Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://ventkom.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: ventkom.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 04 Sep 2014 19:59:21 GMT Pragma: no-cache Location: http://web-redirect.ru/?web Server: nginx/1.4.4 Content-Type: text/html; charset=utf-8 Expires: Mon, 1 Jan 2001 00:00:00 GMT Last-Modified: Thu, 04 Sep 2014 19:59:21 GMT P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Set-Cookie: _cutt_caches_images=1409860760; expires=Fri, 05-Sep-2014 19:59:20 GMT; path=/ Set-Cookie: ee367e5f3397602e346a6b64523c68ed=uk03h6qpgqcje2jhueefgrff43; path=/ X-Powered-By: PHP/5.3.27-pl0-gentoo | malicious |
URL: http://web-redirect.ru/?web (imitation of visitor from search engine) GET /?web HTTP/1.1 Host: web-redirect.ru Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 302 Found Cache-Control: max-age=0 Connection: close Date: Thu, 04 Sep 2014 19:59:21 GMT Pragma: no-cache Location: http://room36.ru/components/com_weblinks/2/separator.php Server: nginx/1.0.15 Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Thu, 21 Jul 1977 07:30:00 GMT Last-Modified: Thu, 04 Sep 2014 19:59:21 GMT X-Powered-By: PHP/5.3.3 | suspicious |
Scanned pages/files
Request | Server response | Status |
http://ventkom.com/ | 200 OK Content-Length: 67508 Content-Type: text/html | clean |
http://ventkom.com/media/system/js/caption.js | 200 OK Content-Length: 2150 Content-Type: application/x-javascript | clean |
http://ventkom.com/cache/mod_smartslider_theme/100/efdcbc78c08ae6ad186d95dc78e6000d.js | 200 OK Content-Length: 115061 Content-Type: application/x-javascript | clean |
http://ventkom.com/modules/mod_hxdmoomenu/assets/js/hxdmoomenu.js | 200 OK Content-Length: 1891 Content-Type: application/x-javascript | clean |
http://ventkom.com/modules/mod_hxdmoomenu/assets/js/mootools.bgiframe.js | 200 OK Content-Length: 964 Content-Type: application/x-javascript | clean |
http://ventkom.com/modules/mod_hxdmoomenu/assets/js/fx_styles.js | 404 Not Found Content-Length: 1105 Content-Type: text/html | clean |
http://ventkom.com/test404page.js | 404 Not Found Content-Length: 1105 Content-Type: text/html | clean |
http://ventkom.com/modules/mod_tur_meteo/tmpl/js/tur_meteo.js | 200 OK Content-Length: 2197 Content-Type: application/x-javascript | clean |
http://ventkom.com/templates/cycletheme/js/mootools_release-1.11.js | 200 OK Content-Length: 88719 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var MooTools = { version: '1.11' }; function $defined(obj){ return (obj != undefined); }; function $type(obj){ if (!$defined(obj)) return false; if (obj.htmlElement) return 'element'; var type = typeof obj; if (type == 'object' && obj.nodeName){ switch(obj.nodeType){ case 1: return 'element'; case 3: return (/\S/).test(obj.nodeValue) ? 'textnode' : 'whitespace'; } } if (type == 'object' || type == 'function obj[i] = {}; var hide = (i != index) || (this.options.alwaysHide && (el.offsetHeight > 0)); this.fireEvent(hide ? 'onBackground' : 'onActive', [this.togglers[i], el]); for (var fx in this.effects) obj[i][fx] = hide ? 0 : el[this.effects[fx]]; }, this); return this.start(obj); }, showThisHideOpen: function(index){return this.display(index);} }); Fx.Accordion = Accordion; Antivirus reports:
| ||
http://ventkom.com/templates/cycletheme/js/fx_styles.js | 404 Not Found Content-Length: 1105 Content-Type: text/html | clean |
http://ventkom.com/templates/cycletheme/js/accordion.js | 404 Not Found Content-Length: 1105 Content-Type: text/html | clean |
http://ventkom.com/templates/cycletheme/js/backgroundslider.js | 404 Not Found Content-Length: 1105 Content-Type: text/html | clean |
http://ventkom.com/templates/cycletheme/js/slideshow.js | 200 OK Content-Length: 9348 Content-Type: application/x-javascript | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js | 200 OK Content-Length: 57254 Content-Type: text/javascript | clean |
http://ventkom.com/templates/cycletheme/js/jquery.prettyPhoto.js | 200 OK Content-Length: 21103 Content-Type: application/x-javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ventkom.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ventkom.com/
Result: ventkom.com is not infected or malware details are not published yet.
Result: ventkom.com is not infected or malware details are not published yet.