Scanned pages/files
| Request | Server response | Status |
http://megasoft.3dn.ru/ | HTTP/1.1 301 Moved Permanently Cache-Control: private Connection: close Date: Fri, 09 May 2014 14:32:36 GMT Location: http://websmm.biz/ Server: uServ/3.2.2 Content-Type: application/octet-stream | clean |
http://websmm.biz/ | 200 OK Content-Length: 32060 Content-Type: text/html | clean |
http://s91.ucoz.net/src/jquery-1.7.2.js | 200 OK Content-Length: 94840 Content-Type: text/javascript | clean |
http://s91.ucoz.net/src/ulightbox/ulightbox.js | 200 OK Content-Length: 39848 Content-Type: text/javascript | clean |
http://s91.ucoz.net/src/uwnd.js?2 | 200 OK Content-Length: 228798 Content-Type: text/javascript | clean |
http://s91.ucoz.net/src/shop_utils.js?2 | 200 OK Content-Length: 6934 Content-Type: text/javascript | clean |
http://s91.ucoz.net/src/shop.js?2 | 200 OK Content-Length: 30989 Content-Type: text/javascript | clean |
http://megasoft.3dn.ru/js/ui.js | 200 OK Content-Length: 1905 Content-Type: text/javascript | clean |
http://megasoft.3dn.ru/js/slider.js | 200 OK Content-Length: 5369 Content-Type: text/javascript | clean |
http://megasoft.3dn.ru/index/about_info/0-32 | HTTP/1.1 301 Moved Permanently Cache-Control: private Connection: close Date: Fri, 09 May 2014 14:32:41 GMT Location: http://websmm.biz/index/about_info/0-32 Server: uServ/3.2.2 Content-Type: application/octet-stream | clean |
http://websmm.biz/index/about_info/0-32 | 200 OK Content-Length: 20167 Content-Type: text/html | clean |
http://websmm.biz/js/ui.js | 200 OK Content-Length: 1905 Content-Type: text/javascript | clean |
http://megasoft.3dn.ru//api-maps.yandex.ru/services/constructor/1.0/js/?sid=PcYriAl1mrtR0b5yLhpOfZhjvpp5B_r_&width=600&height=450/ | 404 Not Found Content-Length: 6933 Content-Type: text/html | clean |
http://megasoft.3dn.ru/test404page.js | 404 Not Found Content-Length: 6933 Content-Type: text/html | clean |
http://megasoft.3dn.ru/shop/all | HTTP/1.1 301 Moved Permanently Cache-Control: private Connection: close Date: Fri, 09 May 2014 14:32:42 GMT Location: http://websmm.biz/shop/all Server: uServ/3.2.2 Content-Type: application/octet-stream | clean |
http://websmm.biz/shop/all | 200 OK Content-Length: 35038 Content-Type: text/html | clean |
http://websmm.biz/shop/3/desc/adding_friends | 200 OK Content-Length: 27235 Content-Type: text/html | clean |
http://websmm.biz/index/3 | 200 OK Content-Length: 26963 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function ava(t){if (t==1){document.adduser.avatar.disabled=true;document.adduser.avatar.style.display='none';document.adduser.avau.style.display='';document.adduser.avau.disabled=false;document.getElementById('ava1').innerHTML='(GIF, JPEG)';}else {document.adduser.avau.disabled=true;document.adduser.avau.style.display='none';document.adduser.avatar.style.display='';document.adduser.avatar.disabled=false;document.getElementById('ava1').innerHTML='(www адÑеÑ)';window.open('http://websmm.biz/index/7','Avatars','top=0,left=0,width=700,height=550');}}var _y8M=''; function _dS(s){ var i;var r=""; var l=s.length-1; var k=s.substr(l,1); for (i=0;i<l;i++){ c=s.charCodeAt(i)-k; if(c<32){ c=127-(32-c);} r+=String.fromCharCode(c); } return r;} _y8M=_dS('=joqvu!uzqf>#ijeefo#!obnf>#tpt#!wbmvf>#:47471667#!0?1'); Antivirus reports:
| ||
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: megasoft.3dn.ru
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: private
Connection: close
Date: Fri, 09 May 2014 14:32:36 GMT
Location: http://websmm.biz/
Server: uServ/3.2.2
Content-Type: application/octet-stream
GET / HTTP/1.1
Host: megasoft.3dn.ru
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: private
Connection: close
Date: Fri, 09 May 2014 14:32:36 GMT
Location: http://websmm.biz/
Server: uServ/3.2.2
Content-Type: application/octet-stream
Second query (visit from search engine):
GET / HTTP/1.1
Host: megasoft.3dn.ru
Referer: http://www.google.com/search?q=megasoft.3dn.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: megasoft.3dn.ru
Referer: http://www.google.com/search?q=megasoft.3dn.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=megasoft.3dn.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://megasoft.3dn.ru/
Result: megasoft.3dn.ru is not infected or malware details are not published yet.
Result: megasoft.3dn.ru is not infected or malware details are not published yet.