New scan:

Malware Scanner report for xmenzone.net

Malicious/Suspicious/Total urls checked
5/0/20
5 pages have malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/10/10
10 suspicious iframes found. See details below
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://xmenzone.net/
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 02 Sep 2014 23:04:31 GMT
Location: http://marvel.com/
Server: Apache
Vary: Accept-Encoding
Content-Length: 226
Content-Type: text/html; charset=iso-8859-1
clean
http://marvel.com/
200 OK
Content-Length: 143572
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

var axel = Math.random() + "";
var a = axel * 10000000000000;
document.write('<iframe src="http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>');

Antivirus reports:

Avast
HTML:Iframe-inf
VIPRE
Heur.HTML.MalIFrame (v)
Norman
Iframer.AU
Sophos
Mal/Iframe-V
GData
HTML:Iframe-inf
ESET-NOD32
HTML/Iframe.B.Gen

Hidden iFrame found.
size: 1x1     style: hidden
src: http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=1?

<iframe src="http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=1?" width="1" height="1" frameborder="0" style="display:none">

Hidden iFrame found.
size: 1x1     style: hidden
src: http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=

<iframe src="http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none">

http://i.annihil.us/u/prod/marvel/s/js/4712f50cc156b4e1ae664b83c693c9a4.js
200 OK
Content-Length: 182865
Content-Type: application/javascript
clean
http://i.annihil.us/u/prod/marvel/s/js/fdece4ebb271cc9039c77cdd7d297d1a.js
200 OK
Content-Length: 953
Content-Type: application/javascript
clean
http://admin.brightcove.com/js/BrightcoveExperiences_all.js
200 OK
Content-Length: 109526
Content-Type: application/x-javascript
clean
http://xmenzone.net//marvel.com/i/js/marvelvideo.js/
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 02 Sep 2014 23:04:44 GMT
Location: http://marvel.com/marvel.com/i/js/marvelvideo.js/
Server: Apache
Vary: Accept-Encoding
Content-Length: 257
Content-Type: text/html; charset=iso-8859-1
clean
http://marvel.com/marvel.com/i/js/marvelvideo.js/
404 Not Found
Content-Length: 33275
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

var axel = Math.random() + "";
var a = axel * 10000000000000;
document.write('<iframe src="http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>');

Antivirus reports:

Avast
HTML:Iframe-inf
VIPRE
Heur.HTML.MalIFrame (v)
Norman
Iframer.AU
Sophos
Mal/Iframe-V
GData
HTML:Iframe-inf
ESET-NOD32
HTML/Iframe.B.Gen

Hidden iFrame found.
size: 1x1     style: hidden
src: http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=1?

<iframe src="http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=1?" width="1" height="1" frameborder="0" style="display:none">

Hidden iFrame found.
size: 1x1     style: hidden
src: http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=

<iframe src="http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none">

http://www.googleadservices.com/pagead/conversion.js
200 OK
Content-Length: 9448
Content-Type: text/javascript
clean
http://i.annihil.us/u/prod/marvel/s/js/c131c5f5e1add64db9ef9748da6b913a.js
200 OK
Content-Length: 21528
Content-Type: application/javascript
clean
http://xmenzone.net/characters
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 02 Sep 2014 23:04:47 GMT
Location: http://marvel.com/characters
Server: Apache
Vary: Accept-Encoding
Content-Length: 236
Content-Type: text/html; charset=iso-8859-1
clean
http://marvel.com/characters
200 OK
Content-Length: 95812
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

var axel = Math.random() + "";
var a = axel * 10000000000000;
document.write('<iframe src="http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>');

Antivirus reports:

Avast
HTML:Iframe-inf
VIPRE
Heur.HTML.MalIFrame (v)
Norman
Iframer.AU
Sophos
Mal/Iframe-V
GData
HTML:Iframe-inf
ESET-NOD32
HTML/Iframe.B.Gen

Hidden iFrame found.
size: 1x1     style: hidden
src: http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=

<iframe src="http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none">

Hidden iFrame found.
size: 1x1     style: hidden
src: http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=1?

<iframe src="http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=1?" width="1" height="1" frameborder="0" style="display:none">

http://i.annihil.us/u/prod/marvel/s/js/cfb5f4bb1f1a83c01111ca26c20b208e.js
200 OK
Content-Length: 32981
Content-Type: application/javascript
clean
http://i.annihil.us/u/prod/marvel/s/js/82c29872f39aca59ae7a170d16f7d0ae.js
200 OK
Content-Length: 13405
Content-Type: application/javascript
clean
http://xmenzone.net/characters/browse
404 Not Found
Content-Length: 11161
Content-Type: text/html
clean
http://i.annihil.us/u/prod/newkids/s/js/v7_global_head_default_3bc9c21a6e9c679c193402ff46fe074b29f53fb7.js
200 OK
Content-Length: 126541
Content-Type: application/javascript
clean
http://xmenzone.net/characters/1009610/spider-man
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 02 Sep 2014 23:04:53 GMT
Location: http://marvel.com/characters/1009610/spider-man
Server: Apache
Vary: Accept-Encoding
Content-Length: 255
Content-Type: text/html; charset=iso-8859-1
clean
http://marvel.com/characters/1009610/spider-man
404 Not Found
Content-Length: 35144
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

var axel = Math.random() + "";
var a = axel * 10000000000000;
document.write('<iframe src="http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>');

Antivirus reports:

Avast
HTML:Iframe-inf
VIPRE
Heur.HTML.MalIFrame (v)
Norman
Iframer.AU
Sophos
Mal/Iframe-V
GData
HTML:Iframe-inf
ESET-NOD32
HTML/Iframe.B.Gen

Hidden iFrame found.
size: 1x1     style: hidden
src: http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=1?

<iframe src="http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=1?" width="1" height="1" frameborder="0" style="display:none">

Hidden iFrame found.
size: 1x1     style: hidden
src: http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=

<iframe src="http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none">

http://i.annihil.us/u/prod/marvel/s/js/480d5703a58c52fb494a155a5fb777fc.js
200 OK
Content-Length: 25636
Content-Type: application/javascript
clean
http://xmenzone.net/characters/list/994/top_marvel_heroes
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 02 Sep 2014 23:04:55 GMT
Location: http://marvel.com/characters/list/994/top_marvel_heroes
Server: Apache
Vary: Accept-Encoding
Content-Length: 263
Content-Type: text/html; charset=iso-8859-1
clean
http://marvel.com/characters/list/994/top_marvel_heroes
200 OK
Content-Length: 42522
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

var axel = Math.random() + "";
var a = axel * 10000000000000;
document.write('<iframe src="http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>');

Antivirus reports:

Avast
HTML:Iframe-inf
VIPRE
Heur.HTML.MalIFrame (v)
Norman
Iframer.AU
Sophos
Mal/Iframe-V
GData
HTML:Iframe-inf
ESET-NOD32
HTML/Iframe.B.Gen

Hidden iFrame found.
size: 1x1     style: hidden
src: http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=1?

<iframe src="http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=1?" width="1" height="1" frameborder="0" style="display:none">

Hidden iFrame found.
size: 1x1     style: hidden
src: http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=

<iframe src="http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none">


Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: xmenzone.net

Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 02 Sep 2014 23:04:31 GMT
Location: http://marvel.com/
Server: Apache
Vary: Accept-Encoding
Content-Length: 226
Content-Type: text/html; charset=iso-8859-1

...226 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: xmenzone.net
Referer: http://www.google.com/search?q=xmenzone.net

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=xmenzone.net

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://xmenzone.net/

Result: xmenzone.net is not infected or malware details are not published yet.