Malware Scanner report for cleanfiles1.com

Malicious/Suspicious/Total urls checked: 4/0/13

4 pages have malicious code. See details below

Blacklists: OK

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Scanned pages/files

Request	Server response	Status
http://cleanfiles1.com/	HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Wed, 25 Feb 2015 23:55:12 GMT Pragma: no-cache Location: /?query= Server: nginx/1.2.3 Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=PM125h--quOQ7kUykNAt10; expires=Thu, 26-Feb-2015 05:55:12 GMT; path=/ Set-Cookie: cook=ok; expires=Fri, 27-Mar-2015 23:55:12 GMT; path=/ Set-Cookie: country=LT; expires=Fri, 27-Mar-2015 23:55:12 GMT; path=/ Set-Cookie: _ft=1424919312; expires=Fri, 27-Mar-2015 23:55:12 GMT; path=/ X-Powered-By: PHP/5.4.6	clean
http://cleanfiles1.com/?query=	HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Wed, 25 Feb 2015 23:55:12 GMT Pragma: no-cache Location: /?query=%D0%A1%D1%83%D0%BC%D0%B5%D1%80%D0%BA%D0%B8 Server: nginx/1.2.3 Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=vBmRHCImBDYI8ntVMUCRn2; expires=Thu, 26-Feb-2015 05:55:12 GMT; path=/ Set-Cookie: cook=ok; expires=Fri, 27-Mar-2015 23:55:12 GMT; path=/ Set-Cookie: country=LT; expires=Fri, 27-Mar-2015 23:55:12 GMT; path=/ Set-Cookie: _ft=1424919312; expires=Fri, 27-Mar-2015 23:55:12 GMT; path=/ X-Powered-By: PHP/5.4.6	clean
http://cleanfiles1.com/?query=%d0%a1%d1%83%d0%bc%d0%b5%d1%80%d0%ba%d0%b8	200 OK Content-Length: 13841 Content-Type: text/html	clean
http://cleanfiles1.com/js/jquery.min.js	200 OK Content-Length: 93868 Content-Type: application/x-javascript	clean
http://cleanfiles1.com/js/default.js	200 OK Content-Length: 1077 Content-Type: application/x-javascript	clean
http://cleanfiles1.com/js/my.js	200 OK Content-Length: 297 Content-Type: application/x-javascript	clean
http://cleanfiles1.com/res/dev/code.js	200 OK Content-Length: 3430 Content-Type: application/x-javascript	clean
http://cleanfiles1.com/?module=get&hash=0KHRg9C80LXRgNC60Lg%3D	HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Wed, 25 Feb 2015 23:55:13 GMT Pragma: no-cache Location: /?module=downloads Server: nginx/1.2.3 Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=%2CyXGL3O2PT4WI6YmsB2Cj1; expires=Thu, 26-Feb-2015 05:55:13 GMT; path=/ Set-Cookie: cook=ok; expires=Fri, 27-Mar-2015 23:55:13 GMT; path=/ Set-Cookie: country=LT; expires=Fri, 27-Mar-2015 23:55:13 GMT; path=/ Set-Cookie: _ft=1424919313; expires=Fri, 27-Mar-2015 23:55:13 GMT; path=/ X-Powered-By: PHP/5.4.6	clean
http://cleanfiles1.com/?module=downloads	200 OK Content-Length: 30151 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var payment_url = '/?module=downloads';var payment_link = 0;var payment_number = 0; var payment_request_ready = true; var payment_operator = ''; var bsid = ''; var payment_name = ''; var payment_value = ''; function payment_request(options) { if (!payment_request_ready) { return false; } payment_request_ready = false; $(".nkfu_reg_form:visible .nkfu_reg_messages").text('ÐÐ¾Ð¶Ð°Ð»ÑÐ¹ÑÑÐ° Ð¿Ð¾Ð´Ð¾Ð¶Ð´Ð¸ÑÐµ..'); $.post(payment_url, options ... 3427 bytes are skipped ...xt(''); code = $('#nkfu_reg_subscribe_activate_beeline .nkfu_reg_code_input').val(); if (code.length == 0) { $(errors).text('ÐÐ¾Ð´ Ð´Ð¾ÑÑÑÐ¿Ð° Ð½Ðµ ÑÐºÐ°Ð·Ð°Ð½.'); return; } payment_request({'action': 'subscribe_activate', 'number': payment_number, 'code': code, 'type': 1}); }); $('.nkfu_reg_captcha_update').live('click', function(event) { event.preventDefault(); payment_request({'action': 'update_captcha'}); }); }); Antivirus reports: DrWeb Trojan.SMSSend.3041
