Scanned pages/files
Request | Server response | Status |
http://dir.bg/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 15 Nov 2014 12:24:35 GMT Location: http://www.dir.bg/ Server: nginx/1.2.1 Content-Length: 184 Content-Type: text/html | clean |
http://www.dir.bg/ | 200 OK Content-Length: 97522 Content-Type: text/html | clean |
http://ni.dir.bg/www.dir.bg/full.js | 200 OK Content-Length: 56726 Content-Type: application/x-javascript | clean |
http://ni.dir.bg/www.dir.bg/settings.lib.v12.js | 200 OK Content-Length: 1835 Content-Type: application/x-javascript | clean |
http://i.dir.bg/dir.bg/js/jquery-ui.js | 200 OK Content-Length: 117494 Content-Type: application/x-javascript | clean |
http://r5.dir.bg/js.php?Code=00_pole | 200 OK Content-Length: 97 Content-Type: application/javascript | clean |
http://r.dir.bg/js.php?Code=00_stat_new | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://r.dir.bg/test404page.js | 403 Forbidden Content-Length: 290 Content-Type: text/html | clean |
http://r5.dir.bg/js.php?Code=00_banks | 200 OK Content-Length: 114 Content-Type: application/javascript | clean |
http://r5.dir.bg/js.php?Code=00_section_business&enc=u | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://r5.dir.bg/js.php?Code=00_b2 | 200 OK Content-Length: 149 Content-Type: application/javascript | clean |
http://r5.dir.bg/js.php?Code=00_vkusno&enc=u | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://r5.dir.bg/js.php?Code=00_b1 | 200 OK Content-Length: 259 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write("<div class=\"ispace\">"); document.write('<iframe src=\"http://piccolo.dir.bg/trip_ad300x280.php\" frameborder=\"0\" scrolling=\"no\" width=\"300px\" height=\"280px\" id=\"norefresh\" name=\"norefresh\"> </iframe>'); document.write("</div>"); Antivirus reports:
| ||
http://r5.dir.bg/js.php?Code=00_corner | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://r5.dir.bg/js.php?Code=00_b3 | 200 OK Content-Length: 97 Content-Type: application/javascript | clean |
http://r5.dir.bg/js.php?Code=00_section_novini&enc=u | 200 OK Content-Length: 0 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: dir.bg
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 15 Nov 2014 12:24:35 GMT
Location: http://www.dir.bg/
Server: nginx/1.2.1
Content-Length: 184
Content-Type: text/html
...184 bytes of data.
GET / HTTP/1.1
Host: dir.bg
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 15 Nov 2014 12:24:35 GMT
Location: http://www.dir.bg/
Server: nginx/1.2.1
Content-Length: 184
Content-Type: text/html
...184 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: dir.bg
Referer: http://www.google.com/search?q=dir.bg
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: dir.bg
Referer: http://www.google.com/search?q=dir.bg
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=dir.bg
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://dir.bg/
Result: dir.bg is not infected or malware details are not published yet.
Result: dir.bg is not infected or malware details are not published yet.