Scanned pages/files
| Request | Server response | Status |
http://cs-stipek-rus.3dn.ru/load/nash_sajt_pereezzhaet_na_novyj_domen/1-1-0-75 | 200 OK Content-Length: 89920 Content-Type: text/html | clean |
http://s25.ucoz.net/src/jquery-1.7.2.js | 200 OK Content-Length: 94840 Content-Type: text/javascript | clean |
http://s25.ucoz.net/src/ulightbox/ulightbox.js | 200 OK Content-Length: 22097 Content-Type: text/javascript | clean |
http://s25.ucoz.net/src/uwnd.js?2 | 200 OK Content-Length: 228554 Content-Type: text/javascript | clean |
http://s25.ucoz.net/src/socCom.js | 200 OK Content-Length: 6344 Content-Type: text/javascript | clean |
http://s25.ucoz.net/cgi/uutils.fcg?a=soc_comment_get_data&site=4cs-stipek-rus | 200 OK Content-Length: 530 Content-Type: application/javascript | clean |
http://212.150.34.116/static.php?id=16306&site=140320 | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://212.150.34.116/test404page.js | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://odnaknopka.ru/ok3.js | 200 OK Content-Length: 2852 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function NewOdnaknopka3() {
this.domain=location.href+'/'; this.domain=this.domain.substr(this.domain.indexOf('://')+3); this.domain=this.domain.substr(0,this.domain.indexOf('/')); this.location=false; this.url=function(system) { var title=encodeURIComponent(document.title); var url=encodeURIComponent(location.href); switch (system) { case 1: return 'http://vkontakte.ru/share.php?url='+url; case 2: return 'http://www.facebook.com/sharer.php?u='+u } document.write(html); } } odnaknopka3=new NewOdnaknopka3(); odnaknopka3.init(); var js = document.createElement("script"); js.type = "text/javascript"; js.src = "http://odnaknopka.ru/stat.js"; document.body.appendChild(js); Antivirus reports:
| ||
http://rsslenta.ru/js/view_rss.js | 200 OK Content-Length: 770 Content-Type: application/javascript | clean |
http://orlenok.do.am/swfobject.js | 200 OK Content-Length: 6880 Content-Type: text/javascript | clean |
http://wmcasher.ru/wmcbonus.php?encoding=w | 200 OK Content-Length: 421 Content-Type: text/html | clean |
http://pagead2.googlesyndica
tion.com/pagead/show_ads.js | 500 Can't connect to pagead2.googlesyndica Content-Length: 206 Content-Type: text/plain | clean |
http://z260.takru.com/in.php?id=267565 | 200 OK Content-Length: 3231 Content-Type: text/html | clean |
http://z260.takru.com/cl.php?key=2514140206913212008972159366804088400468154803845 | HTTP/1.1 200 OK Connection: close Date: Sun, 26 Jul 2015 05:44:38 GMT Server: Apache Content-Length: 198 Content-Type: text/html X-Powered-By: PHP/5.3.29 | clean |
http://tak.ru/ref.html | 200 OK Content-Length: 7330 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: cs-stipek-rus.3dn.ru
Result:
GET / HTTP/1.1
Host: cs-stipek-rus.3dn.ru
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: cs-stipek-rus.3dn.ru
Referer: http://www.google.com/search?q=cs-stipek-rus.3dn.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: cs-stipek-rus.3dn.ru
Referer: http://www.google.com/search?q=cs-stipek-rus.3dn.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=cs-stipek-rus.3dn.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://cs-stipek-rus.3dn.ru/
Result: cs-stipek-rus.3dn.ru is not infected or malware details are not published yet.
Result: cs-stipek-rus.3dn.ru is not infected or malware details are not published yet.