New scan:

Malware Scanner report for rubias-21.com

Malicious/Suspicious/Total urls checked
10/0/15
10 pages have malicious code. See details below
Blacklists
Found
The website is marked by Yandex as suspicious.

The website "rubias-21.com" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/20
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=rubias-21.com

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://rubias-21.com/

Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://rubias-21.com/
200 OK
Content-Length: 57421
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

var puShown = false;
function doOpen(url)
{
if ( puShown == true )
{
return true;
}
win = window.open(url, 'ljPu', 'toolbar,status,resizable,scrollbars,menubar,location,height=760,width=800');
if ( win )
{
win.blur();
puShown = true;
}

... 1078 bytes are skipped ...
if ( document.addEventListener )
{
document.addEventListener( 'click', checkTarget, false );
}
}
function checkTarget(e)
{
if ( !getCookie('popundr') ) {
var e = e || window.event;
var win = doOpen('http://www.pornofalke.info/tgp/');
setCookie('popundr', 1, 24*60*60*1000);
}
}
initPu();

Antivirus reports:

Agnitum
JS.Pornpop.Gen

http://www.rubias-21.com/mobile_detect.js
200 OK
Content-Length: 4164
Content-Type: application/javascript
clean
http://adspaces.ero-advertising.com/adspace/201823.js
200 OK
Content-Length: 1486
Content-Type: application/javascript
clean
http://adspaces.ero-advertising.com/adspace/84998.js
200 OK
Content-Length: 2459
Content-Type: application/javascript
clean
http://fx.gtopstats.com/js/gTOP.js?v=2
200 OK
Content-Length: 6853
Content-Type: application/x-javascript
clean
http://rubias-21.com/track.js
200 OK
Content-Length: 1005
Content-Type: application/javascript
clean
http://rubias-21.com/index.php
200 OK
Content-Length: 57889
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

var puShown = false;
function doOpen(url)
{
if ( puShown == true )
{
return true;
}
win = window.open(url, 'ljPu', 'toolbar,status,resizable,scrollbars,menubar,location,height=760,width=800');
if ( win )
{
win.blur();
puShown = true;
}

... 1078 bytes are skipped ...
if ( document.addEventListener )
{
document.addEventListener( 'click', checkTarget, false );
}
}
function checkTarget(e)
{
if ( !getCookie('popundr') ) {
var e = e || window.event;
var win = doOpen('http://www.pornofalke.info/tgp/');
setCookie('popundr', 1, 24*60*60*1000);
}
}
initPu();

Antivirus reports:

Agnitum
JS.Pornpop.Gen

http://rubias-21.com/sexy-erotica-y-perra.html
200 OK
Content-Length: 13798
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

var puShown = false;
function doOpen(url)
{
if ( puShown == true )
{
return true;
}
win = window.open(url, 'ljPu', 'toolbar,status,resizable,scrollbars,menubar,location,height=760,width=800');
if ( win )
{
win.blur();
puShown = true;
}

... 1078 bytes are skipped ...
if ( document.addEventListener )
{
document.addEventListener( 'click', checkTarget, false );
}
}
function checkTarget(e)
{
if ( !getCookie('popundr') ) {
var e = e || window.event;
var win = doOpen('http://www.pornofalke.info/tgp/');
setCookie('popundr', 1, 24*60*60*1000);
}
}
initPu();

Antivirus reports:

Agnitum
JS.Pornpop.Gen

http://rubias-21.com/buena.htm
200 OK
Content-Length: 13195
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

var puShown = false;
function doOpen(url)
{
if ( puShown == true )
{
return true;
}
win = window.open(url, 'ljPu', 'toolbar,status,resizable,scrollbars,menubar,location,height=760,width=800');
if ( win )
{
win.blur();
puShown = true;
}

... 1078 bytes are skipped ...
if ( document.addEventListener )
{
document.addEventListener( 'click', checkTarget, false );
}
}
function checkTarget(e)
{
if ( !getCookie('popundr') ) {
var e = e || window.event;
var win = doOpen('http://www.pornofalke.info/tgp/');
setCookie('popundr', 1, 24*60*60*1000);
}
}
initPu();

Antivirus reports:

Agnitum
JS.Pornpop.Gen

http://rubias-21.com/mamada.htm
200 OK
Content-Length: 12918
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

var puShown = false;
function doOpen(url)
{
if ( puShown == true )
{
return true;
}
win = window.open(url, 'ljPu', 'toolbar,status,resizable,scrollbars,menubar,location,height=760,width=800');
if ( win )
{
win.blur();
puShown = true;
}

