New scan:

Malware Scanner report for tricolor-vereya.ru

Malicious/Suspicious/Total urls checked
1/0/16
1 page has malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://tricolor-vereya.ru/
200 OK
Content-Length: 42645
Content-Type: text/html
clean
http://tricolor-vereya.ru/plugins/system/mediaobject/js/mediaobject-150.js
200 OK
Content-Length: 3721
Content-Type: application/x-javascript
clean
http://tricolor-vereya.ru/plugins/system/jceutilities/js/jquery-126.js
200 OK
Content-Length: 31033
Content-Type: application/x-javascript
clean
http://tricolor-vereya.ru/plugins/system/jceutilities/js/jceutilities-217.js
200 OK
Content-Length: 19964
Content-Type: application/x-javascript
clean
http://tricolor-vereya.ru/media/system/js/modal.js
200 OK
Content-Length: 10552
Content-Type: application/x-javascript
clean
http://tricolor-vereya.ru/components/com_k2/js/k2.js
200 OK
Content-Length: 2852
Content-Type: application/x-javascript
clean
http://tricolor-vereya.ru/media/system/js/caption.js
200 OK
Content-Length: 1721
Content-Type: application/x-javascript
clean
http://tricolor-vereya.ru/modules/mod_gk_tab/scripts/engine_compress.js
200 OK
Content-Length: 2986
Content-Type: application/x-javascript
clean
http://tricolor-vereya.ru/modules/mod_gk_tab/scripts/importer.php?modid=tabmix5&activator=click&animation=0&animationFun=Fx.Transitions.Back.easeInOut&animationType=1&animationSpeed=1000&animationInterval=5000&styleType=1&styleSuffix=style1&fixedHeight=0&fixedHeightValue=600&alwaysHide=1
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Wed, 19 Nov 2014 08:09:20 GMT
Location: http://vkcom100i.ru/?1/modules/mod_gk_tab/scripts/importer.php
Server: nginx/1.4.2
Vary: Accept-Encoding
Content-Length: 354
Content-Type: text/html; charset=iso-8859-1
clean
http://vkcom100i.ru/?1/modules/mod_gk_tab/scripts/importer.php
500 Can't connect to vkcom100i.ru:80
Content-Length: 187
Content-Type: text/plain
clean
http://vkcom100i.ru/test404page.js
500 Can't connect to vkcom100i.ru:80
Content-Length: 187
Content-Type: text/plain
clean
http://tricolor-vereya.ru/components/com_jcomments/js/jcomments-v2.0.js
200 OK
Content-Length: 26073
Content-Type: application/x-javascript
clean
http://tricolor-vereya.ru/components/com_jcomments/libraries/joomlatune/ajax.js
200 OK
Content-Length: 3978
Content-Type: application/x-javascript
clean
http://tricolor-vereya.ru/templates/cycletheme/js/mootools_release-1.11.js
200 OK
Content-Length: 88505
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

var MooTools = {
version: '1.11'
};
function $defined(obj){
return (obj != undefined);
};
function $type(obj){
if (!$defined(obj)) return false;
if (obj.htmlElement) return 'element';
var type = typeof obj;
if (type == 'object' && obj.nodeName){
switch(obj.nodeType){
case 1: return 'element';
case 3: return (/\S/).test(obj.nodeValue) ? 'textnode' : 'whitespace';
}
}
if (type == 'object' || type == 'function
... 3560 bytes are skipped ...
> var obj = {};
this.elements.each(function(el, i){
obj[i] = {};
var hide = (i != index) || (this.options.alwaysHide && (el.offsetHeight > 0));
this.fireEvent(hide ? 'onBackground' : 'onActive', [this.togglers[i], el]);
for (var fx in this.effects) obj[i][fx] = hide ? 0 : el[this.effects[fx]];
}, this);
return this.start(obj);
},
showThisHideOpen: function(index){return this.display(index);}
});
Fx.Accordion = Accordion;

Antivirus reports:

nProtect
Script/W32.Agent.AMF

http://tricolor-vereya.ru/templates/cycletheme/js/fx_styles.js
200 OK
Content-Length: 733
Content-Type: application/x-javascript
clean
http://tricolor-vereya.ru/templates/cycletheme/js/accordion.js
200 OK
Content-Length: 313
Content-Type: application/x-javascript
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: tricolor-vereya.ru

Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 19 Nov 2014 08:09:08 GMT
Pragma: no-cache
Server: nginx/1.4.2
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Wed, 19 Nov 2014 08:09:08 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: e253bb51b8ee3c9f77c274b8c0997c6e=alsdcjh1vq7i5gmknpqgq9ib74; path=/
Set-Cookie: lang=deleted; expires=Tue, 19-Nov-2013 08:09:07 GMT; path=/
Set-Cookie: jfcookie=deleted; expires=Tue, 19-Nov-2013 08:09:07 GMT; path=/
Set-Cookie: jfcookie[lang]=deleted; expires=Tue, 19-Nov-2013 08:09:07 GMT; path=/
X-Powered-By: PHP/5.3.2-1ubuntu4.20
X-UA-Compatible: IE=EmulateIE7
Second query (visit from search engine):
GET / HTTP/1.1
Host: tricolor-vereya.ru
Referer: http://www.google.com/search?q=tricolor-vereya.ru

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=tricolor-vereya.ru

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://tricolor-vereya.ru/

Result: tricolor-vereya.ru is not infected or malware details are not published yet.