Scanned pages/files
| Request | Server response | Status |
http://kino.guchok.ru/ | 200 OK Content-Length: 65459 Content-Type: text/html | clean |
http://kino.guchok.ru/engine/ajax/menu.js | 200 OK Content-Length: 3368 Content-Type: application/x-javascript | clean |
http://kino.guchok.ru/engine/ajax/dle_ajax.js | 200 OK Content-Length: 4725 Content-Type: application/x-javascript | clean |
http://kino.guchok.ru/engine/ajax/js_edit.js | 200 OK Content-Length: 6806 Content-Type: application/x-javascript | clean |
http://flushmviolent.org/v/61173281-kino.guchok.ru.js | 200 OK Content-Length: 730 Content-Type: text/html | clean |
http:\/\/richmediaadspot.info\/codes\/6827\/2298_kino.guchok.ru.js | 500 No Host option provided Content-Length: 73 Content-Type: text/plain | clean |
http://richmediaadspot.info\/test404page.js | 500 Can't connect to richmediaadspot.info\:80 (Bad hostname) Content-Length: 174 Content-Type: text/plain | clean |
http://odnaknopka.ru/ok2.js | 200 OK Content-Length: 6105 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function NewOdnaknopka2() {
this.domain=location.href+'/'; this.domain=this.domain.substr(this.domain.indexOf('://')+3); this.domain=this.domain.substr(0,this.domain.indexOf('/')); this.location=false; this.selection=function() { var sel; if (window.getSelection) sel=window.getSelection(); else if (document.selection) sel=document.selection.createRange(); else sel=''; if (sel.text) sel=sel.text; return encodeURIComponent(sel); } th } } odnaknopka2=new NewOdnaknopka2(); odnaknopka2.init(); Antivirus reports:
| ||
http://toget.ru/informers/showinformer.php?id=wm189_3 | 200 OK Content-Length: 4681 Content-Type: application/x-javascript | clean |
http://toget.ru/informers/showinformer.php?id=wm189_1 | 200 OK Content-Length: 11142 Content-Type: application/x-javascript | clean |
http://toget.ru/informers/showinformer.php?id=wm189_2 | 200 OK Content-Length: 11142 Content-Type: application/x-javascript | clean |
http://counter.rambler.ru/top100.jcn?1591952 | 200 OK Content-Length: 6853 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: kino.guchok.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sat, 12 Apr 2014 00:54:33 GMT
Pragma: no-cache
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Fri, 11 Apr 2014 18:54:33 +0400 GMT
Set-Cookie: PHPSESSID=de59cf8edb23e25ef5f30c38f615f94f; path=/
X-Powered-By: PHP/5.2.17
GET / HTTP/1.1
Host: kino.guchok.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sat, 12 Apr 2014 00:54:33 GMT
Pragma: no-cache
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Fri, 11 Apr 2014 18:54:33 +0400 GMT
Set-Cookie: PHPSESSID=de59cf8edb23e25ef5f30c38f615f94f; path=/
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: kino.guchok.ru
Referer: http://www.google.com/search?q=kino.guchok.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: kino.guchok.ru
Referer: http://www.google.com/search?q=kino.guchok.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=kino.guchok.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://kino.guchok.ru/
Result: kino.guchok.ru is not infected or malware details are not published yet.
Result: kino.guchok.ru is not infected or malware details are not published yet.