... 1078 bytes are skipped ...
if ( document.addEventListener )
{
document.addEventListener( 'click', checkTarget, false );
}
}
function checkTarget(e)
{
if ( !getCookie('popundr') ) {
var e = e || window.event;
var win = doOpen('http://www.pornofalke.info/tgp/');
setCookie('popundr', 1, 24*60*60*1000);
}
}
initPu();

Antivirus reports:

Agnitum
JS.Pornpop.Gen

http://rubias-21.com/antes.htm
200 OK
Content-Length: 12887
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

var puShown = false;
function doOpen(url)
{
if ( puShown == true )
{
return true;
}
win = window.open(url, 'ljPu', 'toolbar,status,resizable,scrollbars,menubar,location,height=760,width=800');
if ( win )
{
win.blur();
puShown = true;
}

... 1078 bytes are skipped ...
if ( document.addEventListener )
{
document.addEventListener( 'click', checkTarget, false );
}
}
function checkTarget(e)
{
if ( !getCookie('popundr') ) {
var e = e || window.event;
var win = doOpen('http://www.pornofalke.info/tgp/');
setCookie('popundr', 1, 24*60*60*1000);
}
}
initPu();

Antivirus reports:

Agnitum
JS.Pornpop.Gen

http://rubias-21.com/ducharse.htm
200 OK
Content-Length: 12980
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

var puShown = false;
function doOpen(url)
{
if ( puShown == true )
{
return true;
}
win = window.open(url, 'ljPu', 'toolbar,status,resizable,scrollbars,menubar,location,height=760,width=800');
if ( win )
{
win.blur();
puShown = true;
}

... 1078 bytes are skipped ...
if ( document.addEventListener )
{
document.addEventListener( 'click', checkTarget, false );
}
}
function checkTarget(e)
{
if ( !getCookie('popundr') ) {
var e = e || window.event;
var win = doOpen('http://www.pornofalke.info/tgp/');
setCookie('popundr', 1, 24*60*60*1000);
}
}
initPu();

Antivirus reports:

Agnitum
JS.Pornpop.Gen

http://rubias-21.com/amateur.htm
200 OK
Content-Length: 12990
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

var puShown = false;
function doOpen(url)
{
if ( puShown == true )
{
return true;
}
win = window.open(url, 'ljPu', 'toolbar,status,resizable,scrollbars,menubar,location,height=760,width=800');
if ( win )
{
win.blur();
puShown = true;
}

... 1078 bytes are skipped ...
if ( document.addEventListener )
{
document.addEventListener( 'click', checkTarget, false );
}
}
function checkTarget(e)
{
if ( !getCookie('popundr') ) {
var e = e || window.event;
var win = doOpen('http://www.pornofalke.info/tgp/');
setCookie('popundr', 1, 24*60*60*1000);
}
}
initPu();

Antivirus reports:

Agnitum
JS.Pornpop.Gen

http://rubias-21.com/chica.htm
200 OK
Content-Length: 13060
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

var puShown = false;
function doOpen(url)
{
if ( puShown == true )
{
return true;
}
win = window.open(url, 'ljPu', 'toolbar,status,resizable,scrollbars,menubar,location,height=760,width=800');
if ( win )
{
win.blur();
puShown = true;
}

... 1078 bytes are skipped ...
if ( document.addEventListener )
{
document.addEventListener( 'click', checkTarget, false );
}
}
function checkTarget(e)
{
if ( !getCookie('popundr') ) {
var e = e || window.event;
var win = doOpen('http://www.pornofalke.info/tgp/');
setCookie('popundr', 1, 24*60*60*1000);
}
}
initPu();

Antivirus reports:

Agnitum
JS.Pornpop.Gen

http://rubias-21.com/latina.htm
200 OK
Content-Length: 12817
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

var puShown = false;
function doOpen(url)
{
if ( puShown == true )
{
return true;
}
win = window.open(url, 'ljPu', 'toolbar,status,resizable,scrollbars,menubar,location,height=760,width=800');
if ( win )
{
win.blur();
puShown = true;
}

... 1078 bytes are skipped ...
if ( document.addEventListener )
{
document.addEventListener( 'click', checkTarget, false );
}
}
function checkTarget(e)
{
if ( !getCookie('popundr') ) {
var e = e || window.event;
var win = doOpen('http://www.pornofalke.info/tgp/');
setCookie('popundr', 1, 24*60*60*1000);
}
}
initPu();

Antivirus reports:

Agnitum
JS.Pornpop.Gen


Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: rubias-21.com

Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 15 Sep 2014 06:42:27 GMT
Server: Apache/2
Vary: Accept-Encoding,User-Agent
Content-Type: text/html
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: rubias-21.com
Referer: http://www.google.com/search?q=rubias-21.com

Result:
The result is similar to the first query. There are no suspicious redirects found.