Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=onlineinvestor.ru
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://onlineinvestor.ru/ | 200 OK Content-Length: 87967 Content-Type: text/html | clean |
http://onlineinvestor.ru/js/jsDraw2D.js | 200 OK Content-Length: 76262 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function jsColor(){var c="#000000";switch(arguments.length){case 1:k(arguments[0]);break;case 3:var d=arguments[0];var f=arguments[1];var m=arguments[2];c=j(d,f,m);if(c==false){c="#000000"}break}this.setHex=k;function k(p){if(p.charAt(0)=="#"){c=p}else{if(isNaN(p)){a(p.toLowerCase())}else{c="#"+p}}var o=e(c);if(!o){c="#000000"}}this.getHex=n;function n(){return c}this.setRGB=h;function h(o,q,p){c=j(o,q,p);if(c==false){c="#000000"}}this.getRGB=l;function l(){return e(c)}this.getDarkerShade= Antivirus reports:
| ||
http://onlineinvestor.ru/js/popup.js | 200 OK Content-Length: 46937 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var popAction = "";
var popupTimeout var boxTimeout var startTimeout var menuTimeOut var thisEvent = null; var blockScroll = false; var ling=false; var Vscr=0; var IDonPicLoad=0; var nButtons = 3; var ScH = 800; var btnNames = new Array(3); btnNames[0] = 'Çàêàçàòü'; btnNames[1] = 'Ðàññìîòðåòü'; btnNames[2] = 'Âåðíóòüñÿ ê êàòàëîãó'; function onInitBody() { doc Antivirus reports:
| ||
http://onlineinvestor.ru/js/AC_OETags.js | 200 OK Content-Length: 17107 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var isIE = (navigator.appVersion.indexOf("MSIE") != -1) ? true : false;
var isWin = (navigator.appVersion.toLowerCase().indexOf("win") != -1) ? true : false; var isOpera = (navigator.userAgent.indexOf("Opera") != -1) ? true : false; function ControlVersion() { var version; var axo; var e; try { axo = new ActiveXObject("ShockwaveFlash.ShockwaveFlash.7"); version = axo.GetVariable("$version"); } catch (e) { Antivirus reports:
| ||
http://onlineinvestor.ru/WebResource.axd?d=KC_Kwt2bNxJ2bNMMu4PunM5iQvi3HE8enV-ljUW5YlBmcuhLmBwidr0WPRkoGdxbZ7brzN9fC9OBfku30&t=635514773641741250 | 200 OK Content-Length: 20794 Content-Type: application/x-javascript | clean |
http://onlineinvestor.ru/js/dnncore.js | 200 OK Content-Length: 22115 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var DNN_COL_DELIMITER = String.fromCharCode(16); var DNN_ROW_DELIMITER = String.fromCharCode(15); var __dnn_m_bPageLoaded = false; window.onload = __dnn_Page_OnLoad; function __dnn_ClientAPIEnabled() { return typeof(dnn) != 'undefined'; } function __dnn_Page_OnLoad() { if (__dnn_ClientAPIEnabled()) { var sLoadHandlers = dnn.getVar('__dnn_pageload'); if (sLoadHandlers != null) eval(sLoadH Antivirus reports:
| ||
http://onlineinvestor.ru/Portals/_default/Skins/Or5/script.js | 200 OK Content-Length: 12823 Content-Type: application/x-javascript | clean |
http://onlineinvestor.ru/js/dnn.js | 200 OK Content-Length: 38309 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var dnn;
