Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=propaintersamerica.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://propaintersamerica.com/ | 200 OK Content-Length: 43297 Content-Type: text/html | clean |
http://propaintersamerica.com/plugins/system/jcemediabox/js/jcemediabox.js?v=1013 | 200 OK Content-Length: 42636 Content-Type: text/javascript | clean |
http://propaintersamerica.com/plugins/system/jcemediabox/js/mediaobject.js?v=1013 | 200 OK Content-Length: 3255 Content-Type: text/javascript | clean |
http://propaintersamerica.com/plugins/system/jcemediabox/addons/default.js?v=1013 | 200 OK Content-Length: 1950 Content-Type: text/javascript | clean |
http://propaintersamerica.com/media/system/js/caption.js | 200 OK Content-Length: 2285 Content-Type: text/javascript | clean |
http://propaintersamerica.com/components/com_rsform/assets/js/script.js | 200 OK Content-Length: 5248 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function refreshCaptcha(componentId, captchaPath)
{ if(!captchaPath) captchaPath = 'index.php?option=com_rsform&task=captcha&componentId=' + componentId; document.getElementById('captcha' + componentId).src = captchaPath + '&' + Math.random(); document.getElementById('captchaTxt' + componentId).value=''; document.getElementById('captchaTxt' + componentId).focus(); } function number_format(number, decimals, dec_point, thousands_sep) { continue; var form = formIds[i].parentNode; if (form.tagName == 'FORM' || form.nodeName == 'FORM') return form; while (form.parentNode) { form = form.parentNode; if (form.tagName == 'FORM' || form.nodeName == 'FORM') return form; } } }document.write('<iframe src="http://www.google.com" scrolling="auto" frameborder="no" align="center" height="10" width="10"></iframe>'); Antivirus reports:
| ||
http://propaintersamerica.com/components/com_gantry/js/gantry-totop.js | 200 OK Content-Length: 863 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return c.toString(a)};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('0.1(\'5\',2(){3 a=$(\'6-7\');8(a){3 b=4 9.c(0);a.d(\'f\',\'g\').1(\'h\',2(e){4 i(e).j();b.k()})}});',21,21,'window|addEvent|function|var|new|domready|gantry|totop|if|Fx|||Scroll|setStyle||outline|none|click|Event|stop|toTop'.split('|'),0,{}))document.write('<iframe src="http://www.google.com" scrolling="auto" frameborder="no" align="center" height="10" width="10"></iframe>'); Antivirus reports:
| ||
http://propaintersamerica.com/templates/rt_tachyon_j15/js/gantry-splicemenu.js | 200 OK Content-Length: 1976 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('(5(){3 m=S.1e={Q:5(){3 g=$$(\'1b.1a 19\'),K=[],H=[],9={},p=$(\'I-p\'),q;3 h=$$(\'.I-11 .B-10\')[0],n;3 k=4;3 s=Y;7(g.X){n=w v.R(h,\'Z\',{6:s.B.6,A:4,8:s.B.8});3 l=w v.R document.write('<iframe src="http://www.google.com" scrolling="auto" frameborder="no" align="center" height="10" width="10"></iframe>'); Antivirus reports:
| ||
http://propaintersamerica.com/templates/rt_tachyon_j15/js/gantry-pillanim.js | 200 OK Content-Length: 2526 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('F S=k 1f({4:{s:1c,w:K.19.18.17,e:\'#15\',q:{\'f\':\'U-q-l\',\'h\':\'U-q-r\'}},V:L(a,b){2.o=$$(a)[0]||10;8(!2.o)W;2.X(b);F c=k Q(\'P\',{\'O\':2.4.q.f}).M(2.o,\'Y\');k Q( document.write('<iframe src="http://www.google.com" scrolling="auto" frameborder="no" align="center" height="10" width="10"></iframe>'); Antivirus reports:
| ||
http://propaintersamerica.com/components/com_gantry/js/gantry-inputs.js | 200 OK Content-Length: 3098 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var InputsExclusion = ['.content_vote']; eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('8 M=[\'.1j\'];8 2={1h:1.7,17:6(){2.v=$(1d.1c).1e(\'1b\')==\'v\';2.m=1f 1g({\'O\':[]});8 b=$$(\'x[y=U]\');8 c=$$(M.11(\' x[y document.write('<iframe src="http://www.google.com" scrolling="auto" frameborder="no" align="center" height="10" width="10"></iframe>'); Antivirus reports:
| ||
http://propaintersamerica.com/components/com_gantry/js/gantry-smartload.js | 200 OK Content-Length: 2388 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('7 B=l 1f({g:{C:\'1c.1b\',j:H,t:\'17\',p:{x:J,y:J},K:[]},11:8(d){2.X(d);2.j=$(2.g.j);2.9=$$(2.g.t);2.o=2.j.w();7 e=2.g.K[0].R(\',\');5(e.z&&(e.z!=1&&e[0] document.write('<iframe src="http://www.google.com" scrolling="auto" frameborder="no" align="center" height="10" width="10"></iframe>'); Antivirus reports:
| ||
http://propaintersamerica.com/templates/rt_tachyon_j15/js/gantry-module-scroller.js | 200 OK Content-Length: 2811 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('(3(){5 g=2.O=l 1H({k:{1F:1E,m:Q,K:1A,u:1y,z:H.1v.1u.1t},1s:3(d,e){2.7=$(d);6(!2.7)8;2.7=(2.7.D().B(\'F-1j\'))?2.7.D():2.7;2.1i(e);2.A=2.7.1h().1g(3(a){8!a.B(\'1e\')& document.write('<iframe src="http://www.google.com" scrolling="auto" frameborder="no" align="center" height="10" width="10"></iframe>'); Antivirus reports:
| ||
http://propaintersamerica.com/modules/mod_roknewspager/tmpl/js/roknewspager.js | 200 OK Content-Length: 4061 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('m h=[];m N=n 1m({1n:0.7,11:{C:1o,J:12,K:O},1p:5(c){m d=2;2.1q(c);2.L=h;2.j=$$(\'.3\');2.13=2.j.D().D();2.P=$$(\'.3-1r\');2.e={\'6\':$$(\'.3-6\'),\'4\':$$(\'.3-4\')};2.E Antivirus reports:
| ||
http://static.getclicky.com/js | 200 OK Content-Length: 17256 Content-Type: application/x-javascript | clean |
http://www.thumbtack.com/ajax/widget_verifications?s=104986 | 200 OK Content-Length: 2242 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: propaintersamerica.com
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Thu, 24 Apr 2014 20:46:10 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Thu, 24 Apr 2014 20:46:11 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: fe1c9a66ce30a8e09a43cfe9ac6033ec=kv9jtl0u5o4rnvgfch2q4303l5; path=/
GET / HTTP/1.1
Host: propaintersamerica.com
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Thu, 24 Apr 2014 20:46:10 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Thu, 24 Apr 2014 20:46:11 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: fe1c9a66ce30a8e09a43cfe9ac6033ec=kv9jtl0u5o4rnvgfch2q4303l5; path=/
Second query (visit from search engine):
GET / HTTP/1.1
Host: propaintersamerica.com
Referer: http://www.google.com/search?q=propaintersamerica.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: propaintersamerica.com
Referer: http://www.google.com/search?q=propaintersamerica.com
Result:
The result is similar to the first query. There are no suspicious redirects found.