Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=coraliebywater.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://coraliebywater.com/ | 200 OK Content-Length: 2955 Content-Type: text/html | clean |
https://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js | 200 OK Content-Length: 91342 Content-Type: text/javascript | clean |
http://feeds.feedburner.com/CoralieBywater?format=sigpro | 200 OK Content-Length: 1597 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: blog.coraliebywater.com document.write("\x3cdiv class\x3d\x22feedburnerFeedBlock\x22 id\x3d\x22CoralieBywatere25gghrdtg19vh3goinfin7plg\x22\x3e"); document.write("\x3cul\x3e"); document.write("\x3cli\x3e\x3cspan class\x3d\x22headline\x22\x3e\x3ca href\x3d\x22http://blog.coraliebywater.com/post/104020218133\x22\x3eAfter two years, it has been decided we shall be going our...\x3c/a\x3e\x3c/span\x3e"); document.write("\x3c/li\x3e"); document.write("\x3cli\x3e\x3cspan class\x3d\x22headline\x22\x3e\x3ca href\x3d\x22http://blog.coraliebywater.com/post/95615882584\x22\x3e\x26quot;Acting is the life of the human soul receiving its birth through art.\x26quot;\x3c/a\x3e\x3c/span\x3e"); document.write("\x3c/li\x3e"); ...[933 bytes skipped]... Decoded script: <div class="feedburnerFeedBlock" id="CoralieBywatere25gghrdtg19vh3goinfin7plg"><ul><li><span class="headline"><a href="http://blog.coraliebywater.com/post/104020218133">After two years, it has been decided we shall be going our...</a></span></li><li><span class="headline"><a href="http://blog.coraliebywater.com/post/95615882584">"Acting is the life of the human soul receiving its birth through art."</a></span></li><li><span class="headline"><a href="http://blog.coraliebywater.com/post/9561511 ...[591 bytes skipped]... | ||
http://dmbsweets.com/zcgvtprx.php?id=5454995 | 404 Not Found Content-Length: 25 Content-Type: text/html | clean |
http://dmbsweets.com/test404page.js | 404 Not Found Content-Length: 1549 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: coraliebywater.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Sat, 13 Dec 2014 00:59:39 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Last-Modified: Sat, 06 Dec 2014 00:59:39 GMT
X-Powered-By: PHP/5.3.28
GET / HTTP/1.1
Host: coraliebywater.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Sat, 13 Dec 2014 00:59:39 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Last-Modified: Sat, 06 Dec 2014 00:59:39 GMT
X-Powered-By: PHP/5.3.28
Second query (visit from search engine):
GET / HTTP/1.1
Host: coraliebywater.com
Referer: http://www.google.com/search?q=coraliebywater.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: coraliebywater.com
Referer: http://www.google.com/search?q=coraliebywater.com
Result:
The result is similar to the first query. There are no suspicious redirects found.