Scanned pages/files
Request | Server response | Status |
http://eda.mani-com.ru/ | 200 OK Content-Length: 48676 Content-Type: text/html | clean |
http://eda.mani-com.ru/wp-includes/js/jquery/jquery.js?ver=1.8.3 | 200 OK Content-Length: 93658 Content-Type: application/x-javascript | clean |
http://eda.mani-com.ru/wp-content/plugins/wp-notcaptcha/lib/trackbar.js | 200 OK Content-Length: 16132 Content-Type: application/x-javascript | clean |
http://eda.mani-com.ru/wp-content/themes/Choco/chocotheme/js/fn.js | 200 OK Content-Length: 83 Content-Type: application/x-javascript | clean |
http://odnaknopka.ru/wp/ok2.utf8.js | 200 OK Content-Length: 6155 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function NewOdnaknopka2() {
this.domain=location.href+'/'; this.domain=this.domain.substr(this.domain.indexOf('://')+3); this.domain=this.domain.substr(0,this.domain.indexOf('/')); this.location=false; this.wpurl=false; this.wptitle=false; this.selection=function() { var sel; if (window.getSelection) sel=window.getSelection(); else if (document.selection) sel=document.selection.createRange(); else sel=''; if (sel.text) sel=sel.text; } } odnaknopka2=new NewOdnaknopka2(); function okbm(url,title) { odnaknopka2.wp(url,title); odnaknopka2.init(); } Antivirus reports:
| ||
http://eda.mani-com.ru/wp-content/plugins/contact-form-7/jquery.form.js?ver=2.52 | 200 OK Content-Length: 26755 Content-Type: application/x-javascript | clean |
http://eda.mani-com.ru/wp-content/plugins/contact-form-7/scripts.js?ver=2.4.6 | 200 OK Content-Length: 5802 Content-Type: application/x-javascript | clean |
http://tastysite.ru/shows435.js | 200 OK Content-Length: 0 Content-Type: text/javascript | clean |
http://eda.mani-com.ru/vse-stati-bloga | 200 OK Content-Length: 102384 Content-Type: text/html | clean |
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 21269 Content-Type: text/javascript | clean |
http://eda.mani-com.ru/wp-content/plugins/akismet/_inc/form.js?ver=3.0.1 | 200 OK Content-Length: 700 Content-Type: application/x-javascript | clean |
http://eda.mani-com.ru/about | 200 OK Content-Length: 116422 Content-Type: text/html | clean |
http://eda.mani-com.ru/feed/rss | HTTP/1.1 301 Moved Permanently Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 07 Aug 2014 16:35:06 GMT Pragma: no-cache ETag: "70128a1b061f84b02e160c1c24754f55" Location: http://eda.mani-com.ru/feed Server: nginx/1.6.0 Vary: Cookie Content-Type: text/html; charset=utf-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Last-Modified: Tue, 27 May 2014 05:04:13 GMT Set-Cookie: PHPSESSID=92bf78eee53fa42a60aa6b7c679eea3a; path=/ X-Pingback: http://eda.mani-com.ru/xmlrpc.php X-Powered-By: PHP/5.3.18 | clean |
http://eda.mani-com.ru/feed | 200 OK Content-Length: 99207 Content-Type: text/xml | clean |
http://eda.mani-com.ru/novosti/salat-iz-pekinskoy-kapustyi-s-fasolyu | 200 OK Content-Length: 43985 Content-Type: text/html | clean |
http://eda.mani-com.ru/novosti/salat-hrumka | 200 OK Content-Length: 57889 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: eda.mani-com.ru
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=3, must-revalidate
Connection: close
Date: Thu, 07 Aug 2014 16:35:00 GMT
Accept-Ranges: bytes
ETag: "1192030-be24-5000c4868f980"
Server: nginx/1.6.0
Vary: Accept-Encoding
Vary: Accept-Encoding,Cookie
Content-Length: 48676
Content-Type: text/html; charset=utf-8
Expires: Thu, 07 Aug 2014 16:35:03 GMT
Last-Modified: Thu, 07 Aug 2014 16:07:18 GMT
...48676 bytes of data.
GET / HTTP/1.1
Host: eda.mani-com.ru
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=3, must-revalidate
Connection: close
Date: Thu, 07 Aug 2014 16:35:00 GMT
Accept-Ranges: bytes
ETag: "1192030-be24-5000c4868f980"
Server: nginx/1.6.0
Vary: Accept-Encoding
Vary: Accept-Encoding,Cookie
Content-Length: 48676
Content-Type: text/html; charset=utf-8
Expires: Thu, 07 Aug 2014 16:35:03 GMT
Last-Modified: Thu, 07 Aug 2014 16:07:18 GMT
...48676 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: eda.mani-com.ru
Referer: http://www.google.com/search?q=eda.mani-com.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: eda.mani-com.ru
Referer: http://www.google.com/search?q=eda.mani-com.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=eda.mani-com.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://eda.mani-com.ru/
Result: eda.mani-com.ru is not infected or malware details are not published yet.
Result: eda.mani-com.ru is not infected or malware details are not published yet.