Malware Scanner report for ratusha.ru

Malicious/Suspicious/Total urls checked: 7/0/15

7 pages have malicious code. See details below

Blacklists: OK

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/14/14

14 suspicious iframes found. See details below

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Scanned pages/files

Request	Server response	Status
http://ratusha.ru/	200 OK Content-Length: 63030 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="http://4347940.fls.doubleclick.net/activityi;src=4347940;type=invmedia;cat=Cn2oT5wC;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports: Avast HTML:Iframe-inf VIPRE Heur.HTML.MalIFrame (v) Norman Iframer.AU Sophos Mal/Iframe-V GData HTML:Iframe-inf ESET-NOD32 HTML/Iframe.B.Gen Hidden iFrame found. size: 1x1 style: hidden src: http://4347940.fls.doubleclick.net/activityi;src=4347940;type=invmedia;cat=cn2ot5wc;ord=1? <iframe src="http://4347940.fls.doubleclick.net/activityi;src=4347940;type=invmedia;cat=cn2ot5wc;ord=1?" width="1" height="1" frameborder="0" style="display:none"> Hidden iFrame found. size: 1x1 style: hidden src: http://4347940.fls.doubleclick.net/activityi;src=4347940;type=invmedia;cat=cn2ot5wc;ord= <iframe src="http://4347940.fls.doubleclick.net/activityi;src=4347940;type=invmedia;cat=cn2ot5wc;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none">
http://ratusha.ru/bitrix/cache/js/s1/main/template_847cc55ea31976ca5410a2290cfefd52/template_847cc55ea31976ca5410a2290cfefd52_c4a43ef6b112768fe78bdc5e31a34c88.js?1425302558431935	200 OK Content-Length: 300900 Content-Type: application/javascript	clean
http://ratusha.ru/bitrix/cache/js/s1/main/page_fd46bd712ddf39b7c325c8a89dacbf92/page_fd46bd712ddf39b7c325c8a89dacbf92_91cf73578bfa838d90a66298a431089f.js?142497115258525	200 OK Content-Length: 58525 Content-Type: application/javascript	clean
http://sedu.adhands.ru/js/counter.js	200 OK Content-Length: 16440 Content-Type: application/javascript	clean
http://ratusha.ru/about/	200 OK Content-Length: 39822 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="http://4347940.fls.doubleclick.net/activityi;src=4347940;type=invmedia;cat=Cn2oT5wC;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports: Avast HTML:Iframe-inf VIPRE Heur.HTML.MalIFrame (v) Norman Iframer.AU Sophos Mal/Iframe-V GData HTML:Iframe-inf ESET-NOD32 HTML/Iframe.B.Gen Hidden iFrame found. size: 1x1 style: hidden src: http://4347940.fls.doubleclick.net/activityi;src=4347940;type=invmedia;cat=cn2ot5wc;ord= <iframe src="http://4347940.fls.doubleclick.net/activityi;src=4347940;type=invmedia;cat=cn2ot5wc;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"> Hidden iFrame found. size: 1x1 style: hidden src: http://4347940.fls.doubleclick.net/activityi;src=4347940;type=invmedia;cat=cn2ot5wc;ord=1? <iframe src="http://4347940.fls.doubleclick.net/activityi;src=4347940;type=invmedia;cat=cn2ot5wc;ord=1?" width="1" height="1" frameborder="0" style="display:none">
http://ratusha.ru/about/../js/jquery.nicescroll.min.js	200 OK Content-Length: 57983 Content-Type: application/javascript	clean
http://ratusha.ru/about/../js/wow.min.js	200 OK Content-Length: 7082 Content-Type: application/javascript	clean
http://ratusha.ru/about/place/	200 OK Content-Length: 32335 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="http://4347940.fls.doubleclick.net/activityi;src=4347940;type=invmedia;cat=Cn2oT5wC;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports: Avast HTML:Iframe-inf VIPRE Heur.HTML.MalIFrame (v) Norman Iframer.AU Sophos Mal/Iframe-V GData HTML:Iframe-inf ESET-NOD32 HTML/Iframe.B.Gen Hidden iFrame found. size: 1x1 style: hidden src: http://4347940.fls.doubleclick.net/activityi;src=4347940;type=invmedia;cat=cn2ot5wc;ord=1? <iframe src="http://4347940.fls.doubleclick.net/activityi;src=4347940;type=invmedia;cat=cn2ot5wc;ord=1?" width="1" height="1" frameborder="0" style="display:none"> Hidden iFrame found. size: 1x1 style: hidden src: http://4347940.fls.doubleclick.net/activityi;src=4347940;type=invmedia;cat=cn2ot5wc;ord= <iframe src="http://4347940.fls.doubleclick.net/activityi;src=4347940;type=invmedia;cat=cn2ot5wc;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none">
http://ratusha.ru/bitrix/cache/js/s1/main/page_4326595db8c2d5d9d87ee12c30a95f4e/page_4326595db8c2d5d9d87ee12c30a95f4e_d4f5a3fb20ad1eb09984300172e2f4fe.js?14249720972981	200 OK Content-Length: 2981 Content-Type: application/javascript	clean
http://maps.googleapis.com/maps/api/js?key=AIzaSyBMq2KskN09598AHZM5N9xeW8uTc1tyr-k&sensor=true	200 OK Content-Length: 4360 Content-Type: text/javascript	clean
