The URL that Chrome loaded was this, which is sneaky. Repeat visits to this URL do not change the page being returned. Obviously it is Base64 so the decoded form is below.
It decodes into HTML of which contains the bad URL in the iframe tag below:
Some tips for reporting badware, malware, phishing sites, and sending email submissions.
Remember suspicious emails and attachments should be sent as a saved message, not forwarded as it will lose the originator's details.
- VirusTotal - File or URL
- Google - Report Malware - URL only
- Google - Phishing - URL only
- Action Fraud
- Microsoft - Malware Protection Center - File only
- BitDefender - File or URL
- Symantec Norton - Phishing Site - URL only
- Symantec Norton - File Upload - File only
- Avira - File or URL
- F-Secure - File or URL
- Kaspersky - URL only
- Malwarebytes - email address on page
- Comodo - File only
- ClamAV - File only
- eScanAV - File only
- firstname.lastname@example.org and email@example.com see more info here
- firstname.lastname@example.org - must be in password-protected ZIP with 'infected' as password
- email@example.com - subject "Undetected Malware" - as a single zip
- Others on Web of Trust (WOT)
- Spam texts, calls, emails - follow the steps on Which and the ICO