Suspicious link(s) on website?

Missed: http://zulu.zscaler.com/submission/show/049e6b7e20ec0664d3e0155e813cefbb-1427408956
Stamped as safe: http://vnseo.com/life-24.com

Javascript Check:
Suspicious

.open();iw.writeln(“<ht”+“ml><bo”+“dy></bo”+“dy></ht”+“ml>”);///iw.close();var c=iw[b];} catch(e)///{var iw=d;var/// c=dgi;}var//// dv=iwce;…

Page blocked by DrWeb’s URL checker and this blocked by an extension: htxp://jsc.marketgid.com/l/i/life-24.com.573236.js?t=

Included Script check:
Suspect - please check list for unknown includes

htxp://more152.net/red.php?s=2751022692

Suspicious Script:
htxp://recreativ.ru/rcode.bd082a2436.js
.ru/images/rc.png’) ///no-repeat !important;float:right !important;overflow:hidden !important}//// .rc-link:hover {background-position://// left -17px
Re: http://speed-test.pagespeed.de/webseite/life-24.com

Quttera flags 1 suspicious file: -jsc.marketgid.com/l/i/life-24.com.561174.js?t=
Severity: Suspicious
Reason: Detected encoded JavaScript code commonly used to hide suspicious behaviour.
Details: Generic suspicious HEX encoder
Offset: 25416
Threat dump: http://www.webpagescreenshot.info/img/55148ad6db84e9-42564657
Threat dump MD5: 76F286E31FA80093CF04B49ED78879E8
File size[byte]: 40359
File type: ASCII
Page/File MD5: 18A4CD6AB3AC7BAF52E58E038C140236
Scan duration[sec]: 0.068000

pol

The website hack has been with us for somewhat longer - since 2012 at least, read: http://elegantcode.com/2012/04/10/getting-hacked-and-seven-levels-of-indirection/
link article author = Chris Brandsma,

polonus

P.S. The link htxp://jsc.marketgid.com/l/i/life-24.com.573236.js?t= is flagged by Fortinet’s Web Filter as:
2015-03-26 2 -counter.marketgid.com/js/mui.js?cbuster=115240 Malware

D