Scanned pages/files
Request | Server response | Status |
http://tricolor-vereya.ru/ | 200 OK Content-Length: 42645 Content-Type: text/html | clean |
http://tricolor-vereya.ru/plugins/system/mediaobject/js/mediaobject-150.js | 200 OK Content-Length: 3721 Content-Type: application/x-javascript | clean |
http://tricolor-vereya.ru/plugins/system/jceutilities/js/jquery-126.js | 200 OK Content-Length: 31033 Content-Type: application/x-javascript | clean |
http://tricolor-vereya.ru/plugins/system/jceutilities/js/jceutilities-217.js | 200 OK Content-Length: 19964 Content-Type: application/x-javascript | clean |
http://tricolor-vereya.ru/media/system/js/modal.js | 200 OK Content-Length: 10552 Content-Type: application/x-javascript | clean |
http://tricolor-vereya.ru/components/com_k2/js/k2.js | 200 OK Content-Length: 2852 Content-Type: application/x-javascript | clean |
http://tricolor-vereya.ru/media/system/js/caption.js | 200 OK Content-Length: 1721 Content-Type: application/x-javascript | clean |
http://tricolor-vereya.ru/modules/mod_gk_tab/scripts/engine_compress.js | 200 OK Content-Length: 2986 Content-Type: application/x-javascript | clean |
http://tricolor-vereya.ru/modules/mod_gk_tab/scripts/importer.php?modid=tabmix5&activator=click&animation=0&animationFun=Fx.Transitions.Back.easeInOut&animationType=1&animationSpeed=1000&animationInterval=5000&styleType=1&styleSuffix=style1&fixedHeight=0&fixedHeightValue=600&alwaysHide=1 | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 19 Nov 2014 08:09:20 GMT Location: http://vkcom100i.ru/?1/modules/mod_gk_tab/scripts/importer.php Server: nginx/1.4.2 Vary: Accept-Encoding Content-Length: 354 Content-Type: text/html; charset=iso-8859-1 | clean |
http://vkcom100i.ru/?1/modules/mod_gk_tab/scripts/importer.php | 500 Can't connect to vkcom100i.ru:80 Content-Length: 187 Content-Type: text/plain | clean |
http://vkcom100i.ru/test404page.js | 500 Can't connect to vkcom100i.ru:80 Content-Length: 187 Content-Type: text/plain | clean |
http://tricolor-vereya.ru/components/com_jcomments/js/jcomments-v2.0.js | 200 OK Content-Length: 26073 Content-Type: application/x-javascript | clean |
http://tricolor-vereya.ru/components/com_jcomments/libraries/joomlatune/ajax.js | 200 OK Content-Length: 3978 Content-Type: application/x-javascript | clean |
http://tricolor-vereya.ru/templates/cycletheme/js/mootools_release-1.11.js | 200 OK Content-Length: 88505 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var MooTools = { version: '1.11' }; function $defined(obj){ return (obj != undefined); }; function $type(obj){ if (!$defined(obj)) return false; if (obj.htmlElement) return 'element'; var type = typeof obj; if (type == 'object' && obj.nodeName){ switch(obj.nodeType){ case 1: return 'element'; case 3: return (/\S/).test(obj.nodeValue) ? 'textnode' : 'whitespace'; } } if (type == 'object' || type == 'function this.elements.each(function(el, i){ obj[i] = {}; var hide = (i != index) || (this.options.alwaysHide && (el.offsetHeight > 0)); this.fireEvent(hide ? 'onBackground' : 'onActive', [this.togglers[i], el]); for (var fx in this.effects) obj[i][fx] = hide ? 0 : el[this.effects[fx]]; }, this); return this.start(obj); }, showThisHideOpen: function(index){return this.display(index);} }); Fx.Accordion = Accordion; Antivirus reports:
| ||
http://tricolor-vereya.ru/templates/cycletheme/js/fx_styles.js | 200 OK Content-Length: 733 Content-Type: application/x-javascript | clean |
http://tricolor-vereya.ru/templates/cycletheme/js/accordion.js | 200 OK Content-Length: 313 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: tricolor-vereya.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 19 Nov 2014 08:09:08 GMT
Pragma: no-cache
Server: nginx/1.4.2
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Wed, 19 Nov 2014 08:09:08 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: e253bb51b8ee3c9f77c274b8c0997c6e=alsdcjh1vq7i5gmknpqgq9ib74; path=/
Set-Cookie: lang=deleted; expires=Tue, 19-Nov-2013 08:09:07 GMT; path=/
Set-Cookie: jfcookie=deleted; expires=Tue, 19-Nov-2013 08:09:07 GMT; path=/
Set-Cookie: jfcookie[lang]=deleted; expires=Tue, 19-Nov-2013 08:09:07 GMT; path=/
X-Powered-By: PHP/5.3.2-1ubuntu4.20
X-UA-Compatible: IE=EmulateIE7
GET / HTTP/1.1
Host: tricolor-vereya.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 19 Nov 2014 08:09:08 GMT
Pragma: no-cache
Server: nginx/1.4.2
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Wed, 19 Nov 2014 08:09:08 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: e253bb51b8ee3c9f77c274b8c0997c6e=alsdcjh1vq7i5gmknpqgq9ib74; path=/
Set-Cookie: lang=deleted; expires=Tue, 19-Nov-2013 08:09:07 GMT; path=/
Set-Cookie: jfcookie=deleted; expires=Tue, 19-Nov-2013 08:09:07 GMT; path=/
Set-Cookie: jfcookie[lang]=deleted; expires=Tue, 19-Nov-2013 08:09:07 GMT; path=/
X-Powered-By: PHP/5.3.2-1ubuntu4.20
X-UA-Compatible: IE=EmulateIE7
Second query (visit from search engine):
GET / HTTP/1.1
Host: tricolor-vereya.ru
Referer: http://www.google.com/search?q=tricolor-vereya.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: tricolor-vereya.ru
Referer: http://www.google.com/search?q=tricolor-vereya.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=tricolor-vereya.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://tricolor-vereya.ru/
Result: tricolor-vereya.ru is not infected or malware details are not published yet.
Result: tricolor-vereya.ru is not infected or malware details are not published yet.