See: http://killmalware.com/shimojyuku.com/# (was hacked 9 days ago).
iFrames: http://isithacked.com/check/http%3A%2F%2Fshimojyuku.com

* * htxp://diklatregbukittinggi.kemendagri.go.id/ Index of /

cgi-bin/
-paypal.com.webapps.home.203473rbwufbwe92epweigfnwdigpns/
Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 Server at -diklatregbukittinggi.kemendagri.go.id Port 80 → http://toolbar.netcraft.com/site_report?url=http://diklatregbukittinggi.kemendagri.go.id

index.html
Severity: Malicious
Reason: Detected malicious PHP content
Details: Website Potentially Defaced
Offset: 295
Script see where it lands: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fblogskins.ir%2Ftools%2Fjava%2Fno-rightclick.js & http://www.domxssscanner.com/scan?url=http%3A%2F%2Fblogskins.ir%2Ftools%2Fjava%2Fno-rightclick.js

Status codes
These should normally all be the same.

Google Chrome returned code 302 to -http://www.1abzar.com
GoogleBot returned code 302 to -http://www.1abzar.com *

• re: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.1abzar.com%2Fjquery.min.js

PHP vuln.: https://www.exploit-db.com/exploits/38123/

pol