Scanned pages/files
| Request | Server response | Status |
http://damviro.ru/ | 200 OK Content-Length: 60469 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. (function(){ var D=new Date(),d=document,b='body',ce='createElement',ac='appendChild',st='style',ds='display',n='none',gi='getElementById'; var i=d[ce]('iframe');i[st][ds]=n;d[gi]("MarketGidScriptRootC571009")[ac](i);try{var iw=i.contentWindow.document;iw.open();iw.writeln("<ht"+"ml><bo"+"dy></bo"+"dy></ht"+"ml>");iw.close();var c=iw[b];} catch(e){var iw=d;var c=d[gi]("MarketGidScriptRootC571009");}var dv=iw[ce]('div');dv.id="MG_ID";dv[st][ds]=n;dv.innerHTML=571009;c[ac](dv); var s=iw[ce]('script');s.async='async';s.defer='defer';s.charset='utf-8';s.src="//jsc.marketgid.com/d/a/damviro.ru.571009.js?t="+D.getYear()+D.getMonth()+D.getDate()+D.getHours();c[ac](s);})(); | ||
http://damviro.ru/engine/classes/js/jquery.js | 200 OK Content-Length: 93637 Content-Type: application/javascript | clean |
http://damviro.ru/engine/classes/js/jqueryui.js | 200 OK Content-Length: 75927 Content-Type: application/javascript | clean |
http://damviro.ru/engine/classes/js/dle_js.js | 200 OK Content-Length: 23054 Content-Type: application/javascript | clean |
http://damviro.ru/templates/NoviyGod/js/libs.js | 200 OK Content-Length: 734 Content-Type: application/javascript | clean |
http://damviro.ru/templates/NoviyGod/js/popups.js | 200 OK Content-Length: 8548 Content-Type: application/javascript | clean |
http://damviro.ru/templates/NoviyGod/js/dropdown.js | 200 OK Content-Length: 1524 Content-Type: application/javascript | clean |
http://damviro.ru/js/ulogin.js | 200 OK Content-Length: 34388 Content-Type: application/javascript | clean |
http://www.google.ru/coop/cse/brand?form=cse-search-box&lang=ru | 200 OK Content-Length: 2510 Content-Type: text/javascript | clean |
http://damviro.ru//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js/ | 404 Not Found Content-Length: 1868 Content-Type: text/html | clean |
http://damviro.ru/test404page.js | 404 Not Found Content-Length: 1868 Content-Type: text/html | clean |
http://z1320.takru.com/in.php?id=1323783 | 200 OK Content-Length: 1876 Content-Type: text/html | clean |
http://z1320.takru.com/cl.php?key=2379245198016311806915917295202281324037938346973 | HTTP/1.1 200 OK Connection: close Date: Tue, 02 Dec 2014 05:46:41 GMT Server: nginx/1.2.1 Vary: Accept-Encoding Content-Length: 198 Content-Type: text/html X-Powered-By: PHP/5.4.4-14+deb7u7 | clean |
http://tak.ru/ref.html | 200 OK Content-Length: 7330 Content-Type: text/html | clean |
http://tak.ru/rules.html | 200 OK Content-Length: 6094 Content-Type: text/html | clean |
http://tak.ru/ | 200 OK Content-Length: 7639 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: damviro.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Tue, 02 Dec 2014 05:46:39 GMT
Pragma: no-cache
Server: nginx
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=7nrhoe81t9ldtjs3cr1rrmuq47; path=/; domain=.damviro.ru; HttpOnly
Set-Cookie: dle_user_id=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.damviro.ru; httponly
Set-Cookie: dle_password=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.damviro.ru; httponly
Set-Cookie: dle_hash=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.damviro.ru; httponly
X-Powered-By: PHP/5.3.29
GET / HTTP/1.1
Host: damviro.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Tue, 02 Dec 2014 05:46:39 GMT
Pragma: no-cache
Server: nginx
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=7nrhoe81t9ldtjs3cr1rrmuq47; path=/; domain=.damviro.ru; HttpOnly
Set-Cookie: dle_user_id=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.damviro.ru; httponly
Set-Cookie: dle_password=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.damviro.ru; httponly
Set-Cookie: dle_hash=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.damviro.ru; httponly
X-Powered-By: PHP/5.3.29
Second query (visit from search engine):
GET / HTTP/1.1
Host: damviro.ru
Referer: http://www.google.com/search?q=damviro.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: damviro.ru
Referer: http://www.google.com/search?q=damviro.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=damviro.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://damviro.ru/
Result: damviro.ru is not infected or malware details are not published yet.
Result: damviro.ru is not infected or malware details are not published yet.