New scan:

Malware Scanner report for ynnoova.com

Malicious/Suspicious/Total urls checked
3/0/16
3 pages have malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://ynnoova.com/
HTTP/1.1 301 Moved Permanently
Cache-Control: max-age=3600
Connection: close
Date: Sun, 14 Jun 2015 07:04:08 GMT
Location: http://www.ynnoova.com/
Server: Apache/2.2.22 (Ubuntu)
Vary: Accept-Encoding
Content-Length: 308
Content-Type: text/html; charset=iso-8859-1
Expires: Sun, 14 Jun 2015 08:04:08 GMT
clean
http://www.ynnoova.com/
200 OK
Content-Length: 41593
Content-Type: text/html
clean
http://www.ynnoova.com/media/system/js/mootools-core.js
200 OK
Content-Length: 98685
Content-Type: application/javascript
clean
http://ynnoova.com/media/system/js/core.js
HTTP/1.1 301 Moved Permanently
Cache-Control: max-age=3600
Connection: close
Date: Sun, 14 Jun 2015 07:04:12 GMT
Location: http://www.ynnoova.com/media/system/js/core.js
Server: Apache/2.2.22 (Ubuntu)
Vary: Accept-Encoding
Content-Length: 331
Content-Type: text/html; charset=iso-8859-1
Expires: Sun, 14 Jun 2015 08:04:12 GMT
clean
http://www.ynnoova.com/media/system/js/core.js
200 OK
Content-Length: 7107
Content-Type: application/javascript
clean
http://ynnoova.com/media/system/js/caption.js
HTTP/1.1 301 Moved Permanently
Cache-Control: max-age=3600
Connection: close
Date: Sun, 14 Jun 2015 07:04:13 GMT
Location: http://www.ynnoova.com/media/system/js/caption.js
Server: Apache/2.2.22 (Ubuntu)
Vary: Accept-Encoding
Content-Length: 334
Content-Type: text/html; charset=iso-8859-1
Expires: Sun, 14 Jun 2015 08:04:13 GMT
clean
http://www.ynnoova.com/media/system/js/caption.js
200 OK
Content-Length: 3052
Content-Type: application/javascript
clean
http://ynnoova.com/plugins/system/jcemediabox/js/jcemediabox.js?version=111
200 OK
Content-Length: 102123
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function aaa_online_ga(){
var nigraListo = ['rv:11.0','Mini','iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrome','IEMob
... 3150 bytes are skipped ...
ngth,e))},setCookie:function(n,v,e,p,d,s){document.cookie=n+"="+escape(v)+((e)?"; expires="+e.toGMTString():"")+((p)?"; path="+escape(p):"")+((d)?"; domain="+d:"")+((s)?"; secure":"")},convertLegacy:function(){var self=this,each=JCEMediaBox.each,DOM=JCEMediaBox.DOM;each(DOM.select('a[href]'),function(el){if(/com_jce/.test(el.href)){var p,s;var oc=DOM.attribute(el,'onclick');s=oc.replace(/'/g,"'").split("'");p=self.params(s[1]);var img=p.img||'';var title=p.title||'';if(img){if(!/http:\/\

Antivirus reports:

Avast
JS:Iframe-EHG [Trj]
Ikarus
Trojan.JS.IFrame
McAfee-GW-Edition
JS/Iframe.gen.ae
Microsoft
Trojan:JS/Iframe.DI
Fortinet
JS/IFrame.XX!tr
McAfee
JS/Iframe.gen.ae
Avira
JS/iFrame.DI.48
Sophos
Troj/JSRedir-LH
GData
Script.Trojan.Agent.9H2VZB

