Scanned pages/files
| Request | Server response | Status |
http://94.242.206.96/ | 200 OK Content-Length: 28747 Content-Type: text/html | suspicious |
Suspicious code found <script language=JavaScript type="text/javascript" src=/inc/fava2.php></script> <!--noindex--> | ||
http://94.242.206.96/js/fava.js | 200 OK Content-Length: 708 Content-Type: application/javascript | clean |
http://94.242.206.96/js/jquery-1.9.0.min.js | 200 OK Content-Length: 93068 Content-Type: application/javascript | clean |
http://94.242.206.96/js/jquery.main.js | 200 OK Content-Length: 459 Content-Type: application/javascript | clean |
http://94.242.206.96/js/menu.js | 200 OK Content-Length: 1301 Content-Type: application/javascript | clean |
http://94.242.206.96/inc/search2.php | 200 OK Content-Length: 265 Content-Type: text/html | clean |
http://94.242.206.96/test404page.js | HTTP/1.1 302 Found Connection: close Date: Thu, 26 Jun 2014 09:08:06 GMT Location: http://www.medicinform.net/404.php Server: Apache/2.2.22 (Debian) Vary: Accept-Encoding Content-Length: 297 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.medicinform.net/404.php | 404 Not Found Content-Length: 17159 Content-Type: text/html | suspicious |
Suspicious code found <!--pix start--><div align=center>
<script type="text/javascript"> if (!window.OX_ads) { OX_ads = []; } OX_ads.push({ "auid" : "537132686" }); </script> <script type="text/javascript"> document.write('<scr'+'ipt src="http://ax-d.pixfuture.net/w/1.0/jstag"><\/scr'+'ipt>'); </script> <noscript><iframe id="c27cf5d98d" name="c27cf5d98d" src="http://ax-d.pixfuture.net/w/1.0/afr?auid=537132686&cb=INSE <script language=JavaScript type="text/javascript" src=/inc/fava2.php></script> <!--noindex--> <script type="text/javascript" src="//vk.com/js/api/openapi.js?63"></script> <!-- VK Widget --> <div id="vk_groups"></div> <script type="text/javascript"> VK.Widgets.Group("vk_groups", {mode: 0, width: "200", height: "290"}, 41644905); </script> | ||
http://www.medicinform.net/js/fava.js | 200 OK Content-Length: 708 Content-Type: application/javascript | clean |
http://94.242.206.96/inc/search.php | 200 OK Content-Length: 271 Content-Type: text/html | clean |
http://94.242.206.96//yandex.st/share/share.js/ | HTTP/1.1 302 Found Connection: close Date: Thu, 26 Jun 2014 09:08:06 GMT Location: http://www.medicinform.net/404.php Server: Apache/2.2.22 (Debian) Vary: Accept-Encoding Content-Length: 297 Content-Type: text/html; charset=iso-8859-1 | clean |
http://94.242.206.96/inc/rund/index.php | 200 OK Content-Length: 1058 Content-Type: text/html | clean |
http://94.242.206.96/news/newsbok.php | 200 OK Content-Length: 1475 Content-Type: text/html | clean |
http://94.242.206.96//mc.yandex.ru/metrika/watch.js/ | HTTP/1.1 302 Found Connection: close Date: Thu, 26 Jun 2014 09:08:07 GMT Location: http://www.medicinform.net/404.php Server: Apache/2.2.22 (Debian) Vary: Accept-Encoding Content-Length: 297 Content-Type: text/html; charset=iso-8859-1 | clean |
http://94.242.206.96/export/news.php | 200 OK Content-Length: 4545 Content-Type: text/html | clean |
http://counter.rambler.ru/top100.jcn?237862 | 200 OK Content-Length: 6852 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: 94.242.206.96
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 26 Jun 2014 09:08:04 GMT
Accept-Ranges: bytes
Server: Apache/2.2.22 (Debian)
Vary: Accept-Encoding
Content-Type: text/html
GET / HTTP/1.1
Host: 94.242.206.96
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 26 Jun 2014 09:08:04 GMT
Accept-Ranges: bytes
Server: Apache/2.2.22 (Debian)
Vary: Accept-Encoding
Content-Type: text/html
Second query (visit from search engine):
GET / HTTP/1.1
Host: 94.242.206.96
Referer: http://www.google.com/search?q=94.242.206.96
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: 94.242.206.96
Referer: http://www.google.com/search?q=94.242.206.96
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=94.242.206.96
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://94.242.206.96/
Result: 94.242.206.96 is not infected or malware details are not published yet.
Result: 94.242.206.96 is not infected or malware details are not published yet.