Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://timan-pechora.ru/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: timan-pechora.ru Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 05 Jul 2014 09:18:16 GMT Location: http://trustedrxmedicalshop.com/ Server: nginx Content-Length: 322 Content-Type: text/html; charset=iso-8859-1 | malicious |
URL: http://trustedrxmedicalshop.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: trustedrxmedicalshop.com Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 302 Found Connection: close Date: Sat, 05 Jul 2014 09:18:16 GMT Location: http://mymedicaretablet.com Server: nginx Vary: Accept-Encoding,User-Agent Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Powered-By: PHP/5.3.28 | suspicious |
Scanned pages/files
Request | Server response | Status |
http://timan-pechora.ru/ | 200 OK Content-Length: 15146 Content-Type: text/html | clean |
http://timan-pechora.ru/media/system/js/caption.js | 200 OK Content-Length: 1963 Content-Type: application/x-javascript | clean |
http://timan-pechora.ru/templates/ja_raite/js/ja.script.js | 200 OK Content-Length: 12711 Content-Type: application/x-javascript | clean |
http://timan-pechora.ru/templates/ja_raite/ja_menus/ja_moomenu/ja.moomenu.js | 200 OK Content-Length: 5653 Content-Type: application/x-javascript | clean |
http://widgets.twimg.com/j/2/widget.js | 200 OK Content-Length: 1489 Content-Type: application/javascript | clean |
http://timan-pechora.ru/index.php | 200 OK Content-Length: 15163 Content-Type: text/html | clean |
http://timan-pechora.ru/index.php?option=com_content&view=article&id=63&Itemid=67&lang=ru | 200 OK Content-Length: 14527 Content-Type: text/html | clean |
http://timan-pechora.ru/index.php?option=com_content&view=article&id=50&Itemid=65&lang=ru | 200 OK Content-Length: 14671 Content-Type: text/html | clean |
http://timan-pechora.ru/index.php?view=article&catid=34%3A2011-02-07-12-07-56&id=50%3A2011-02-07-12-11-16&tmpl=component&print=1&layout=default&page=&option=com_content&Itemid=65&lang=ru | 200 OK Content-Length: 8782 Content-Type: text/html | clean |
http://timan-pechora.ru/includes/index.html | 200 OK Content-Length: 9324 Content-Type: text/html | clean |
http://timan-pechora.ru/includes/jquery.min.js | 200 OK Content-Length: 94021 Content-Type: application/x-javascript | clean |
http://timan-pechora.ru/includes/cookie.js | 200 OK Content-Length: 1969 Content-Type: application/x-javascript | clean |
http://timan-pechora.ru/includes/quest_new.js | 200 OK Content-Length: 3173 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var Quest={pref:'',mask:'',next_button:'',passed_q:'',current_q:'',total_q:'',proc_q:'',imprecision:0,proc_bar:'',on_show:function(){},on_next:function(){},after_test:function(){},all_required:false,default_error:'',levels:0,select:0,init:function(conf){this.levels=0;this.select=0;this.pref=conf.pref||'Quest_';this.mask=conf.mask||'#Questions>div.quest';this.next_button=conf.next_button||'input.next_btn';this.passed_q=conf.passed_q||'#qpassed';this.current_q=conf.current_q||'#qcurrent';this.t Antivirus reports:
| ||
http://timan-pechora.ru/includes/radio_style.js | 200 OK Content-Length: 1016 Content-Type: application/x-javascript | clean |
http://timan-pechora.ru/includes/script.js | 200 OK Content-Length: 704 Content-Type: application/x-javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=timan-pechora.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://timan-pechora.ru/
Result: timan-pechora.ru is not infected or malware details are not published yet.
Result: timan-pechora.ru is not infected or malware details are not published yet.