Scanned pages/files
Request | Server response | Status |
http://mettem-m.ru/ | 200 OK Content-Length: 17708 Content-Type: text/html | clean |
http://mettem-m.ru//www.mettem-m.ru.js.1c-bitrix-cdn.ru/bitrix/cache/js/s1/Mettem/kernel_main/kernel_main.js?1396856190277542/ | 404 Not Found Content-Length: 5995 Content-Type: text/html | clean |
http://mettem-m.ru//www.mettem-m.ru.js.1c-bitrix-cdn.ru/bitrix/cache/js/s1/Mettem/template_4e8be8e8303f30f6af3ca14a3f4643e2/template_4e8be8e8303f30f6af3ca14a3f4643e2_e6fb9afbc8d3770bccc977efae9834ff.js?1396853753670/ | 404 Not Found Content-Length: 5995 Content-Type: text/html | clean |
http://mettem-m.ru/about-the-company.php | 200 OK Content-Length: 73918 Content-Type: text/html | clean |
http://mettem-m.ru//www.mettem-m.ru.js.1c-bitrix-cdn.ru/bitrix/cache/js/s1/Mettem/template_de8b65b1cd296932ac1851b5996a5b08/template_de8b65b1cd296932ac1851b5996a5b08_151294dc004844f9e6b2138439c4bfd0.js?139685375313501/ | 404 Not Found Content-Length: 5995 Content-Type: text/html | clean |
http://mettem-m.ru/our-representatives.php | 200 OK Content-Length: 43557 Content-Type: text/html | clean |
http://www.forexpf.ru/_informer_/eurusd_.php | 200 OK Content-Length: 2732 Content-Type: text/html | clean |
http://www.forexpf.ru/test404page.js | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Wed, 16 Apr 2014 17:35:48 GMT Pragma: no-cache Location: / Server: Microsoft-IIS/6.0 Content-Length: 0 Content-Type: text/html; charset=windows-1251 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=tr76e7fahnsock2miftfdcrdh6; path=/ X-Conf: www-to-forum X-Powered-By: PHP/5.2.17 | clean |
http://www.forexpf.ru/ | 200 OK Content-Length: 69703 Content-Type: text/html | clean |
http://www.forexpf.ru/forex.js | 200 OK Content-Length: 361 Content-Type: application/javascript | clean |
http://yandex.st/share/share.js | 200 OK Content-Length: 56315 Content-Type: application/x-javascript | clean |
http://mc.yandex.ru/metrika/watch.js | 200 OK Content-Length: 58232 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(f,d,la){function L(a,b){return function(){try{return a.apply(this,arguments)}catch(c){-1<c.message.indexOf("NPObject")&&ta(c,b)}}}function ta(a,b){if(0.01>Math.random()){var c=["cp: "+b,a.name+": "+a.message,"debug: "+ua,"code: "+Ja,"stack: "+a.stack];(new Image).src="//an.yandex.ru/jserr/101500?"+fa({"cnt-class":100,errmsg:c.join("; ").replace(/\r?\n/g,"\\n")})}}function va(a){0.01>Math.random()&&(a=["ErrorLog: "+a,"code: "+Ja],(new Image).src="//an.yandex.ru/ function T(a,b){function c(a){a=a.split(":");a=a[1]||"";a=a.replace(/^\ Antivirus reports:
| ||
http://counter.rambler.ru/top100.jcn?360665 | 200 OK Content-Length: 6852 Content-Type: application/x-javascript | clean |
http://www.forexpf.ru/q2_new/adx.js | 200 OK Content-Length: 70 Content-Type: application/javascript | clean |
http://www.forexpf.ru/q2_new/adv.gif | 200 OK Content-Length: 0 Content-Type: image/gif | clean |
http://www.forexpf.ru/js/profinance.js | 200 OK Content-Length: 1226 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: mettem-m.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 16 Apr 2014 17:35:46 GMT
Pragma: no-cache
Server: nginx/1.4.1
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Expires: Thu, 19 Nov 1981 08:52:00 GMT
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
Set-Cookie: PHPSESSID=0e7c6484d80b0c11287232e2babc57bf; path=/; HttpOnly
X-Powered-By: PHP/5.3.18
X-Powered-CMS: Bitrix Site Manager (b3fd1c669bed5076bf8ae6280ec606d5)
GET / HTTP/1.1
Host: mettem-m.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 16 Apr 2014 17:35:46 GMT
Pragma: no-cache
Server: nginx/1.4.1
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Expires: Thu, 19 Nov 1981 08:52:00 GMT
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
Set-Cookie: PHPSESSID=0e7c6484d80b0c11287232e2babc57bf; path=/; HttpOnly
X-Powered-By: PHP/5.3.18
X-Powered-CMS: Bitrix Site Manager (b3fd1c669bed5076bf8ae6280ec606d5)
Second query (visit from search engine):
GET / HTTP/1.1
Host: mettem-m.ru
Referer: http://www.google.com/search?q=mettem-m.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: mettem-m.ru
Referer: http://www.google.com/search?q=mettem-m.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=mettem-m.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://mettem-m.ru/
Result: mettem-m.ru is not infected or malware details are not published yet.
Result: mettem-m.ru is not infected or malware details are not published yet.