Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=gbigsby.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://gbigsby.com/ | 200 OK Content-Length: 1149 Content-Type: text/html | clean |
http://gbigsby.com/.smileys/ | 200 OK Content-Length: 1520 Content-Type: text/html | clean |
http://gbigsby.com/.smileys/ad.html | 200 OK Content-Length: 2205 Content-Type: text/html | clean |
http://gbigsby.com/test404page.js | 404 Not Found Content-Length: 392 Content-Type: text/html | clean |
http://gbigsby.com/.smileys/ad/ | 200 OK Content-Length: 395 Content-Type: text/html | clean |
http://gbigsby.com/.smileys/ad/all.css | 200 OK Content-Length: 6360 Content-Type: text/css | clean |
http://gbigsby.com/.smileys/ad/gateway_adblock.gif | 200 OK Content-Length: 12926 Content-Type: image/gif | clean |
http://gbigsby.com/.smileys/checker.php | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://gbigsby.com/.smileys/error_log | 200 OK Content-Length: 18737 Content-Type: text/plain | clean |
http://gbigsby.com/.smileys/function.file-get-contents | 404 Not Found Content-Length: 413 Content-Type: text/html | clean |
http://gbigsby.com/.smileys/goff.html | 200 OK Content-Length: 11921 Content-Type: text/html | clean |
http://gbigsby.com/.smileys/gwframe.html | 200 OK Content-Length: 11977 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var closing = false; var http = getHTTPObject(); var http2 = getHTTPObject(); var tab = ''; var check = 1; function getip() { setTimeout("getip();", 15000); http2.open("GET", "getip.php", true); http2.onreadystatechange = handleHttpResponseForIp; http2.send(null); } function doauth() { if (closing == false) { setTimeout("doauth();", 15000); h } else if (whichtab == "cell") { document.getElementById('gw_offers').style.display = 'none'; tab = 'divCell'; } else if (whichtab == "paypal") { document.getElementById('gw_offers').style.display = 'none'; tab = 'divPayPal'; } else if (whichtab == "try") { document.getElementById('gw_offers').style.display = 'none'; tab = 'divTry'; } } Antivirus reports:
| ||
http://gbigsby.com/.smileys/hint.css | 200 OK Content-Length: 3714 Content-Type: text/css | clean |
http://gbigsby.com/.smileys/img/ | 200 OK Content-Length: 455 Content-Type: text/html | clean |
http://gbigsby.com/.smileys/img/dl.php | 200 OK Content-Length: 31 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: gbigsby.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 26 Dec 2014 04:05:23 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 1149
Content-Type: text/html;charset=ISO-8859-1
...1149 bytes of data.
GET / HTTP/1.1
Host: gbigsby.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 26 Dec 2014 04:05:23 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 1149
Content-Type: text/html;charset=ISO-8859-1
...1149 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: gbigsby.com
Referer: http://www.google.com/search?q=gbigsby.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: gbigsby.com
Referer: http://www.google.com/search?q=gbigsby.com
Result:
The result is similar to the first query. There are no suspicious redirects found.