Malicious/Suspicious Redirects
| Request | Server response | Status |
URL: http://nbuig.uz/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: nbuig.uz Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 28 Sep 2014 02:55:31 GMT Location: http://klastnarm.ru/wptwitt?3 Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 PHP/5.4.33 Content-Length: 373 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
| Request | Server response | Status |
http://nbuig.uz/ | 200 OK Content-Length: 51597 Content-Type: text/html | clean |
http://nbuig.uz/js/javascript.js | 200 OK Content-Length: 1218 Content-Type: application/javascript | clean |
http://nbuig.uz/js/menu.js | 200 OK Content-Length: 2144 Content-Type: application/javascript | clean |
http://nbuig.uz/js/jquery-1.4.2.min.js | 200 OK Content-Length: 72328 Content-Type: application/javascript | clean |
http://nbuig.uz/js/pixastic.custom.js | 200 OK Content-Length: 56225 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var Pixastic=(function(){function addEvent(el,event,handler){if(el.addEventListener) el.addEventListener(event,handler,false);else if(el.attachEvent) el.attachEvent("on"+event,handler);} function onready(handler){var handlerDone=false;var execHandler=function(){if(!handlerDone){handlerDone=true;handler();}} document.write("<"+"script defer src=\"//:\" id=\"__onload_ie_pixastic__\"></"+"script>");var script=document.getElementById("__onload_ie_pix var difB=data[offset+2]-blurData[offset+2];if(difB>threshold||difB<thresholdNeg){var blurB=blurData[offset+2];blurB=amount*difB+blurB;data[offset+2]=blurB>255?255:(blurB<0?0:blurB);}}while(--x);}while(--y);return true;}},checkSupport:function(){return Pixastic.Client.hasCanvasImageData();}} Antivirus reports:
| ||
http://nbuig.uz/js/Ribbon.js | 200 OK Content-Length: 41121 Content-Type: application/javascript | clean |
http://nbuig.uz/js/shadowbox.js | 200 OK Content-Length: 37550 Content-Type: application/javascript | clean |
http://nbuig.uz/map | 200 OK Content-Length: 51637 Content-Type: text/html | clean |
http://nbuig.uz/ru | 200 OK Content-Length: 57312 Content-Type: text/html | clean |
http://nbuig.uz/uz | 200 OK Content-Length: 51511 Content-Type: text/html | clean |
http://nbuig.uz/en | 200 OK Content-Length: 51597 Content-Type: text/html | clean |
http://nbuig.uz/welcome_to_nbuig | 200 OK Content-Length: 48792 Content-Type: text/html | clean |
http://nbuig.uz/our_goals | 200 OK Content-Length: 49174 Content-Type: text/html | clean |
http://nbuig.uz/our_brand | 200 OK Content-Length: 49158 Content-Type: text/html | clean |
http://nbuig.uz/creation_history | 200 OK Content-Length: 49154 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=nbuig.uz
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://nbuig.uz/
Result: nbuig.uz is not infected or malware details are not published yet.
Result: nbuig.uz is not infected or malware details are not published yet.