nginx
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Expires: Sun, 11 May 2014 00:04:25 GMT
Set-Cookie: wfvt_405789162=536ebe4dbe1cf; expires=Sun, 11-May-2014 00:33:25 GMT; path=/
X-Pingback: http://www.rumonline.co.za/xmlrpc.php
X-Powered-By: PHP/5.3.28
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: rumonline.co.za
Referer: http://www.google.com/search?q=rumonline.co.za
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: rumonline.co.za
Referer: http://www.google.com/search?q=rumonline.co.za
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=rumonline.co.za
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://rumonline.co.za/
Result: rumonline.co.za is not infected or malware details are not published yet.
Result: rumonline.co.za is not infected or malware details are not published yet.