Scanned pages/files
Request | Server response | Status |
http://cleanfiles1.com/ | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Wed, 25 Feb 2015 23:55:12 GMT Pragma: no-cache Location: /?query= Server: nginx/1.2.3 Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=PM125h--quOQ7kUykNAt10; expires=Thu, 26-Feb-2015 05:55:12 GMT; path=/ Set-Cookie: cook=ok; expires=Fri, 27-Mar-2015 23:55:12 GMT; path=/ Set-Cookie: country=LT; expires=Fri, 27-Mar-2015 23:55:12 GMT; path=/ Set-Cookie: _ft=1424919312; expires=Fri, 27-Mar-2015 23:55:12 GMT; path=/ X-Powered-By: PHP/5.4.6 | clean |
http://cleanfiles1.com/?query= | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Wed, 25 Feb 2015 23:55:12 GMT Pragma: no-cache Location: /?query=%D0%A1%D1%83%D0%BC%D0%B5%D1%80%D0%BA%D0%B8 Server: nginx/1.2.3 Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=vBmRHCImBDYI8ntVMUCRn2; expires=Thu, 26-Feb-2015 05:55:12 GMT; path=/ Set-Cookie: cook=ok; expires=Fri, 27-Mar-2015 23:55:12 GMT; path=/ Set-Cookie: country=LT; expires=Fri, 27-Mar-2015 23:55:12 GMT; path=/ Set-Cookie: _ft=1424919312; expires=Fri, 27-Mar-2015 23:55:12 GMT; path=/ X-Powered-By: PHP/5.4.6 | clean |
http://cleanfiles1.com/?query=%d0%a1%d1%83%d0%bc%d0%b5%d1%80%d0%ba%d0%b8 | 200 OK Content-Length: 13841 Content-Type: text/html | clean |
http://cleanfiles1.com/js/jquery.min.js | 200 OK Content-Length: 93868 Content-Type: application/x-javascript | clean |
http://cleanfiles1.com/js/default.js | 200 OK Content-Length: 1077 Content-Type: application/x-javascript | clean |
http://cleanfiles1.com/js/my.js | 200 OK Content-Length: 297 Content-Type: application/x-javascript | clean |
http://cleanfiles1.com/res/dev/code.js | 200 OK Content-Length: 3430 Content-Type: application/x-javascript | clean |
http://cleanfiles1.com/?module=get&hash=0KHRg9C80LXRgNC60Lg%3D | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Wed, 25 Feb 2015 23:55:13 GMT Pragma: no-cache Location: /?module=downloads Server: nginx/1.2.3 Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=%2CyXGL3O2PT4WI6YmsB2Cj1; expires=Thu, 26-Feb-2015 05:55:13 GMT; path=/ Set-Cookie: cook=ok; expires=Fri, 27-Mar-2015 23:55:13 GMT; path=/ Set-Cookie: country=LT; expires=Fri, 27-Mar-2015 23:55:13 GMT; path=/ Set-Cookie: _ft=1424919313; expires=Fri, 27-Mar-2015 23:55:13 GMT; path=/ X-Powered-By: PHP/5.4.6 | clean |
http://cleanfiles1.com/?module=downloads | 200 OK Content-Length: 30151 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var payment_url = '/?module=downloads';var payment_link = 0;var payment_number = 0; var payment_request_ready = true; var payment_operator = ''; var bsid = ''; var payment_name = ''; var payment_value = ''; function payment_request(options) { if (!payment_request_ready) { return false; } payment_request_ready = false; $(".nkfu_reg_form:visible .nkfu_reg_messages").text('ÐожалÑйÑÑа подождиÑе..'); $.post(payment_url, options code = $('#nkfu_reg_subscribe_activate_beeline .nkfu_reg_code_input').val(); if (code.length == 0) { $(errors).text('Ðод доÑÑÑпа не Ñказан.'); return; } payment_request({'action': 'subscribe_activate', 'number': payment_number, 'code': code, 'type': 1}); }); $('.nkfu_reg_captcha_update').live('click', function(event) { event.preventDefault(); payment_request({'action': 'update_captcha'}); }); }); Antivirus reports:
| ||
http://cleanfiles1.com/?module=downloads&sub=resume | 200 OK Content-Length: 50539 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var payment_url = '/?module=downloads';var payment_link = 1;var payment_number = 0; var payment_request_ready = true; var payment_operator = ''; var bsid = ''; var payment_name = ''; var payment_value = ''; function payment_request(options) { if (!payment_request_ready) { return false; } payment_request_ready = false; $(".nkfu_reg_form:visible .nkfu_reg_messages").text('ÐожалÑйÑÑа подождиÑе..'); $.post(payment_url, options code = $('#nkfu_reg_subscribe_activate_beeline .nkfu_reg_code_input').val(); if (code.length == 0) { $(errors).text('Ðод доÑÑÑпа не Ñказан.'); return; } payment_request({'action': 'subscribe_activate', 'number': payment_number, 'code': code, 'type': 1}); }); $('.nkfu_reg_captcha_update').live('click', function(event) { event.preventDefault(); payment_request({'action': 'update_captcha'}); }); }); Antivirus reports:
