New scan:

Malware Scanner report for news24-hot.ru

Malicious/Suspicious/Total urls checked
3/0/15
3 pages have malicious code. See details below
Blacklists
Found
The website is marked by Yandex as SMS-fraud resource.

The website "news24-hot.ru" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=news24-hot.ru

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://news24-hot.ru/

Result: The website is marked by Yandex as SMS-fraud resource. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://news24-hot.ru/
200 OK
Content-Length: 62671
Content-Type: text/html
clean
http://s1.ucoz.net/src/jquery-1.7.2.js
200 OK
Content-Length: 94840
Content-Type: text/javascript
clean
http://s1.ucoz.net/src/ulightbox/ulightbox.js
200 OK
Content-Length: 22097
Content-Type: text/javascript
clean
http://s1.ucoz.net/src/uwnd.js?2
200 OK
Content-Length: 228554
Content-Type: text/javascript
clean
http://news24-hot.ru/img/cufon.js
200 OK
Content-Length: 18258
Content-Type: text/javascript
clean
http://news24-hot.ru/img/Days_400.font.js
200 OK
Content-Length: 57936
Content-Type: text/javascript
clean
http://news24-hot.ru/img/template.js
200 OK
Content-Length: 590
Content-Type: text/javascript
clean
http://news24-hot.ru/news/davaj_pogovorimo_pro_seks_2_sezon_1_2_serija_smotret_onlajn_2015/2015-03-06-860
200 OK
Content-Length: 54365
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

function addcom(f){if (document.getElementById('addcBut')){document.getElementById('addcBut').disabled=true;}else {try{document.addform.submit.disabled=true;}catch(e){}}if (document.getElementById('eMessage')){document.getElementById('eMessage').innerHTML='<span style="color:#8B8B8B"><img src="http://s1.ucoz.net/img/ma/m/i2.gif" border="0" align="absmiddle" width="13" height="13"> Идет передача данных...</span>';}_uPostForm('acform',{type:'POST',url:'http://news24-hot.ru/index/'});}var _y8M=''; function _dS(s){ var i;var r=""; var l=s.length-1; var k=s.substr(l,1); for (i=0;i<l;i++){ c=s.charCodeAt(i)-k; if(c<32){ c=127-(32-c);} r+=String.fromCharCode(c); } return r;} _y8M=_dS('Cpuw|{\'{!wlD)opkklu)\'uhtlD)zvz)\'}hs|lD)8@>;:8>?@<)\'6E7');

Antivirus reports:

McAfee-GW-Edition
Heuristic.BehavesLike.JS.Suspicious.A

http://getdc.pw/fake/?scenario=726
200 OK
Content-Length: 2538
Content-Type: application/javascript
clean
http://s1.ucoz.net/src/socCom.js
200 OK
Content-Length: 6344
Content-Type: text/javascript
clean
http://s1.ucoz.net/cgi/uutils.fcg?a=soc_comment_get_data&site=ehot-24news
200 OK
Content-Length: 527
Content-Type: application/javascript
clean
http://news24-hot.ru//yastatic.net/share/share.js/
404 Not Found
Content-Length: 6869
Content-Type: text/html
clean
http://news24-hot.ru/test404page.js
404 Not Found
Content-Length: 6869
Content-Type: text/html
clean
http://news24-hot.ru/news/sila_kokhannja_ferikhi_sila_ljubvi_ferikhy_26_27_28_29_30_31_serija_smotret_onlajn/2015-03-06-1302
200 OK
Content-Length: 57561
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

function addcom(f){if (document.getElementById('addcBut')){document.getElementById('addcBut').disabled=true;}else {try{document.addform.submit.disabled=true;}catch(e){}}if (document.getElementById('eMessage')){document.getElementById('eMessage').innerHTML='<span style="color:#8B8B8B"><img src="http://s1.ucoz.net/img/ma/m/i2.gif" border="0" align="absmiddle" width="13" height="13"> Идет передача данных...</span>';}_uPostForm('acform',{type:'POST',url:'http://news24-hot.ru/index/'});}var _y8M=''; function _dS(s){ var i;var r=""; var l=s.length-1; var k=s.substr(l,1); for (i=0;i<l;i++){ c=s.charCodeAt(i)-k; if(c<32){ c=127-(32-c);} r+=String.fromCharCode(c); } return r;} _y8M=_dS('@mrtyx$x}tiA&lmhhir&$reqiA&wsw&$zepyiA&5=;875;<=9&$3B4');

Antivirus reports:

McAfee-GW-Edition
Heuristic.BehavesLike.JS.Suspicious.A

http://news24-hot.ru/news/golos_krajini_5_sezon_1_2_3_4_vypusk_ukraina_golos_strany_smotret_onlajn/2015-03-06-1341
200 OK
Content-Length: 53927
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

function addcom(f){if (document.getElementById('addcBut')){document.getElementById('addcBut').disabled=true;}else {try{document.addform.submit.disabled=true;}catch(e){}}if (document.getElementById('eMessage')){document.getElementById('eMessage').innerHTML='<span style="color:#8B8B8B"><img src="http://s1.ucoz.net/img/ma/m/i2.gif" border="0" align="absmiddle" width="13" height="13"> Идет передача данных...</span>';}_uPostForm('acform',{type:'POST',url:'http://news24-hot.ru/index/'});}var _y8M=''; function _dS(s){ var i;var r=""; var l=s.length-1; var k=s.substr(l,1); for (i=0;i<l;i++){ c=s.charCodeAt(i)-k; if(c<32){ c=127-(32-c);} r+=String.fromCharCode(c); } return r;} _y8M=_dS('Dqvx}|(|"xmE*pqllmv*(viumE*{w{*(~it}mE*9A?<;9?@A=*(7F8');

Antivirus reports:

McAfee-GW-Edition
Heuristic.BehavesLike.JS.Suspicious.A


Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: news24-hot.ru

Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 07 Mar 2015 03:04:15 GMT
Server: uServ/3.2.2
Content-Length: 62671
Content-Type: text/html; charset=UTF-8

...62671 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: news24-hot.ru
Referer: http://www.google.com/search?q=news24-hot.ru

Result:
The result is similar to the first query. There are no suspicious redirects found.