Malicious/Suspicious Redirects
| Request | Server response | Status |
URL: http://amurpress.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: amurpress.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Wed, 09 Jul 2014 09:00:11 GMT Location: http://www.caribsoft-online.biz/templates/rhuk_solarflare_ii/images/index.php Server: nginx/1.4.4 Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.3.28 | malicious |
URL: http://www.caribsoft-online.biz/templates/rhuk_solarflare_ii/images/index.php (imitation of visitor from search engine) GET /templates/rhuk_solarflare_ii/images/index.php HTTP/1.1 Host: www.caribsoft-online.biz Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Wed, 09 Jul 2014 09:00:12 GMT Location: http://avicennahealth.org/templates/beez/html/mod_poll/1/all.php Server: nginx/1.6.0 Content-Length: 0 Content-Type: text/html | suspicious |
Scanned pages/files
| Request | Server response | Status |
http://amurpress.com/ | 200 OK Content-Length: 125305 Content-Type: text/html | clean |
http://amurpress.com/media/system/js/caption.js | 200 OK Content-Length: 1963 Content-Type: application/x-javascript | clean |
http://amurpress.com/modules/mod_janews/assets/ja.news.js | 200 OK Content-Length: 1559 Content-Type: application/x-javascript | clean |
http://amurpress.ru/plugins/content/highslide/highslide-with-html.js | 200 OK Content-Length: 62872 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var hs = { graphicsDir : 'plugins/content/highslide/graphics/', restoreCursor : 'zoomout.cur', expandSteps : 10, expandDuration : 250, restoreSteps : 10, restoreDuration : 250, marginLeft : 15, marginRight : 15, marginTop : 15, marginBottom : 15, zIndexCounter : 1001, restoreTitle : 'Click to close image, click and drag to move. Use arrow keys for next and previous.', loadingText : 'Loading...', loadingTitle : 'Cl } } hs.getElementByClass(this.content, 'DIV', 'highslide-body').innerHTML = s; this.onLoad(); for (var x in this) this[x] = null; } }; var HsExpander = hs.Expander; hs.addEventListener(document, 'mousedown', hs.mouseClickHandler); hs.addEventListener(document, 'mouseup', hs.mouseClickHandler); hs.addEventListener(window, 'load', hs.preloadImages); hs.addEventListener(window, 'load', hs.preloadAjax); Antivirus reports:
| ||
http://amurpress.ru/plugins/content/highslide/swfobject.js | 200 OK Content-Length: 6889 Content-Type: application/x-javascript | clean |
http://amurpress.ru/plugins/content/highslide/do_cookie.js | 200 OK Content-Length: 2457 Content-Type: application/x-javascript | clean |
http://amurpress.com/plugins/content/highslide/highslide-with-html.js | 200 OK Content-Length: 62872 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var hs = { graphicsDir : 'plugins/content/highslide/graphics/', restoreCursor : 'zoomout.cur', expandSteps : 10, expandDuration : 250, restoreSteps : 10, restoreDuration : 250, marginLeft : 15, marginRight : 15, marginTop : 15, marginBottom : 15, zIndexCounter : 1001, restoreTitle : 'Click to close image, click and drag to move. Use arrow keys for next and previous.', loadingText : 'Loading...', loadingTitle : 'Cl } } hs.getElementByClass(this.content, 'DIV', 'highslide-body').innerHTML = s; this.onLoad(); for (var x in this) this[x] = null; } }; var HsExpander = hs.Expander; hs.addEventListener(document, 'mousedown', hs.mouseClickHandler); hs.addEventListener(document, 'mouseup', hs.mouseClickHandler); hs.addEventListener(window, 'load', hs.preloadImages); hs.addEventListener(window, 'load', hs.preloadAjax); Antivirus reports:
| ||
http://amurpress.com/plugins/content/highslide/swfobject.js | 200 OK Content-Length: 6889 Content-Type: application/x-javascript | clean |
http://amurpress.com/plugins/content/highslide/do_cookie.js | 200 OK Content-Length: 2457 Content-Type: application/x-javascript | clean |
http://amurpress.com/templates/ja_teline_ii/js/ja.script.js | 200 OK Content-Length: 7015 Content-Type: application/x-javascript | clean |
http://amurpress.com/templates/ja_teline_ii/highslide/highslide-full.packed.js | 200 OK Content-Length: 43582 Content-Type: application/x-javascript | clean |
http://amurpress.com/templates/ja_teline_ii/ja_menus/ja_moomenu/ja.moomenu.js | 200 OK Content-Length: 5695 Content-Type: application/x-javascript | clean |
http://amurpress.com/modules/mod_jalendar/js/jal.js | 200 OK Content-Length: 208 Content-Type: application/x-javascript | clean |
http://amurpress.com/media/system/js/validate.js | 200 OK Content-Length: 4246 Content-Type: application/x-javascript | clean |
http://amurpress.com/index.php?option=com_content&view=category&layout=blog&id=1&Itemid=69 | 200 OK Content-Length: 86331 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=amurpress.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://amurpress.com/
Result: amurpress.com is not infected or malware details are not published yet.
Result: amurpress.com is not infected or malware details are not published yet.