var DNN_HIGHLIGHT_COLOR = '#9999FF'; var COL_DELIMITER = String.fromCharCode(18); var ROW_DELIMITER = String.fromCharCode(17); var QUOTE_REPLACEMENT = String.fromCharCode(19); var KEY_LEFT_ARROW = 37; var KEY_UP_ARROW = 38; var KEY_RIGHT_ARROW = 39; var KEY_DOWN_ARROW = 40; var KEY_RETURN = 13; var KEY_ESCAPE = 27; if (typeof(__dnn_m_aNamespaces) == 'undefined') var __dnn_m_aNamespaces = new Array(); function __d Antivirus reports:
| ||
http://onlineinvestor.ru/WebResource.axd?d=u-cffdZRSu1CKbQC4I1jdSqrSY5Voz-47R7KznSJtBtP0ModnE5KWtzao659MO1wwxRCflOzc0GGcXVD0&t=635514773641741250 | 200 OK Content-Length: 33214 Content-Type: application/x-javascript | clean |
http://onlineinvestor.ru/ScriptResource.axd?d=dsbmsTn04vKa3i8AhIE5d-o77JTB0lsVS1tpZX2NBWHEhGok6eBvUJ7_hN-294GekfJuXzKXamD1T-Lh1JwaHjyMfm2BZfsWIT_SS5-fV6N8b9x3QA4z12boUlc8_rHevj8Y0D4KHMP9r3sphWIHExE9J3Eks4ZzvPcW2w2&t=633625330228432500 | 200 OK Content-Length: 260386 Content-Type: application/x-javascript | clean |
http://onlineinvestor.ru/ScriptResource.axd?d=CeSMQCQuGYuNgWZqhRt2hWQrFDh2HXN3MopOB1DW6M__SRZG9xxpxoLwmXJluhAN_6bpT01fadUm_k6NN-F3OWJeO3v_l7DsN_S9vaqqcb-t3RvNjzbNHkoJECuAhFIaiK75WY1rBiHXTNYW2JYR58Mz-XYO3Iugv2ziokIzZqwV4jzC0&t=633625330228432500 | 200 OK Content-Length: 65868 Content-Type: application/x-javascript | clean |
http://onlineinvestor.ru/WebServices/MainGaleryDateService.asmx/jsdebug | 200 OK Content-Length: 5022 Content-Type: application/x-javascript | clean |
http://onlineinvestor.ru/DesktopModules/Korzina/popup.js | 200 OK Content-Length: 0 Content-Type: application/x-javascript | clean |
http://onlineinvestor.ru/ÐаÑалог/tabid/36/Default.aspx | 200 OK Content-Length: 90364 Content-Type: text/html | clean |
http://onlineinvestor.ru/ScriptResource.axd?d=EYx9ew47lj0V1gr7D3O4zKoTlXw0XvnYC4zXDjxnzaOttmL_x4Y4k_p8wbcjSCvPyJJC_m9v1O8bV1AXCrXYnJjSLOYZpEHFN8KbgOI7cOij7iDZE8Yj0DyuvHVWRd3HKVCjBETOcPOZmLezyGLe2OJyHX01&t=634376459696906860 | 200 OK Content-Length: 17132 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: onlineinvestor.ru
Result:
HTTP/1.1 200 OK
Cache-Control: private
Connection: close
Date: Sun, 28 Dec 2014 19:56:01 GMT
Server: Microsoft-IIS/6.0
Content-Length: 87967
Content-Type: text/html; charset=utf-8
Set-Cookie: .ASPXANONYMOUS=bhrbJGpZ0AEkAAAAYTcyMjQ5YzItOWM2MS00NmU4LTk3ZWMtYmUxMTFkNTljYzdl0; expires=Sun, 08-Mar-2015 06:36:01 GMT; path=/; HttpOnly
Set-Cookie: language=ru-RU; path=/; HttpOnly
X-Powered-By: ASP.NET
...87967 bytes of data.
GET / HTTP/1.1
Host: onlineinvestor.ru
Result:
HTTP/1.1 200 OK
Cache-Control: private
Connection: close
Date: Sun, 28 Dec 2014 19:56:01 GMT
Server: Microsoft-IIS/6.0
Content-Length: 87967
Content-Type: text/html; charset=utf-8
Set-Cookie: .ASPXANONYMOUS=bhrbJGpZ0AEkAAAAYTcyMjQ5YzItOWM2MS00NmU4LTk3ZWMtYmUxMTFkNTljYzdl0; expires=Sun, 08-Mar-2015 06:36:01 GMT; path=/; HttpOnly
Set-Cookie: language=ru-RU; path=/; HttpOnly
X-Powered-By: ASP.NET
...87967 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: onlineinvestor.ru
Referer: http://www.google.com/search?q=onlineinvestor.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: onlineinvestor.ru
Referer: http://www.google.com/search?q=onlineinvestor.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.