Scanned pages/files
| Request | Server response | Status |
http://love.coca.bz/ | 200 OK Content-Length: 106748 Content-Type: text/html | clean |
http://css.loveplanet.ru/3/img/07_red/main.js | 200 OK Content-Length: 10155 Content-Type: application/x-javascript | clean |
http://css.loveplanet.ru/3/img/07_red/v1/v1.js | 200 OK Content-Length: 4308 Content-Type: application/x-javascript | clean |
http://css.loveplanet.ru/3/imgstc/fw_slideshow2.js | 200 OK Content-Length: 3078 Content-Type: application/x-javascript | clean |
http://css.loveplanet.ru/3/imgstc/swfobject.js | 200 OK Content-Length: 10220 Content-Type: application/x-javascript | clean |
http://css.loveplanet.ru/3/imgstc/exchange_v1d.js?52 | 200 OK Content-Length: 47419 Content-Type: application/x-javascript | clean |
http://css.loveplanet.ru/3/imgstc/default_count_rules.js | 200 OK Content-Length: 2934 Content-Type: application/x-javascript | clean |
http://css.loveplanet.ru/3/imgstc/xforms/js/lpjl-core.min.js | 200 OK Content-Length: 16042 Content-Type: application/x-javascript | clean |
http://css.loveplanet.ru/3/imgstc/xforms/js/lpjl-ui.js | 200 OK Content-Length: 104560 Content-Type: application/x-javascript | clean |
http://odnaknopka.ru/ok2.js | 200 OK Content-Length: 6105 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function NewOdnaknopka2() {
this.domain=location.href+'/'; this.domain=this.domain.substr(this.domain.indexOf('://')+3); this.domain=this.domain.substr(0,this.domain.indexOf('/')); this.location=false; this.selection=function() { var sel; if (window.getSelection) sel=window.getSelection(); else if (document.selection) sel=document.selection.createRange(); else sel=''; if (sel.text) sel=sel.text; return encodeURIComponent(sel); } th } } odnaknopka2=new NewOdnaknopka2(); odnaknopka2.init(); Antivirus reports:
| ||
http://p22611.adskape.ru/adout.js?p=22611&t=4 | 200 OK Content-Length: 389 Content-Type: text/html | clean |
http://p22611.adskape.ru/adout.php?p=22611&t=4&sid=' + sid + ref + topfr +' | 200 OK Content-Length: 243 Content-Type: text/html | clean |
http://p22611.adskape.ru/test404page.js | 404 Not Found Content-Length: 16 Content-Type: text/html | clean |
http://www.conduit-banners.com/Radio/?ctid=CT2420337&BannerType=Radio234x60Blue&setup=true&culture=ru | 200 OK Content-Length: 500 Content-Type: text/html | clean |
http://media-storage.org/base_lp_production.js | 200 OK Content-Length: 5139 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: love.coca.bz
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sun, 07 Dec 2014 09:16:27 GMT
Server: nginx
Content-Type: text/html; charset=utf-8
Expires: Sun, 07 Dec 2014 09:16:27 GMT
Last-Modified: Sun, 07 Dec 2014 09:16:27 GMT
Set-Cookie: split=1%2C9%2C0%3B2%2C4%2C0%3B3%2C9%2C0%3B4%2C8%2C0%3B5%2C4%2C0%3B6%2C5%2C0%3B7%2C7%2C0%3B8%2C6%2C0; path=/; expires=Tue, 06-Jan-2015 09:16:27 GMT; domain=.love.coca.bz
Set-Cookie: domhit1=1417899600; path=/; expires=Tue, 09-Dec-2014 09:16:27 GMT; domain=.love.coca.bz
Set-Cookie: randomhit=1495335753; path=/; expires=Tue, 06-Jan-2015 09:16:27 GMT; domain=.love.coca.bz
Set-Cookie: landing_raw=aHR0cDovL2xvdmUuY29jYS5iei9pbmRleC5odG1s; path=/; expires=Mon, 08-Dec-2014 09:16:27 GMT; domain=.love.coca.bz
GET / HTTP/1.1
Host: love.coca.bz
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sun, 07 Dec 2014 09:16:27 GMT
Server: nginx
Content-Type: text/html; charset=utf-8
Expires: Sun, 07 Dec 2014 09:16:27 GMT
Last-Modified: Sun, 07 Dec 2014 09:16:27 GMT
Set-Cookie: split=1%2C9%2C0%3B2%2C4%2C0%3B3%2C9%2C0%3B4%2C8%2C0%3B5%2C4%2C0%3B6%2C5%2C0%3B7%2C7%2C0%3B8%2C6%2C0; path=/; expires=Tue, 06-Jan-2015 09:16:27 GMT; domain=.love.coca.bz
Set-Cookie: domhit1=1417899600; path=/; expires=Tue, 09-Dec-2014 09:16:27 GMT; domain=.love.coca.bz
Set-Cookie: randomhit=1495335753; path=/; expires=Tue, 06-Jan-2015 09:16:27 GMT; domain=.love.coca.bz
Set-Cookie: landing_raw=aHR0cDovL2xvdmUuY29jYS5iei9pbmRleC5odG1s; path=/; expires=Mon, 08-Dec-2014 09:16:27 GMT; domain=.love.coca.bz
Second query (visit from search engine):
GET / HTTP/1.1
Host: love.coca.bz
Referer: http://www.google.com/search?q=love.coca.bz
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: love.coca.bz
Referer: http://www.google.com/search?q=love.coca.bz
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=love.coca.bz
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://love.coca.bz/
Result: love.coca.bz is not infected or malware details are not published yet.
Result: love.coca.bz is not infected or malware details are not published yet.