Malicious/Suspicious Redirects
| Request | Server response | Status |
URL: http://www.bevapro.ru/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: www.bevapro.ru Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Tue, 23 Sep 2014 15:24:24 GMT Location: http://bitly.com/STTMlN Server: nginx/1.0.10 Content-Length: 207 Content-Type: text/html; charset=iso-8859-1 | malicious |
URL: http://bitly.com/STTMlN (imitation of visitor from search engine) GET /STTMlN HTTP/1.1 Host: bitly.com Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 301 Moved Permanently Cache-Control: private; max-age=90 Connection: close Date: Tue, 23 Sep 2014 15:24:24 GMT Location: http://goo.gl/0rXySb Server: nginx Content-Length: 112 Content-Type: text/html; charset=utf-8 Mime-Version: 1.0 Set-Cookie: _bit=542190a8-0034c-01f09-301cf10a;domain=.bitly.com;expires=Sun Mar 22 15:24:24 2015;path=/; HttpOnly | malicious |
URL: http://goo.gl/0rXySb (imitation of visitor from search engine) GET /0rXySb HTTP/1.1 Host: goo.gl Referer: http://www.google.com/search?q=redirect+check3 | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, no-store, max-age=0, must-revalidate Connection: close Date: Tue, 23 Sep 2014 15:23:39 GMT Pragma: no-cache Age: 45 Location: http://sh.oowoo.ru/redsh.php Server: GSE Content-Type: text/html; charset=UTF-8 Expires: Mon, 01 Jan 1990 00:00:00 GMT Alternate-Protocol: 80:quic,p=0.002 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block | malicious |
URL: http://sh.oowoo.ru/redsh.php (imitation of visitor from search engine) GET /redsh.php HTTP/1.1 Host: sh.oowoo.ru Referer: http://www.google.com/search?q=redirect+check4 | HTTP/1.1 302 Found Connection: close Date: Tue, 23 Sep 2014 15:22:52 GMT Location: http://fastmambo.biz/?s=370 Server: nginx/1.0.15 Content-Length: 0 Content-Type: text/html; charset=CP1251 X-Powered-By: PHP/5.2.17 | suspicious |
Scanned pages/files
| Request | Server response | Status |
http://www.bevapro.ru/ | 200 OK Content-Length: 27498 Content-Type: text/html | clean |
http://www.bevapro.ru/components/com_jcomments/js/jcomments-v2.1.js?v=2 | 200 OK Content-Length: 27179 Content-Type: application/javascript | clean |
http://www.bevapro.ru/components/com_jcomments/libraries/joomlatune/ajax.js | 200 OK Content-Length: 3978 Content-Type: application/javascript | clean |
http://www.bevapro.ru/media/system/js/caption.js | 200 OK Content-Length: 1963 Content-Type: application/javascript | clean |
http://www.bevapro.ru/plugins/content/attachments_refresh.js | 200 OK Content-Length: 1560 Content-Type: application/javascript | clean |
http://www.bevapro.ru/media/system/js/modal.js | 200 OK Content-Length: 10552 Content-Type: application/javascript | clean |
http://www.bevapro.ru/plugins/content/highslide/highslide-with-html.js | 200 OK Content-Length: 60802 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var hs = { graphicsDir : 'plugins/content/highslide/graphics/', restoreCursor : 'zoomout.cur', expandSteps : 10, expandDuration : 250, restoreSteps : 10, restoreDuration : 250, marginLeft : 15, marginRight : 15, marginTop : 15, marginBottom : 15, zIndexCounter : 1001, restoreTitle : 'Click to close image, click and drag to move. Use arrow keys for next and previous.', loadingText : 'Loading...', loadingTitle : 'Click to cancel', lo } } hs.getElementByClass(this.content, 'DIV', 'highslide-body').innerHTML = s; this.onLoad(); for (var x in this) this[x] = null; } }; var HsExpander = hs.Expander; hs.addEventListener(document, 'mousedown', hs.mouseClickHandler); hs.addEventListener(document, 'mouseup', hs.mouseClickHandler); hs.addEventListener(window, 'load', hs.preloadImages); hs.addEventListener(window, 'load', hs.preloadAjax); Antivirus reports:
| ||
http://www.bevapro.ru/plugins/content/highslide/swfobject.js | 200 OK Content-Length: 6881 Content-Type: application/javascript | clean |
http://www.bevapro.ru/plugins/content/highslide/do_cookie.js | 200 OK Content-Length: 2377 Content-Type: application/javascript | clean |
http://www.bevapro.ru/templates/ja_teline_iii/js/ja.script.js | 200 OK Content-Length: 6673 Content-Type: application/javascript | clean |
http://www.bevapro.ru/templates/ja_teline_iii/js/ja.ddmod.js | 200 OK Content-Length: 15669 Content-Type: application/javascript | clean |
http://www.bevapro.ru/index.php | 200 OK Content-Length: 27532 Content-Type: text/html | clean |
http://www.bevapro.ru/sozdanie-saita.html | 200 OK Content-Length: 33842 Content-Type: text/html | clean |
http://www.bevapro.ru/prodvijenie-saita.html | 200 OK Content-Length: 29531 Content-Type: text/html | clean |
http://www.bevapro.ru/poderjka-razvitie-saita.html | 200 OK Content-Length: 27657 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=bevapro.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://bevapro.ru/
Result: bevapro.ru is not infected or malware details are not published yet.
Result: bevapro.ru is not infected or malware details are not published yet.