See: http://urlquery.net/report.php?id=80586
given as closed 2012-06-12 04:55:28
See: http://zulu.zscaler.com/submission/show/c988d3b1921744b2b7cc45839a4eeeda-1343404955
The location line in the header above has redirected the request to: htxp://www.quickerloanz.com/?ref=ed1
see: http://zulu.zscaler.com/submission/show/96d30302e51351accc70756fa940517d-1343405103
quickerloanz dot com/wp-includes/js/jquery/jquery.js benign
[nothing detected] (script) quickerloanz dot com/wp-includes/js/jquery/jquery.js
status: (referer=quickerloanz dot com/quickerloanz dot com)saved 93889 bytes caed7103070771ddb0bd97b2fc89d7429e20267c
info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
info: [decodingLevel=0] found JavaScript
suspicious: vulnerable to TrojanDownloader:JS/Adodb exploits,

polonus

Hi folks,

To-day I get a redirect here: document moved “htxp://www.iloansnow.com/?ref=ed1” here.
Towards the end of the code I stumbled upon:
document.location.protocol+"//dnn506yrbagrg.cloudfront dot net/pages/scripts/0012/6891.js?
see: http://urlquery.net/report.php?id=9302
IDS alert: http_inspect: NO CONTENT-LENGTH OR TRANSFER-ENCODING IN HTTP RESPONSE (but this is intended behavior)
CE2 ≈ undefined;
2: /* Inactive account */

polonus

Hi

http://www.ipvoid.com/scan/91.224.161.9/

Have a look at that

Hi adotd,

Dirty block, spam-runner. Good find,

polonus