http://ratusha.ru/about/partners/	200 OK Content-Length: 15384 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="http://4347940.fls.doubleclick.net/activityi;src=4347940;type=invmedia;cat=Cn2oT5wC;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports: Avast HTML:Iframe-inf VIPRE Heur.HTML.MalIFrame (v) Norman Iframer.AU Sophos Mal/Iframe-V GData HTML:Iframe-inf ESET-NOD32 HTML/Iframe.B.Gen Hidden iFrame found. size: 1x1 style: hidden src: http://4347940.fls.doubleclick.net/activityi;src=4347940;type=invmedia;cat=cn2ot5wc;ord= <iframe src="http://4347940.fls.doubleclick.net/activityi;src=4347940;type=invmedia;cat=cn2ot5wc;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"> Hidden iFrame found. size: 1x1 style: hidden src: http://4347940.fls.doubleclick.net/activityi;src=4347940;type=invmedia;cat=cn2ot5wc;ord=1? <iframe src="http://4347940.fls.doubleclick.net/activityi;src=4347940;type=invmedia;cat=cn2ot5wc;ord=1?" width="1" height="1" frameborder="0" style="display:none">
http://ratusha.ru/rent/	200 OK Content-Length: 80125 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="http://4347940.fls.doubleclick.net/activityi;src=4347940;type=invmedia;cat=Cn2oT5wC;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports: Avast HTML:Iframe-inf VIPRE Heur.HTML.MalIFrame (v) Norman Iframer.AU Sophos Mal/Iframe-V GData HTML:Iframe-inf ESET-NOD32 HTML/Iframe.B.Gen Hidden iFrame found. size: 1x1 style: hidden src: http://4347940.fls.doubleclick.net/activityi;src=4347940;type=invmedia;cat=cn2ot5wc;ord=1? <iframe src="http://4347940.fls.doubleclick.net/activityi;src=4347940;type=invmedia;cat=cn2ot5wc;ord=1?" width="1" height="1" frameborder="0" style="display:none"> Hidden iFrame found. size: 1x1 style: hidden src: http://4347940.fls.doubleclick.net/activityi;src=4347940;type=invmedia;cat=cn2ot5wc;ord= <iframe src="http://4347940.fls.doubleclick.net/activityi;src=4347940;type=invmedia;cat=cn2ot5wc;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none">
http://ratusha.ru/bitrix/cache/js/s1/main/page_5406dc964681f5669ece03a6be0e472c/page_5406dc964681f5669ece03a6be0e472c_64bf604f5a06740caace28e69f6cb829.js?142497116295241	200 OK Content-Length: 95241 Content-Type: application/javascript	clean
http://ratusha.ru/gallery/	200 OK Content-Length: 36896 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="http://4347940.fls.doubleclick.net/activityi;src=4347940;type=invmedia;cat=Cn2oT5wC;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports: Avast HTML:Iframe-inf VIPRE Heur.HTML.MalIFrame (v) Norman Iframer.AU Sophos Mal/Iframe-V GData HTML:Iframe-inf ESET-NOD32 HTML/Iframe.B.Gen Hidden iFrame found. size: 1x1 style: hidden src: http://4347940.fls.doubleclick.net/activityi;src=4347940;type=invmedia;cat=cn2ot5wc;ord= <iframe src="http://4347940.fls.doubleclick.net/activityi;src=4347940;type=invmedia;cat=cn2ot5wc;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"> Hidden iFrame found. size: 1x1 style: hidden src: http://4347940.fls.doubleclick.net/activityi;src=4347940;type=invmedia;cat=cn2ot5wc;ord=1? <iframe src="http://4347940.fls.doubleclick.net/activityi;src=4347940;type=invmedia;cat=cn2ot5wc;ord=1?" width="1" height="1" frameborder="0" style="display:none">
http://ratusha.ru/press-center/	200 OK Content-Length: 24567 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="http://4347940.fls.doubleclick.net/activityi;src=4347940;type=invmedia;cat=Cn2oT5wC;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports: Avast HTML:Iframe-inf VIPRE Heur.HTML.MalIFrame (v) Norman Iframer.AU Sophos Mal/Iframe-V GData HTML:Iframe-inf ESET-NOD32 HTML/Iframe.B.Gen Hidden iFrame found. size: 1x1 style: hidden src: http://4347940.fls.doubleclick.net/activityi;src=4347940;type=invmedia;cat=cn2ot5wc;ord=1? <iframe src="http://4347940.fls.doubleclick.net/activityi;src=4347940;type=invmedia;cat=cn2ot5wc;ord=1?" width="1" height="1" frameborder="0" style="display:none"> Hidden iFrame found. size: 1x1 style: hidden src: http://4347940.fls.doubleclick.net/activityi;src=4347940;type=invmedia;cat=cn2ot5wc;ord= <iframe src="http://4347940.fls.doubleclick.net/activityi;src=4347940;type=invmedia;cat=cn2ot5wc;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none">

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: ratusha.ru

Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 06 Mar 2015 10:02:23 GMT
Pragma: no-cache
Server: nginx/1.2.1
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
Set-Cookie: PHPSESSID=p25uf8q01k1vnirvri6ogol2c3; path=/; HttpOnly
X-Powered-By: PHP/5.4.4-14+deb7u14
X-Powered-CMS: Bitrix Site Manager (a7f97b0271d631acf425ff5c7fa257e3)

Second query (visit from search engine):
GET / HTTP/1.1
Host: ratusha.ru
Referer: http://www.google.com/search?q=ratusha.ru

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=ratusha.ru

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://ratusha.ru/

Result: ratusha.ru is not infected or malware details are not published yet.

Recently found suspicious websites

Malware Scanner report for ratusha.ru

Malware & Hack Repair

Website Hack Insurance

Scanned pages/files

Malicious Redirects

Safe Browsing / Blacklists

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools