Scanned pages/files
Request | Server response | Status |
http://3proxy.ru/ | 200 OK Content-Length: 10456 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!--
google_ad_client = "pub-9080155680222782"; google_alternate_ad_url = "//security.nnov.ru/include/ad.asp"; google_ad_width = 300; google_ad_height = 250; google_ad_format = "300x250_as"; google_ad_type = "text_image"; google_ad_channel = "3031556205"; google_color_border = "B2B2C0"; google_color_link = "E0E0E0"; google_color_url = "FFFFFF"; google_color_bg = "D0D0D8"; google_color_text = "444444"; Antivirus reports:
| ||
http://3proxy.ru//pagead2.googlesyndication.com/pagead/show_ads.js/ | 404 Not Found Content-Length: 1245 Content-Type: text/html | clean |
http://3proxy.ru/test404page.js | 404 Not Found Content-Length: 1245 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: 3proxy.ru
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Thu, 18 Sep 2014 10:20:32 GMT
Server: Microsoft-IIS/7.0
Content-Length: 10456
Content-Type: text/html
Set-Cookie: ASPSESSIONIDCQQTQCDC=KMNJFIDBFFHPDBLDBNGPNOJJ; path=/
X-Powered-By: ASP.NET
...10456 bytes of data.
GET / HTTP/1.1
Host: 3proxy.ru
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Thu, 18 Sep 2014 10:20:32 GMT
Server: Microsoft-IIS/7.0
Content-Length: 10456
Content-Type: text/html
Set-Cookie: ASPSESSIONIDCQQTQCDC=KMNJFIDBFFHPDBLDBNGPNOJJ; path=/
X-Powered-By: ASP.NET
...10456 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: 3proxy.ru
Referer: http://www.google.com/search?q=3proxy.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: 3proxy.ru
Referer: http://www.google.com/search?q=3proxy.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=3proxy.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://3proxy.ru/
Result: 3proxy.ru is not infected or malware details are not published yet.
Result: 3proxy.ru is not infected or malware details are not published yet.