Scanned pages/files
| Request | Server response | Status |
http://arhidex.ru/ | 200 OK Content-Length: 20995 Content-Type: text/html | clean |
http://arhidex.ru/bitrix/templates/books_copy/script_movie.js | 200 OK Content-Length: 1937 Content-Type: application/x-javascript | clean |
http://bs.yandex.ru/resource/watch.js | 200 OK Content-Length: 56818 Content-Type: application/x-javascript | clean |
http://cnt.rambler.ru/top100.jcn?1843048 | 200 OK Content-Length: 6853 Content-Type: application/x-javascript | clean |
http://odnaknopka.ru/ok3.js | 200 OK Content-Length: 2766 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function NewOdnaknopka3() {
this.domain=location.href+'/'; this.domain=this.domain.substr(this.domain.indexOf('://')+3); this.domain=this.domain.substr(0,this.domain.indexOf('/')); this.location=false; this.url=function(system) { var title=encodeURIComponent(document.title); var url=encodeURIComponent(location.href); switch (system) { case 1: return 'http://vkontakte.ru/share.php?url='+url; case 2: return 'http://www.facebook.com/sharer.php?u='+u for (i=0;i<12;i++) { html+='<a href="'+this.url(i+1)+'" onclick="return odnaknopka3.go('+(i+1)+');"><img src="http://odnaknopka.ru/images/blank.gif" width="16" height="16" alt=" #" title="'+titles[i]+'" style="border:0;padding:0;margin:0 4px 0 0;background:url(http://odnaknopka.ru/images/panel.png) no-repeat -270px -'+(i*16)+'px"/></a>'; } document.write(html); } } odnaknopka3=new NewOdnaknopka3(); odnaknopka3.init(); Antivirus reports:
| ||
http://arhidex.ru/about/ | 200 OK Content-Length: 19410 Content-Type: text/html | clean |
http://arhidex.ru/build/ | 200 OK Content-Length: 23162 Content-Type: text/html | clean |
http://arhidex.ru/contacts/ | 200 OK Content-Length: 15074 Content-Type: text/html | clean |
http://arhidex.ru/comments/ | 200 OK Content-Length: 25219 Content-Type: text/html | clean |
http://arhidex.ru/map/ | 200 OK Content-Length: 15148 Content-Type: text/html | clean |
http://arhidex.ru/content/stacionar.php | 200 OK Content-Length: 23421 Content-Type: text/html | clean |
http://arhidex.ru/content/mobil.php | 200 OK Content-Length: 20571 Content-Type: text/html | clean |
http://arhidex.ru/content/univers.php | 200 OK Content-Length: 19886 Content-Type: text/html | clean |
http://arhidex.ru/content/steklo.php | 200 OK Content-Length: 17607 Content-Type: text/html | clean |
http://arhidex.ru/content/razdvijka.php | 200 OK Content-Length: 14691 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: arhidex.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Tue, 27 May 2014 12:57:36 GMT
Pragma: no-cache
Server: nginx/1.0.6
Content-Type: text/html; charset=windows-1251
Expires: Thu, 19 Nov 1981 08:52:00 GMT
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
Set-Cookie: PHPSESSID=0e3a51037a80f9263b2a76e51429263e; path=/
X-Powered-By: PHP/4.4.9
X-Powered-CMS: Bitrix Site Manager (4167733d3abc6c582c35d93674183c30)
GET / HTTP/1.1
Host: arhidex.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Tue, 27 May 2014 12:57:36 GMT
Pragma: no-cache
Server: nginx/1.0.6
Content-Type: text/html; charset=windows-1251
Expires: Thu, 19 Nov 1981 08:52:00 GMT
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
Set-Cookie: PHPSESSID=0e3a51037a80f9263b2a76e51429263e; path=/
X-Powered-By: PHP/4.4.9
X-Powered-CMS: Bitrix Site Manager (4167733d3abc6c582c35d93674183c30)
Second query (visit from search engine):
GET / HTTP/1.1
Host: arhidex.ru
Referer: http://www.google.com/search?q=arhidex.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: arhidex.ru
Referer: http://www.google.com/search?q=arhidex.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=arhidex.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://arhidex.ru/
Result: arhidex.ru is not infected or malware details are not published yet.
Result: arhidex.ru is not infected or malware details are not published yet.