| ||
http://cleanfiles1.com/?module=downloads&sub=unsub | 200 OK Content-Length: 51028 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var payment_url = '/?module=downloads';var payment_link = 1;var payment_number = 0; var payment_request_ready = true; var payment_operator = ''; var bsid = ''; var payment_name = ''; var payment_value = ''; function payment_request(options) { if (!payment_request_ready) { return false; } payment_request_ready = false; $(".nkfu_reg_form:visible .nkfu_reg_messages").text('ÐожалÑйÑÑа подождиÑе..'); $.post(payment_url, options code = $('#nkfu_reg_subscribe_activate_beeline .nkfu_reg_code_input').val(); if (code.length == 0) { $(errors).text('Ðод доÑÑÑпа не Ñказан.'); return; } payment_request({'action': 'subscribe_activate', 'number': payment_number, 'code': code, 'type': 1}); }); $('.nkfu_reg_captcha_update').live('click', function(event) { event.preventDefault(); payment_request({'action': 'update_captcha'}); }); }); Antivirus reports:
| ||
http://cleanfiles1.com/?module=downloads&sub=pravila | 200 OK Content-Length: 93623 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var payment_url = '/?module=downloads';var payment_link = 1;var payment_number = 0; var payment_request_ready = true; var payment_operator = ''; var bsid = ''; var payment_name = ''; var payment_value = ''; function payment_request(options) { if (!payment_request_ready) { return false; } payment_request_ready = false; $(".nkfu_reg_form:visible .nkfu_reg_messages").text('ÐожалÑйÑÑа подождиÑе..'); $.post(payment_url, options code = $('#nkfu_reg_subscribe_activate_beeline .nkfu_reg_code_input').val(); if (code.length == 0) { $(errors).text('Ðод доÑÑÑпа не Ñказан.'); return; } payment_request({'action': 'subscribe_activate', 'number': payment_number, 'code': code, 'type': 1}); }); $('.nkfu_reg_captcha_update').live('click', function(event) { event.preventDefault(); payment_request({'action': 'update_captcha'}); }); }); Antivirus reports:
| ||
http://cleanfiles1.com/test404page.js | 404 Not Found Content-Length: 570 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: cleanfiles1.com
Result:
HTTP/1.1 302 Found
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 25 Feb 2015 23:55:12 GMT
Pragma: no-cache
Location: /?query=
Server: nginx/1.2.3
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=PM125h--quOQ7kUykNAt10; expires=Thu, 26-Feb-2015 05:55:12 GMT; path=/
Set-Cookie: cook=ok; expires=Fri, 27-Mar-2015 23:55:12 GMT; path=/
Set-Cookie: country=LT; expires=Fri, 27-Mar-2015 23:55:12 GMT; path=/
Set-Cookie: _ft=1424919312; expires=Fri, 27-Mar-2015 23:55:12 GMT; path=/
X-Powered-By: PHP/5.4.6
...0 bytes of data.
GET / HTTP/1.1
Host: cleanfiles1.com
Result:
HTTP/1.1 302 Found
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 25 Feb 2015 23:55:12 GMT
Pragma: no-cache
Location: /?query=
Server: nginx/1.2.3
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=PM125h--quOQ7kUykNAt10; expires=Thu, 26-Feb-2015 05:55:12 GMT; path=/
Set-Cookie: cook=ok; expires=Fri, 27-Mar-2015 23:55:12 GMT; path=/
Set-Cookie: country=LT; expires=Fri, 27-Mar-2015 23:55:12 GMT; path=/
Set-Cookie: _ft=1424919312; expires=Fri, 27-Mar-2015 23:55:12 GMT; path=/
X-Powered-By: PHP/5.4.6
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: cleanfiles1.com
Referer: http://www.google.com/search?q=cleanfiles1.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: cleanfiles1.com
Referer: http://www.google.com/search?q=cleanfiles1.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=cleanfiles1.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://cleanfiles1.com/
Result: cleanfiles1.com is not infected or malware details are not published yet.
Result: cleanfiles1.com is not infected or malware details are not published yet.