Scanned pages/files
| Request | Server response | Status |
http://www.wishesforchildren.org/ | 200 OK Content-Length: 27076 Content-Type: text/html | clean |
http://www.wishesforchildren.org/Sponsors.html | 200 OK Content-Length: 31710 Content-Type: text/html | clean |
http://www.wishesforchildren.org/Contact_Us.html | 200 OK Content-Length: 21514 Content-Type: text/html | clean |
http://www.wishesforchildren.org/Calendar.html | 200 OK Content-Length: 29298 Content-Type: text/html | clean |
http://www.wishesforchildren.org/Gallery.html | 200 OK Content-Length: 29179 Content-Type: text/html | clean |
http://www.wishesforchildren.org/About_Us.html | 200 OK Content-Length: 22678 Content-Type: text/html | clean |
http://www.wishesforchildren.org/index.html | 200 OK Content-Length: 27076 Content-Type: text/html | clean |
http://www.wishesforchildren.org/Wishes-Angel-Flyer-2012.pdf | 200 OK Content-Length: 301936 Content-Type: application/pdf | clean |
http://www.wishesforchildren.org/test404page.js | HTTP/1.1 302 Found Connection: close Date: Sat, 04 Oct 2014 04:53:48 GMT Location: http://www.temeculainformation.com Server: Apache/2.2.27 Content-Length: 218 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.temeculainformation.com/ | 200 OK Content-Length: 67498 Content-Type: text/html | clean |
http://netweather.accuweather.com/adcbin/netweather_v2/netweatherV2ex.asp?partner=netweather&tStyle=normal&logo=1&zipcode=92592&lang=eng&size=8&theme=spring1&metric=0&target=_self | 200 OK Content-Length: 4479 Content-Type: text/javascript | clean |
http://jobroll.indeed.com/ads/jobroll2.js | 200 OK Content-Length: 4657 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function ts() { return(new Date()).getTime(); } function qu(val) { if (val!=null) return '"'+val+'"'; else return '""';} function append(name,val) { if (!val) return ''; return '&' + name + '=' + indeed_escape(val); } function indeed_escape(val) { if (typeof(encodeURIComponent) == 'function') { return encodeURIComponent(val); } else { return escape(val); } } function indeed_error_handler(msg,url,line) { return false; } function indeed_write_html() { var jobroll_ window.indeed_color_company = null; window.indeed_color_location = null; window.indeed_color_source = null; window.indeed_color_accent = null; jobroll_url = null; indeed_base_url = null; } indeed_orig_error_handler = window.onerror; window.onerror = indeed_error_handler; indeed_write_html(); window.onerror = indeed_orig_error_handler; indeed_orig_error_handler = null; Decoded script: <iframe name="indeed_jobroll_frame" width="0" height="0" frameborder="0" src="http://jobroll.indeed.com/ads/showjobs?&ts=1412398411813" marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true" scrolling="no"></iframe> Antivirus reports:
| ||
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 21308 Content-Type: text/javascript | clean |
http://www.usacityinformation.com/rssfeeds/rss.php?url=http%3A%2F%2Fsearch.msn.com%2Fnews%2Fresults.aspx%3Fformat%3Drss%26FORM%3DRSNR%26q%3Dtemecula%2Bca&newpage=1&chead=&atl=&desc=&owncss=&eleminate=1&auth=&dts=&width=300&max=5&maxfrom=7&maxto=7&tlen=0&rnd=1&bt=0&bs=None&nmb=1&ntb=1&naf=1&nst=1&nwd=0&nht=0&initime=1343973178&dlttime=0&dlen=0&bg=%23FFFFFF&bc=BLUE&tc=BLACK&ts=10&spc=1&ims=&lc=BLUE&lstyle=-1&rel=&tfont=Verdana,+Arial,+Sans-serif | 200 OK Content-Length: 7154 Content-Type: text/html | clean |
http://www.usacityinformation.com/test404page.js | HTTP/1.1 302 Found Connection: close Date: Sat, 04 Oct 2014 04:53:57 GMT Location: http://www.usacityinformation.com/Page_Not_Found.htm Server: Apache/2.2.27 Content-Length: 236 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.usacityinformation.com/page_not_found.htm | HTTP/1.1 302 Found Connection: close Date: Sat, 04 Oct 2014 04:53:58 GMT Location: http://www.usacityinformation.com/Page_Not_Found.htm Server: Apache/2.2.27 Content-Length: 236 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.usacityinformation.com/rssfeeds/rss.php?url=http%3A%2F%2Frss.news.yahoo.com%2Frss%2Ftopstories&newpage=1&chead=1&atl=1&desc=1&owncss=&eleminate=&auth=&dts=&width=150&max=5&maxfrom=2&maxto=2&tlen=0&rnd=1&bt=0&bs=None&nmb=1&ntb=1&naf=1&nst=1&nwd=0&nht=0&initime=1343864605&dlttime=0&dlen=0&bg=%23FFFFFF&bc=BLUE&tc=BLACK&ts=8&spc=&ims=1&lc=BLUE&lstyle=-1&rel=&tfont=Verdana,+Arial,+Sans-serif | 200 OK Content-Length: 4069 Content-Type: text/html | clean |
http://www.usacityinformation.com/rssfeeds/ | 200 OK Content-Length: 4344 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: wishesforchildren.org
Result:
GET / HTTP/1.1
Host: wishesforchildren.org
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: wishesforchildren.org
Referer: http://www.google.com/search?q=wishesforchildren.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: wishesforchildren.org
Referer: http://www.google.com/search?q=wishesforchildren.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=wishesforchildren.org
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://wishesforchildren.org/
Result: wishesforchildren.org is not infected or malware details are not published yet.
Result: wishesforchildren.org is not infected or malware details are not published yet.