New scan:

Malware Scanner report for thesfo.org

Malicious/Suspicious/Total urls checked
1/0/9
1 page has malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://www.thesfo.org/
200 OK
Content-Length: 9040
Content-Type: text/html
clean
http://www.thesfo.org/js/jquery.min.js
200 OK
Content-Length: 93107
Content-Type: application/javascript
clean
http://www.thesfo.org/js/config.js
200 OK
Content-Length: 3598
Content-Type: application/javascript
clean
http://www.thesfo.org/js/skel.min.js
200 OK
Content-Length: 21439
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

var skel=function(){var a={config:{prefix:null,preloadStyleSheets:!1,pollOnce:!1,resetCSS:!1,normalizeCSS:!1,boxModel:null,useOrientation:!1,useRTL:!1,pollOnLock:!1,usePerpetualLock:!0,useDomainLock:!0,containers:960,grid:{collapse:!1,gutters:40},breakpoints:{all:{range:"*",hasStyleSheet:!1}},events:{}},isConfigured:!1,isInit:!1,lockState:null,stateId:"",me:null,breakpoints:[],breakpointList:[],events:[],plugins:{},cache:{elements:{},states:{}},locations:{html:null,head:null,body:null},vars:{},l
... 21203 bytes are skipped ...
gisterLocation("body",document.getElementsByTagName("body")[0])});a.initEvents();a.poll();a.iterate(a.plugins,function(b){a.initPluginConfig(b,a.plugins[b]);a.plugins[b].init()});a.isInit=!0},preInit:function(){var b=document.getElementsByTagName("script");a.me=b[b.length-1];if(window._skel_config)a.isConfigured=!0;else if(s=document.getElementsByTagName("script"),s=s[s.length-1].innerHTML.replace(/^\s+|\s+$/g,""))a.isConfigured=
!0;a.isConfigured&&a.init()}};a.preInit();return a}();

Antivirus reports:

Emsisoft
Trojan.JS.Redirector.BPJ (B)

http://www.thesfo.org/js/skel-panels.min.js
200 OK
Content-Length: 16835
Content-Type: application/javascript
clean
http://www.thesfo.org/ein-gutes-koerpergefuehl-bekommen.html
200 OK
Content-Length: 3879
Content-Type: text/html
clean
http://www.thesfo.org/das-wahre-ding.html
200 OK
Content-Length: 3929
Content-Type: text/html
clean
http://www.thesfo.org/masturbation-im-sex-tv.html
200 OK
Content-Length: 5361
Content-Type: text/html
clean
http://www.thesfo.org/test404page.js
HTTP/1.1 302 Found
Connection: close
Date: Wed, 09 Apr 2014 03:22:40 GMT
Location: http://www.thesfo.org
Server: Apache
Content-Length: 269
Content-Type: text/html; charset=iso-8859-1
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: thesfo.org

Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: thesfo.org
Referer: http://www.google.com/search?q=thesfo.org

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=thesfo.org

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://thesfo.org/

Result: thesfo.org is not infected or malware details are not published yet.