New scan:

Malware Scanner report for johannesburgprimaryschool.co.za

Malicious/Suspicious/Total urls checked
1/0/2
1 page has malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
Found
Probably the website is defaced. The following signature was found:

HACKED BY MOROCCAN AGENT SECRET   (8 websites defaced)

See details below

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://www.johannesburgprimaryschool.co.za/
200 OK
Content-Length: 40797
Content-Type: text/html
suspicious
Malicious code - confirmed by antiviruses (see below)


<!-- MAS -->
<!--
document.write(unescape('%3C%68%74%6D%6C%3E%20%20%0A%3C%6D%65%74%61%20%63%68%61%72%73%65%74%3D%22%55%54%46%2D%38%22%20%2F%3E%0A%20%20%3C%48%45%41%44%3E%20%0A%20%20%3C%74%69%74%6C%65%3E%48%61%63%6B%65%64%20%42%79%20%4D%2E%41%2E%53%3C%2F%74%69%74%6C%65%3E%0A%3C%6D%65%74%61%20%63%6F%6E%74%65%6E%74%3D%27%48%61%63%6B%65%64%20%20%62%79%20%4D%2E%41%2E%53%27%20%6E%61%6D%65%3D%27%73%75%62%6A%65%63%74%27%2F%3E%0A%3C%6D%65%74%61%20%63%6F%6E%74%65%6E%74%3D%27%48%61
... 3021 bytes are skipped ...
%30%36%31%35%33%38%22%20%73%63%72%6F%6C%6C%69%6E%67%3D%22%6E%6F%22%20%66%72%61%6D%65%62%6F%72%64%65%72%3D%22%30%22%20%73%74%79%6C%65%3D%22%62%6F%72%64%65%72%3A%6E%6F%6E%65%3B%20%6F%76%65%72%66%6C%6F%77%3A%68%69%64%64%65%6E%3B%20%77%69%64%74%68%3A%32%38%30%70%78%3B%20%68%65%69%67%68%74%3A%37%30%70%78%3B%22%20%61%6C%6C%6F%77%54%72%61%6E%73%70%61%72%65%6E%63%79%3D%22%74%72%75%65%22%3E%3C%2F%69%66%72%61%6D%65%3E%3C%2F%64%69%76%3E%0A%20%3C%2F%63%65%6E%74%65%72%3E%0A%0A%3C%2F%68%74%6D%6C%3E%0A%20'));

Decoded script:


<html>
<meta charset="UTF-8" />
<HEAD>
<title>Hacked By M.A.S</title>
<meta content='Hacked by M.A.S' name='subject'/>
<meta content='Hacked by M.A.S'
name='Abstract'/>
<meta content='HACKED BY M.A.S'
name='description'/>
<meta content='M.A.S & FNFHM' name='copyright'/>
<meta content='M.A.S' name='author'/>
<link href="https://fbcdn-sphotos-d-a.akamaihd.net/hphotos-ak-pr
... 11651 bytes are skipped ...
/p>
</div><center>
<iframe src="http://www.facebook.com/plugins/likebox.php?href=https://www.facebook.com/MoroccanAgentSecret&width=280&height=70&show_faces=true&colorscheme=light&stream=true&border_color&header=false&appId=166279230061538" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:280px; height:70px;" allowTransparency="true"></iframe></div>
</center>
</html>


Antivirus reports:

Avast
JS:Defacement-H [Trj]

Deface/Content modification. The following signature was found: HACKED BY MOROCCAN AGENT SECRET

<!DOCTYPE HTML PUBLIC>
<Html>
<head> <title></title><SCRIPT LANGUAGE="JavaScript">
<!-- Begin
var scrl = " HACKED BY MOROCCAN AGENT SECRET ";
function scrlsts() {
scrl = scrl.substring(1, scrl.length) + scrl.substring(0, 1);
document.title = scrl;
setTimeout("scrlsts()", 300);
}
// End -->
</script>
</head>
<head>
<meta name="description" content="Hacked By Moroccan Agent Secret">
<meta name="keywords" content="mas,hacked,moroccanagentsecret,morocco">
<meta
...[41111 bytes skipped]...


http://www.johannesburgprimaryschool.co.za/test404page.js
404 Not Found
Content-Length: 5276
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: johannesburgprimaryschool.co.za

Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: johannesburgprimaryschool.co.za
Referer: http://www.google.com/search?q=johannesburgprimaryschool.co.za

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=johannesburgprimaryschool.co.za

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://johannesburgprimaryschool.co.za/

Result: johannesburgprimaryschool.co.za is not infected or malware details are not published yet.