Scanned pages/files
Request | Server response | Status |
http://handymanhotline.biz/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 27 Sep 2014 21:29:26 GMT Location: http://www.servicemagic.com/ Server: Apache/2.4.3 (Unix) mod_jk/1.2.37 Content-Length: 236 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.servicemagic.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 27 Sep 2014 21:29:27 GMT Location: http://www.homeadvisor.com/ Content-Length: 0 Set-Cookie: ServerID=235514048.20480.0000; expires=Sat, 27-Sep-2014 21:54:27 GMT; path=/ Set-Cookie: bbbbbbbbbbbbbbb=KLJFEPNFLPFINANDCBBODFMFDKNGBKIBHNFPOLOJKCCDCILLCBMHAMJEILLAPKGLMLNEPBNCAMNFMJPDOCCMLMPKCDAAHLMNLHNOOPIIABIFKIJACNPHJBKPGOEJKJIH; HttpOnly Set-Cookie: TS01430915=0109d29b8d7b8cb7eb9e65b8382b3981ab566a77a40eabc67dedae724fc8e5a3956b6d9bd48035548594cde5427ff14ffbc36dff3474772e32958c64d68311ad98a08c0626; Path=/ | clean |
http://www.homeadvisor.com/ | 200 OK Content-Length: 84575 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="https://fls.doubleclick.net/activityi;src=3196561;type=smpat048;cat=patht281;u3=0;u1=0;ord=1;num=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports:
| ||
http://www.homeadvisor.com//cdn1.homeadvisor.com/rb/N462518277/js/bundle/async.js/ | 404 Not Found Content-Length: 76001 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="https://fls.doubleclick.net/activityi;src=3196561;type=smpat048;cat=patht281;u3=0;u1=0;ord=1;num=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports:
| ||
http://www.homeadvisor.com//cdn1.homeadvisor.com/rb/N1856456684/js/bundle/global.js/ | 404 Not Found Content-Length: 76011 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="https://fls.doubleclick.net/activityi;src=3196561;type=smpat048;cat=patht281;u3=0;u1=0;ord=1;num=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports:
| ||
http://www.homeadvisor.com//cdn1.homeadvisor.com/rb/794142572/js/s_code.js/ | 404 Not Found Content-Length: 76001 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="https://fls.doubleclick.net/activityi;src=3196561;type=smpat048;cat=patht281;u3=0;u1=0;ord=1;num=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports:
| ||
https://www.googleadservices.com/pagead/conversion.js | 200 OK Content-Length: 9447 Content-Type: text/javascript | clean |
http://www.homeadvisor.com//cdn1.homeadvisor.com/rb/751754836/js/consumer/sub-nav.js/ | 404 Not Found Content-Length: 76011 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="https://fls.doubleclick.net/activityi;src=3196561;type=smpat048;cat=patht281;u3=0;u1=0;ord=1;num=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports:
| ||
http://www.homeadvisor.com//cdn.optimizely.com/js/192644492.js/ | 404 Not Found Content-Length: 76011 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="https://fls.doubleclick.net/activityi;src=3196561;type=smpat048;cat=patht281;u3=0;u1=0;ord=1;num=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports:
| ||
http://www.homeadvisor.com/how-it-works/ | 200 OK Content-Length: 78274 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="https://fls.doubleclick.net/activityi;src=3196561;type=smpat048;cat=patht281;u3=0;u1=0;ord=1;num=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports:
| ||
http://www.homeadvisor.com//cdn1.homeadvisor.com/rb/387602536/js/bundle/survey-pixels.js/ | 404 Not Found Content-Length: 76011 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="https://fls.doubleclick.net/activityi;src=3196561;type=smpat048;cat=patht281;u3=0;u1=0;ord=1;num=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports:
| ||
http://www.homeadvisor.com/article.home-improvement-library.html | 200 OK Content-Length: 93573 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="https://fls.doubleclick.net/activityi;src=3196561;type=smpat048;cat=patht281;u3=0;u1=0;ord=1;num=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports:
| ||
http://www.homeadvisor.com/write-a-review/ | 200 OK Content-Length: 76425 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="https://fls.doubleclick.net/activityi;src=3196561;type=smpat048;cat=patht281;u3=0;u1=0;ord=1;num=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports:
| ||
http://cdn.gigya.com/js/socialize.js?apiKey=3_Wd_kQ4DJvIfvFBwN5u4vNdB_Rs4wdW8_OmExAoOq35NyVPyKy9RMvQBIPpT0YoDM | 200 OK Content-Length: 138240 Content-Type: text/javascript | clean |
http://www.homeadvisor.com//cdn1.homeadvisor.com/rb/1027598463/js/bundle/xmd.js/ | 404 Not Found Content-Length: 76001 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="https://fls.doubleclick.net/activityi;src=3196561;type=smpat048;cat=patht281;u3=0;u1=0;ord=1;num=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports:
| ||
http://www.homeadvisor.com/servlet/ServiceProfessionalRegistrationServlet | 200 OK Content-Length: 28047 Content-Type: text/html | clean |
http://www.homeadvisor.com/js/jQuery/jQuery.js | 200 OK Content-Length: 94840 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: handymanhotline.biz
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 27 Sep 2014 21:29:26 GMT
Location: http://www.servicemagic.com/
Server: Apache/2.4.3 (Unix) mod_jk/1.2.37
Content-Length: 236
Content-Type: text/html; charset=iso-8859-1
...236 bytes of data.
GET / HTTP/1.1
Host: handymanhotline.biz
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 27 Sep 2014 21:29:26 GMT
Location: http://www.servicemagic.com/
Server: Apache/2.4.3 (Unix) mod_jk/1.2.37
Content-Length: 236
Content-Type: text/html; charset=iso-8859-1
...236 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: handymanhotline.biz
Referer: http://www.google.com/search?q=handymanhotline.biz
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: handymanhotline.biz
Referer: http://www.google.com/search?q=handymanhotline.biz
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=handymanhotline.biz
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://handymanhotline.biz/
Result: handymanhotline.biz is not infected or malware details are not published yet.
Result: handymanhotline.biz is not infected or malware details are not published yet.