http://cleanfiles1.com/?module=downloads&sub=resume	200 OK Content-Length: 50539 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var payment_url = '/?module=downloads';var payment_link = 1;var payment_number = 0; var payment_request_ready = true; var payment_operator = ''; var bsid = ''; var payment_name = ''; var payment_value = ''; function payment_request(options) { if (!payment_request_ready) { return false; } payment_request_ready = false; $(".nkfu_reg_form:visible .nkfu_reg_messages").text('ÐÐ¾Ð¶Ð°Ð»ÑÐ¹ÑÑÐ° Ð¿Ð¾Ð´Ð¾Ð¶Ð´Ð¸ÑÐµ..'); $.post(payment_url, options ... 3427 bytes are skipped ...xt(''); code = $('#nkfu_reg_subscribe_activate_beeline .nkfu_reg_code_input').val(); if (code.length == 0) { $(errors).text('ÐÐ¾Ð´ Ð´Ð¾ÑÑÑÐ¿Ð° Ð½Ðµ ÑÐºÐ°Ð·Ð°Ð½.'); return; } payment_request({'action': 'subscribe_activate', 'number': payment_number, 'code': code, 'type': 1}); }); $('.nkfu_reg_captcha_update').live('click', function(event) { event.preventDefault(); payment_request({'action': 'update_captcha'}); }); }); Antivirus reports: DrWeb Trojan.SMSSend.3041
http://cleanfiles1.com/?module=downloads&sub=unsub	200 OK Content-Length: 51028 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var payment_url = '/?module=downloads';var payment_link = 1;var payment_number = 0; var payment_request_ready = true; var payment_operator = ''; var bsid = ''; var payment_name = ''; var payment_value = ''; function payment_request(options) { if (!payment_request_ready) { return false; } payment_request_ready = false; $(".nkfu_reg_form:visible .nkfu_reg_messages").text('ÐÐ¾Ð¶Ð°Ð»ÑÐ¹ÑÑÐ° Ð¿Ð¾Ð´Ð¾Ð¶Ð´Ð¸ÑÐµ..'); $.post(payment_url, options ... 3427 bytes are skipped ...xt(''); code = $('#nkfu_reg_subscribe_activate_beeline .nkfu_reg_code_input').val(); if (code.length == 0) { $(errors).text('ÐÐ¾Ð´ Ð´Ð¾ÑÑÑÐ¿Ð° Ð½Ðµ ÑÐºÐ°Ð·Ð°Ð½.'); return; } payment_request({'action': 'subscribe_activate', 'number': payment_number, 'code': code, 'type': 1}); }); $('.nkfu_reg_captcha_update').live('click', function(event) { event.preventDefault(); payment_request({'action': 'update_captcha'}); }); }); Antivirus reports: DrWeb Trojan.SMSSend.3041
http://cleanfiles1.com/?module=downloads&sub=pravila	200 OK Content-Length: 93623 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var payment_url = '/?module=downloads';var payment_link = 1;var payment_number = 0; var payment_request_ready = true; var payment_operator = ''; var bsid = ''; var payment_name = ''; var payment_value = ''; function payment_request(options) { if (!payment_request_ready) { return false; } payment_request_ready = false; $(".nkfu_reg_form:visible .nkfu_reg_messages").text('ÐÐ¾Ð¶Ð°Ð»ÑÐ¹ÑÑÐ° Ð¿Ð¾Ð´Ð¾Ð¶Ð´Ð¸ÑÐµ..'); $.post(payment_url, options ... 3427 bytes are skipped ...xt(''); code = $('#nkfu_reg_subscribe_activate_beeline .nkfu_reg_code_input').val(); if (code.length == 0) { $(errors).text('ÐÐ¾Ð´ Ð´Ð¾ÑÑÑÐ¿Ð° Ð½Ðµ ÑÐºÐ°Ð·Ð°Ð½.'); return; } payment_request({'action': 'subscribe_activate', 'number': payment_number, 'code': code, 'type': 1}); }); $('.nkfu_reg_captcha_update').live('click', function(event) { event.preventDefault(); payment_request({'action': 'update_captcha'}); }); }); Antivirus reports: DrWeb Trojan.SMSSend.3041
http://cleanfiles1.com/test404page.js	404 Not Found Content-Length: 570 Content-Type: text/html	clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: cleanfiles1.com

Result:
HTTP/1.1 302 Found
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 25 Feb 2015 23:55:12 GMT
Pragma: no-cache
Location: /?query=
Server: nginx/1.2.3
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=PM125h--quOQ7kUykNAt10; expires=Thu, 26-Feb-2015 05:55:12 GMT; path=/
Set-Cookie: cook=ok; expires=Fri, 27-Mar-2015 23:55:12 GMT; path=/
Set-Cookie: country=LT; expires=Fri, 27-Mar-2015 23:55:12 GMT; path=/
Set-Cookie: _ft=1424919312; expires=Fri, 27-Mar-2015 23:55:12 GMT; path=/
X-Powered-By: PHP/5.4.6

...0 bytes of data.

Second query (visit from search engine):
GET / HTTP/1.1
Host: cleanfiles1.com
Referer: http://www.google.com/search?q=cleanfiles1.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=cleanfiles1.com

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://cleanfiles1.com/

Result: cleanfiles1.com is not infected or malware details are not published yet.

Recently found suspicious websites

Malware Scanner report for cleanfiles1.com

Malware & Hack Repair

Website Hack Insurance

Scanned pages/files

Malicious Redirects

Safe Browsing / Blacklists

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools