Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=investorplace.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://investorplace.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://investorplace.com/ | 200 OK Content-Length: 86574 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="http://3951112.fls.doubleclick.net/activityi;src=3951112;type=retar819;cat=unive767;u2=[breadcumb];ord=1;num=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports:
Hidden iFrame found. size: 1x1 style: hidden src: http://3951112.fls.doubleclick.net/activityi;src=3951112;type=retar819;cat=unive767;u2=[breadcumb];ord=1;num= <iframe src="http://3951112.fls.doubleclick.net/activityi;src=3951112;type=retar819;cat=unive767;u2=[breadcumb];ord=1;num=' + a + '?" width="1" height="1" frameborder="0" style="display:none"> Hidden iFrame found. size: 1x1 style: hidden src: http://3951112.fls.doubleclick.net/activityi;src=3951112;type=retar819;cat=unive767;u2=[breadcumb];ord=1;num=1? <iframe src="http://3951112.fls.doubleclick.net/activityi;src=3951112;type=retar819;cat=unive767;u2=[breadcumb];ord=1;num=1?" width="1" height="1" frameborder="0" style="display:none"> | ||
http://investorplace.com/wp-includes/js/jquery/jquery.js?ver=1.11.0 | 200 OK Content-Length: 96402 Content-Type: application/x-javascript | clean |
http://investorplace.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/x-javascript | clean |
http://investorplace.com/wp-content/themes/InvestorPlaceV2/js/buddypress.js?ver=2.0.1 | 200 OK Content-Length: 52347 Content-Type: application/x-javascript | clean |
http://investorplace.com/wp-content/plugins/buddypress/bp-core/js/confirm.min.js?ver=2.0.1 | 200 OK Content-Length: 143 Content-Type: application/x-javascript | clean |
http://a.postrelease.com/serve/load.js?async=true&ver=3.9.1 | 200 OK Content-Length: 124989 Content-Type: application/x-javascript | clean |
http://investorplace.com/wp-content/themes/InvestorPlaceV2/js/jquery.cookie.min.js?ver=1.000 | 200 OK Content-Length: 1212 Content-Type: application/x-javascript | clean |
http://investorplace.com/wp-includes/js/jquery/jquery.query.js?ver=2.1.7 | 200 OK Content-Length: 3785 Content-Type: application/x-javascript | clean |
http://investorplace.com/wp-content/themes/InvestorPlaceV2/js/unica_ntpt_cookie.min.js?ver=1.03 | 200 OK Content-Length: 916 Content-Type: application/x-javascript | clean |
http://ad.doubleclick.net/adj/dmg.investorplace/home;s1=home;s2=;s3=;ptype=;url=;kw=;dcopt=;pos=top;sz=300x250,300x600,336x280,160x600;tile=2;auth=;ord=891351292? | 200 OK Content-Length: 1855 Content-Type: text/javascript | clean |
http://s3.polldaddy.com/p/8211569.js | 200 OK Content-Length: 18053 Content-Type: text/javascript | suspicious |
Page code contains blacklisted domain: cdn.investorplace.com var pollClosed8211569 = false; var PDV_POLLRAND8211569 = false; var PDV_a8211569 = ''; var PDV_o8211569 = ''; var PDV_id8211569 = 8211569; var PDV_pt8211569 = 0; var PDV_po8211569 = 0; var PDV_b8211569 = 1; var PDV_pr8211569 = 1; var PDV_l8211569 = 0; var PDV_s8211569 = 155747; var PDV_h8211569 = '4a68437cd238e92e81a130c4461a74f7'; var PDV_w8211569 = 8211569; var PDV_share8211569 = 1; var PDV_expire8 ...[3666 bytes skipped]... | ||
http://ad.doubleclick.net/adj/dmg.investorplace/home;s1=home;s2=;s3=;ptype=;url=;kw=;dcopt=;pos=bottom;sz=300x250,300x600,336x280;tile=9;auth=;ord=891351292? | 200 OK Content-Length: 1489 Content-Type: text/javascript | clean |
http://ad.doubleclick.net/adj/dmg.investorplace/home;s1=home;s2=;s3=;ptype=;url=;kw=;dcopt=;pos=bottom;sz=728x90;tile=10;auth=;ord=891351292? | 200 OK Content-Length: 40790 Content-Type: text/javascript | clean |
http://tags.crwdcntrl.net/c/3094/cc.js?ns=_cc3094 | 200 OK Content-Length: 33953 Content-Type: application/x-javascript | clean |
https://w.soundcloud.com/player/api.js?ver=1.0.0 | 200 OK Content-Length: 7216 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: investorplace.com
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=20, must-revalidate
Connection: close
Date: Thu, 07 Aug 2014 20:20:44 GMT
Server: nginx/1.0.15
Vary: Cookie
Content-Type: text/html
Last-Modified: Thu, 07 Aug 2014 19:51:04 +0000
X-Powered-By: PHP/5.3.10
GET / HTTP/1.1
Host: investorplace.com
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=20, must-revalidate
Connection: close
Date: Thu, 07 Aug 2014 20:20:44 GMT
Server: nginx/1.0.15
Vary: Cookie
Content-Type: text/html
Last-Modified: Thu, 07 Aug 2014 19:51:04 +0000
X-Powered-By: PHP/5.3.10
Second query (visit from search engine):
GET / HTTP/1.1
Host: investorplace.com
Referer: http://www.google.com/search?q=investorplace.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: investorplace.com
Referer: http://www.google.com/search?q=investorplace.com
Result:
The result is similar to the first query. There are no suspicious redirects found.