Javascript Check is found to be suspicious:
Suspicious

data[//><!]]> <script type="text/jav…
Sucuri"s does not detect: http://sitecheck.sucuri.net/results/twojruch.eu
XSS attack vulnerable site? Drupal version up to date: 7.28

polonus

P.S. For evaluation see: http://fetch.scritch.org/%2Bfetch/?url=http%3A%2F%2Ftwojruch.eu%2Fwiadomosci%2Frownosc%2Fbloginewsweekpl-atak-establishmentu-na-twoj-ruch-palikota&useragent=Fetch+useragent&accept_encoding=

External script link with suspicious web rep: https://www.mywot.com/en/scorecard/track.adform.net?utm_source=addon&utm_content=popup

D

Another one here: See: http://quttera.com/detailed_report/twojanuta.pl
plug-in php malcode? Scam ads?
Nothing here: https://www.virustotal.com/nl/url/454d9117d377def69c3510b30168e0f6390ffa278e778564a3f4c3a9e50bb0d6/analysis/1402945597/
External script link to htxp://diff3.smartadserver.com/call2/pubjall/
→ https://www.mywot.com/en/scorecard/diff3.smartadserver.com?utm_source=addon&utm_content=popup

polonus

Flagged at Comodo’s and Quttera’s
http://app.webinspector.com/public/reports/22604437
&
http://quttera.com/detailed_report/nichesnowboards.com

Detected potentially suspicious initialization of function pointer to JavaScript method eval __tmpvar749749895 = eval;

See here: htxp://aw-snap.info/articles/js-examples.php (broken for avast! flags site as with as
JS:Agent-KD[Trj]

Sucuri detects site as infested with SEO-Spam: http://sitecheck.sucuri.net/results/nichesnowboards.com

Known javascript malware. Details: http://sucuri.net/malware/entry/MW:SPAM:SEO
t=‘’;}}x[l-a]=z;}document.write(‘<’+x[0]+’ ‘+x[4]+’>.‘+x[2]+’{‘+x[1]+’}</‘+x[0]+’>');}xViewState();

polonus

Glad to be able to report to avast! community members that the excellent avast! Web Shield detects and blocks the malcode on: htXps://nichesnowboards.com/ as JS:HideLink-A[Trj].
We are being protected, folks!

pol

Similar SEO-Spam malware here: http://sitecheck.sucuri.net/results/twosparrowsproductions.ca
http://app.webinspector.com/public/reports/show_website?site=http%3A%2F%2Ftwosparrowsproductions.ca → TrojWare.JS.Agent.caa
6 instances of SEO Spam detected: http://sitecheck.sucuri.net/results/twosparrowsproductions.ca
BitDefender TrafficLight also blocks site as being malicious.
Also known as PHISH-IP, http://lists.clean-mx.com/pipermail/phishwatch/20131219/066860.html

polonus

VirusTotal
https://www.virustotal.com/en/file/98b86057499c53e8c057ba2b760d5efc3e03217d84ff8ed0a67e39a169725ff2/analysis/1403038946/

VirusTotal
https://www.virustotal.com/en/file/9e144a0d8b574bce3bff1f0fb17c2fe468ee2981c754c1eb2d034213fbda86e3/analysis/1403039061/

Most scanners give this site clean bill of health: http://zulu.zscaler.com/submission/show/563934b6ddc96f045625ebf47d84470e-1403180866
&
http://quttera.com/detailed_report/www.afdzal.net
&
http://urlquery.net/report.php?id=1403180114602
But we get suspicious iFrame check:
Suspicious

htxp://widget.stagram.com/follow/wan9571’
htxp://snapwidget.com/in/?u=d2fuotu3mxxpbnwxmdb8mnw0fhx5zxn8nxxub25l’

Included scripts check:Suspect - please check list for unknown includes

Suspicious Script:
htxp://busuk.org/ping/widget/type3/1182050127/12
document.write(“”);

Sucuri’s scan results seem to agree: http://sitecheck.sucuri.net/results/www.afdzal.net

avast Web Shield blocks as with JS:Clickjack-H[Trj], which equals TrojWare.JS.TrojanClicker.FbLiker.A.

polonus

Most scanners give this site clean bill of health: http://zulu.zscaler.com/submission/show/563934b6ddc96f045625ebf47d84470e-1403180866

VirusTotal https://www.virustotal.com/nb/file/aeeea27e5d86dd4e16352c8b3e8c1c188f2a82048181bf844552d75af2eda337/analysis/1403187908/

We thank Pondus for reporting undetected website: : wXw.wydawnictwoasp.pl
What’s on?
Javascript Check:
Suspicious

document.write(unescape(\'%3c%73%63%72%69%70%74%20%6c%61%6e%67%75%61 Spam Check: Suspicion of Site-Wide Defacement tional//en\"> hacked by phantomghost

What about this one: Suspicious on 001hao dot com