The URL that Chrome loaded was this, which is sneaky. Repeat visits to this URL do not change the page being returned. Obviously it is Base64 so the decoded form is below.
It decodes into HTML of which contains the bad URL in the iframe tag below:
Some tips for reporting badware, malware, phishing sites, and sending email submissions.
Remember suspicious emails and attachments should be sent as a saved message, not forwarded as it will lose the originator's details.
- VirusTotal - File or URL
- Google - Report Malware - URL only
- Google - Phishing - URL only
- Action Fraud and email@example.com
- Microsoft - Malware Protection Center - File only
- BitDefender - File or URL
- Symantec Norton - Phishing Site - File or URL
- Avira - File or URL
- F-Secure - File or URL
- Kaspersky - URL only
- Comodo - File only
- ClamAV - File only
- eScanAV - File only
- firstname.lastname@example.org and email@example.com see more info here
- firstname.lastname@example.org - must be in password-protected ZIP with 'infected' as password
- email@example.com - subject "Undetected Malware" - as a single zip
- Others on Web of Trust (WOT)
- Spam texts, calls, emails - follow the steps on Which and the ICO