Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=cinema-on.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://cinema-on.ru/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://cinema-on.ru/ | 200 OK Content-Length: 60428 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: ultrapay.net <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru" lang="ru"> <head> <!-- _mncheckrights98965_ --> <meta http-equiv="Content-Type" content="text/html; charset=windows-1251" /> <title>Êèíîòåàòð îíëàéí - ñìîòðåòü ôèëüìû 2012 è 2013 ãîäà îíëàéí. Ñêà÷àòü ôèëüìû. ...[4228 bytes skipped]... | ||
http://cinema-on.ru/engine/classes/js/jquery.js | 200 OK Content-Length: 72174 Content-Type: application/x-javascript | clean |
http://cinema-on.ru/engine/classes/js/dialog.js | 200 OK Content-Length: 47054 Content-Type: application/x-javascript | clean |
http://cinema-on.ru/engine/classes/js/effects.js | 200 OK Content-Length: 13628 Content-Type: application/x-javascript | clean |
http://cinema-on.ru/engine/classes/js/menu.js | 200 OK Content-Length: 2998 Content-Type: application/x-javascript | clean |
http://cinema-on.ru/engine/classes/js/dle_ajax.js | 200 OK Content-Length: 4941 Content-Type: application/x-javascript | clean |
http://cinema-on.ru/engine/classes/js/js_edit.js | 200 OK Content-Length: 11042 Content-Type: application/x-javascript | clean |
http://cinema-on.ru/engine/classes/highslide/highslide.js | 200 OK Content-Length: 32262 Content-Type: application/x-javascript | clean |
http://userapi.com/js/api/openapi.js?34 | 200 OK Content-Length: 64013 Content-Type: application/x-javascript | clean |
https://apis.google.com/js/plusone.js | 200 OK Content-Length: 12388 Content-Type: application/javascript | clean |
http://cinema-on.ru/jquery.upScrollButton.js | 200 OK Content-Length: 1750 Content-Type: application/x-javascript | clean |
http://odnaknopka.ru/ok2.js | 200 OK Content-Length: 6105 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function NewOdnaknopka2() {
this.domain=location.href+'/'; this.domain=this.domain.substr(this.domain.indexOf('://')+3); this.domain=this.domain.substr(0,this.domain.indexOf('/')); this.location=false; this.selection=function() { var sel; if (window.getSelection) sel=window.getSelection(); else if (document.selection) sel=document.selection.createRange(); else sel=''; if (sel.text) sel=sel.text; return encodeURIComponent(sel); } th } } odnaknopka2=new NewOdnaknopka2(); odnaknopka2.init(); Antivirus reports:
| ||
http://www.google.ru/coop/cse/brand?form=cse-search-box&lang=ru | 200 OK Content-Length: 2510 Content-Type: text/javascript | clean |
http://ultrapay.net/check.php?user_id=000702&mode=teaser&domain=cinema-on.ru&block_id=1065&count=4 | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://ultrapay.net/test404page.js | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: cinema-on.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 29 Aug 2014 16:37:24 GMT
Pragma: no-cache
Server: nginx
Content-Type: text/html; charset=CP1251
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Fri, 29 Aug 2014 10:37:24 GMT
Set-Cookie: PHPSESSID=6cbaf07b05580c11ff7df30a34e61b69; path=/
Set-Cookie: dle_user_id=deleted; expires=Thu, 29-Aug-2013 16:37:23 GMT; path=/; domain=.cinema-on.ru; httponly
Set-Cookie: dle_password=deleted; expires=Thu, 29-Aug-2013 16:37:23 GMT; path=/; domain=.cinema-on.ru; httponly
Set-Cookie: dle_hash=deleted; expires=Thu, 29-Aug-2013 16:37:23 GMT; path=/; domain=.cinema-on.ru; httponly
GET / HTTP/1.1
Host: cinema-on.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 29 Aug 2014 16:37:24 GMT
Pragma: no-cache
Server: nginx
Content-Type: text/html; charset=CP1251
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Fri, 29 Aug 2014 10:37:24 GMT
Set-Cookie: PHPSESSID=6cbaf07b05580c11ff7df30a34e61b69; path=/
Set-Cookie: dle_user_id=deleted; expires=Thu, 29-Aug-2013 16:37:23 GMT; path=/; domain=.cinema-on.ru; httponly
Set-Cookie: dle_password=deleted; expires=Thu, 29-Aug-2013 16:37:23 GMT; path=/; domain=.cinema-on.ru; httponly
Set-Cookie: dle_hash=deleted; expires=Thu, 29-Aug-2013 16:37:23 GMT; path=/; domain=.cinema-on.ru; httponly
Second query (visit from search engine):
GET / HTTP/1.1
Host: cinema-on.ru
Referer: http://www.google.com/search?q=cinema-on.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: cinema-on.ru
Referer: http://www.google.com/search?q=cinema-on.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.