Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://webovo.ru/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: webovo.ru Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Thu, 25 Sep 2014 10:09:28 GMT Location: http://brg-catalogues.com/mxut.html?h=2848373 Server: nginx Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://webovo.ru/ | 200 OK Content-Length: 12746 Content-Type: text/html | clean |
http://webovo.ru/media/system/js/caption.js | 200 OK Content-Length: 32531 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JCaption = new Class({ initialize: function(selector) { this.selector = selector; var images = $$(selector); images.each(function(image){ this.createCaption(image); }, this); }, createCaption: function(element) { var caption = document.createTextNode(element.title); var container = document.createElement("div"); var text = document.createElement("p"); var width = element.getAttribute("width"); var align = Antivirus reports:
| ||
http://webovo.ru/index.php?option=com_banners&task=click&bid=1 | HTTP/1.1 303 See other Connection: close Date: Thu, 25 Sep 2014 10:09:30 GMT Location: http://webovo.ru/index.php Server: nginx Content-Type: text/html P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Set-Cookie: 3761570878738758076547a8fa90229d=34203fbbf35207a7b85e1a076c270ec7; path=/ X-Powered-By: PHP/5.2.17 | clean |
http://webovo.ru/index.php | 200 OK Content-Length: 12746 Content-Type: text/html | clean |
http://webovo.ru/index.php?option=com_content&view=article&id=1&Itemid=2 | 200 OK Content-Length: 18586 Content-Type: text/html | clean |
http://webovo.ru/index.php?option=com_content&view=article&id=2&Itemid=3 | 200 OK Content-Length: 19034 Content-Type: text/html | clean |
http://webovo.ru/index.php?option=com_content&view=article&id=3&Itemid=4 | 200 OK Content-Length: 14876 Content-Type: text/html | clean |
http://webovo.ru/index.php?option=com_content&view=category&layout=blog&id=1&Itemid=5 | 200 OK Content-Length: 11000 Content-Type: text/html | clean |
http://webovo.ru/index.php?option=com_content&view=category&layout=blog&id=2&Itemid=6 | 200 OK Content-Length: 11008 Content-Type: text/html | clean |
http://webovo.ru/index.php?option=com_content&view=category&layout=blog&id=3&Itemid=7 | 200 OK Content-Length: 17815 Content-Type: text/html | clean |
http://webovo.ru/index.php?option=com_content&view=category&layout=blog&id=4&Itemid=8 | 200 OK Content-Length: 10978 Content-Type: text/html | clean |
http://webovo.ru/index.php?option=com_content&view=category&layout=blog&id=5&Itemid=9 | 200 OK Content-Length: 10988 Content-Type: text/html | clean |
http://webovo.ru/index.php?option=com_contact&view=contact&id=1&Itemid=10 | 200 OK Content-Length: 13265 Content-Type: text/html | clean |
http://webovo.ru/media/system/js/validate.js | 200 OK Content-Length: 22371 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JFormValidator = new Class({ initialize: function() { this.handlers = Object(); this.custom = Object(); this.setHandler('username', function (value) { regex = new RegExp("[\<|\>|\"|\'|\%|\;|\(|\)|\&]", "i"); return !regex.test(value); } ); this.setHandler('password', function (value) { regex=/^\S[\S ]{2,98}\S$/; return regex.test(value); } ); this.setHandler('numeric Antivirus reports:
| ||
http://webovo.ru/index.php?option=com_banners&task=click&bid=2 | HTTP/1.1 303 See other Connection: close Date: Thu, 25 Sep 2014 10:09:37 GMT Location: http://webovo.ru/index.php Server: nginx Content-Type: text/html P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Set-Cookie: 3761570878738758076547a8fa90229d=c245d057368ad6e94fcd4540b0302388; path=/ X-Powered-By: PHP/5.2.17 | clean |
http://webovo.ru/test404page.js | HTTP/1.1 302 Found Connection: close Date: Thu, 25 Sep 2014 10:09:37 GMT Location: http://err.agava.ru/vh/404.html Server: nginx Content-Type: text/html; charset=iso-8859-1 | clean |
http://err.agava.ru/vh/404.html | 200 OK Content-Length: 12338 Content-Type: text/html | clean |
http://err.agava.ru/vh/js/main.js | 200 OK Content-Length: 34164 Content-Type: application/x-javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=webovo.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://webovo.ru/
Result: webovo.ru is not infected or malware details are not published yet.
Result: webovo.ru is not infected or malware details are not published yet.