Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://hoodi.ru/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: hoodi.ru Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Sat, 07 Mar 2015 12:06:11 GMT Location: http://web-redirect.ru/?web Server: nginx/1.6.2 Content-Type: text/html; charset=windows-1251 Set-Cookie: _cutt_caches_images=1425729971; expires=Sun, 08-Mar-2015 12:06:11 GMT; path=/ X-Powered-By: PHP/5.2.10 | malicious |
URL: http://web-redirect.ru/?web (imitation of visitor from search engine) GET /?web HTTP/1.1 Host: web-redirect.ru Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 302 Found Cache-Control: max-age=0 Connection: close Date: Sat, 07 Mar 2015 12:06:11 GMT Pragma: no-cache Location: http://cmsjoom.ru/components/com_weblinks/2/separator.php Server: nginx/1.0.15 Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Thu, 21 Jul 1977 07:30:00 GMT Last-Modified: Sat, 07 Mar 2015 12:06:11 GMT X-Powered-By: PHP/5.3.3 | suspicious |
Scanned pages/files
Request | Server response | Status |
http://hoodi.ru/ | 200 OK Content-Length: 97126 Content-Type: text/html | clean |
http://hoodi.ru/components/com_jcomments/js/jcomments-v2.1.js?v=2 | 200 OK Content-Length: 27179 Content-Type: application/x-javascript | clean |
http://hoodi.ru/components/com_jcomments/libraries/joomlatune/ajax.js | 200 OK Content-Length: 3978 Content-Type: application/x-javascript | clean |
http://hoodi.ru/media/system/js/caption.js | 200 OK Content-Length: 1963 Content-Type: application/x-javascript | clean |
http://hoodi.ru/modules/mod_swmenufree/jquery-1.2.6.pack.js | 200 OK Content-Length: 72173 Content-Type: application/x-javascript | clean |
http://hoodi.ru/modules/mod_swmenufree/hoverIntent.js | 200 OK Content-Length: 3174 Content-Type: application/x-javascript | clean |
http://hoodi.ru/modules/mod_swmenufree/superfish.js | 200 OK Content-Length: 3714 Content-Type: application/x-javascript | clean |
http://hoodi.ru/modules/mod_swmenufree/supersubs.js | 200 OK Content-Length: 3298 Content-Type: application/x-javascript | clean |
http://hoodi.ru/templates/shopper_frenzy/js/s5_suckerfish.js | 200 OK Content-Length: 383 Content-Type: application/x-javascript | clean |
http://hoodi.ru/modules/mod_s5_vm_accordion/s5_vm_accordion/s5_vm_accordion.js | 200 OK Content-Length: 9681 Content-Type: application/x-javascript | clean |
http://hoodi.ru//mc.yandex.ru/metrika/watch.js/ | 404 NOT FOUND Content-Length: 234850 Content-Type: text/html | clean |
http://hoodi.ru/index.php/ÐнÑеÑнеÑ-магазин.html | 200 OK Content-Length: 100531 Content-Type: text/html | clean |
http://www.hoodi.ru/components/com_virtuemart/fetchscript.php?gzip=1&subdir[0]=/themes/s5_shopper_frenzy&file[0]=theme.js&subdir[1]=/js&file[1]=sleight.js&subdir[2]=/js/mootools&file[2]=mootools-release-1.11.js&subdir[3]=/js/mootools&file[3]=mooPrompt.js | 200 OK Content-Length: 56684 Content-Type: text/javascript | clean |
http://odnaknopka.ru/ok3.js | 200 OK Content-Length: 2852 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function NewOdnaknopka3() {
this.domain=location.href+'/'; this.domain=this.domain.substr(this.domain.indexOf('://')+3); this.domain=this.domain.substr(0,this.domain.indexOf('/')); this.location=false; this.url=function(system) { var title=encodeURIComponent(document.title); var url=encodeURIComponent(location.href); switch (system) { case 1: return 'http://vkontakte.ru/share.php?url='+url; case 2: return 'http://www.facebook.com/sharer.php?u='+u } document.write(html); } } odnaknopka3=new NewOdnaknopka3(); odnaknopka3.init(); var js = document.createElement("script"); js.type = "text/javascript"; js.src = "http://odnaknopka.ru/stat.js"; document.body.appendChild(js); Antivirus reports:
| ||
http://www.hoodi.ru/components/com_virtuemart/fetchscript.php?gzip=1&subdir[0]=/js&file[0]=wz_tooltip.js | 200 OK Content-Length: 38065 Content-Type: text/javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=hoodi.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://hoodi.ru/
Result: hoodi.ru is not infected or malware details are not published yet.
Result: hoodi.ru is not infected or malware details are not published yet.