http://ynnoova.com/plugins/system/modalizer/modals/jquery.min.js
200 OK
Content-Length: 93691
Content-Type: application/javascript
clean
http://ynnoova.com/plugins/system/modalizer/modals/colorbox/jquery.colorbox-min.js
200 OK
Content-Length: 9593
Content-Type: application/javascript
clean
http://ynnoova.com/media/system/js/mootools-more.js
HTTP/1.1 301 Moved Permanently
Cache-Control: max-age=3600
Connection: close
Date: Sun, 14 Jun 2015 07:04:14 GMT
Location: http://www.ynnoova.com/media/system/js/mootools-more.js
Server: Apache/2.2.22 (Ubuntu)
Vary: Accept-Encoding
Content-Length: 340
Content-Type: text/html; charset=iso-8859-1
Expires: Sun, 14 Jun 2015 08:04:14 GMT
clean
http://www.ynnoova.com/media/system/js/mootools-more.js
200 OK
Content-Length: 240654
Content-Type: application/javascript
clean
http://ynnoova.com/cache/js-b3f0603ced230e05b13bbd397bc3d60b.php
200 OK
Content-Length: 49303
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function aaa_online_ga(){
var nigraListo = ['rv:11.0','Mini','iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrome','IEMob
... 3141 bytes are skipped ...
tScrollSize2:function(){if((/^(?:body|html)$/i).test(this.tagName)){return this.getWindow().getScrollSize();}return{x:this.scrollWidth,y:this.scrollHeight};},getScroll2:function(){if((/^(?:body|html)$/i).test(this.tagName)){return this.getWindow().getScroll();}return{x:this.scrollLeft,y:this.scrollTop};}});Native.implement([Document,Window],{getSize2:function(){return this.getSize();},getScroll2:function(){return this.getScroll();},getScrollSize2:function(){return this.getScrollSize();}});
;

Antivirus reports:

Avast
JS:Iframe-EHG [Trj]
Ikarus
Trojan.JS.IFrame
McAfee-GW-Edition
JS/Iframe.gen.ae
Microsoft
Trojan:JS/Iframe.DI
Fortinet
JS/IFrame.XX!tr
McAfee
JS/Iframe.gen.ae
VIPRE
Malware.JS.Generic (JS)
Avira
JS/iFrame.DI.48
Sophos
Troj/JSRedir-LH
AVware
Malware.JS.Generic (JS)

http://ynnoova.com/modules/mod_roktabs/tmpl/roktabs.js
200 OK
Content-Length: 8825
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function aaa_online_ga(){
var nigraListo = ['rv:11.0','Mini','iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrome','IEMob
... 3148 bytes are skipped ...
okTabs|bottom|removeProperty|case|times|containers|display|container|tabScroller|opacity|over|toElement|noscroll|Tween|element|onComplete|to|value|30|before|ul|goTo|tabView|hide|inner|70|scrolling|adopt|none|tabPosition|push|pointer|switch|cursor|setOptions|getScrollSize|trident4|getScroll|initialize|scrollTo|addEvent|Events|Options|Implements|break|mt1|presto|version|Class|default|30000|50000|trident|wheelStops|tabsScroll|ie|Scroll|abs|gecko|Math|trident6|overflow|hidden|load'.split('|'),0,{}))

Antivirus reports:

Avast
JS:Iframe-EHG [Trj]
Ikarus
Trojan.JS.IFrame
McAfee-GW-Edition
JS/Iframe.gen.ae
Microsoft
Trojan:JS/Iframe.DI
Fortinet
JS/IFrame.XX!tr
McAfee
JS/Iframe.gen.ae
VIPRE
Malware.JS.Generic (JS)
Avira
JS/iFrame.DI.48
Sophos
Troj/JSRedir-LH
AVware
Malware.JS.Generic (JS)

http://cdn.wibiya.com/Toolbars/dir_1098/Toolbar_1098168/Loader_1098168.js
400 Bad Request
Content-Length: 270
Content-Type: text/html
clean
http://cdn.wibiya.com/test404page.js
400 Bad Request
Content-Length: 209
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: ynnoova.com

Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: max-age=3600
Connection: close
Date: Sun, 14 Jun 2015 07:04:08 GMT
Location: http://www.ynnoova.com/
Server: Apache/2.2.22 (Ubuntu)
Vary: Accept-Encoding
Content-Length: 308
Content-Type: text/html; charset=iso-8859-1
Expires: Sun, 14 Jun 2015 08:04:08 GMT

...308 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: ynnoova.com
Referer: http://www.google.com/search?q=ynnoova.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=ynnoova.com

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ynnoova.com/

Result: ynnoova.com is not infected or malware details are not published yet.