Scanned pages/files
| Request | Server response | Status |
http://modexp.ru/ | 200 OK Content-Length: 43005 Content-Type: text/html | clean |
http://modexp.ru/sites/default/files/js/js_xAPl0qIk9eowy_iS9tNkCWXLUVoat94SQT48UBCFkyQ.js | 200 OK Content-Length: 96126 Content-Type: application/x-javascript | clean |
http://modexp.ru/sites/default/files/js/js_0n3LHDQCUevLWtZmUsEJAW8h42Qx3NJikvC81201a8c.js | 200 OK Content-Length: 6377 Content-Type: application/x-javascript | clean |
http://modexp.ru/sites/default/files/js/js_Rpi5pvdiMNv-muf71momus4X1kJOb4P63o-M6irNOY4.js | 200 OK Content-Length: 6610 Content-Type: application/x-javascript | clean |
http://modexp.ru/sites/default/files/js/js_FEiWYzvqso6zyKAbHqmnw28iYbSDxMJ670JT3fy0Wbo.js | 200 OK Content-Length: 12532 Content-Type: application/x-javascript | clean |
http://modexp.ru/sites/default/files/js/js_ldfE29J26kApcGDdWhWewF4alELiHYJRTtgI6ZTa87U.js | 200 OK Content-Length: 17702 Content-Type: application/x-javascript | clean |
http://modexp.ru/sites/default/files/js/js_i43PSWr6SPk2zXtyNez44ogVpc9Y0rqn_dRyk4KDN0Q.js | 200 OK Content-Length: 26294 Content-Type: application/x-javascript | clean |
http://modexp.ru/?inline=true | 200 OK Content-Length: 1625 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked By Moroccan Revolution Team <html>
<head> <meta http-equiv="Content-Language" content="fr"> <meta http-equiv="Content-Type" content="text/html; charset=windows-1252"> <title>Hacked By Moroccan Revolution Team</title> </head> <body background="http://zomgplay.com/wp-content/uploads/2014/01/Tom-Clancy-Ghost-Recon-Online-Artic.jpg"> <p align="center"><img border="0" src="http://www.rofof.com/img/8td25mg.gif" width="350" height="310"></p> <hr> <p align="center"><b><font size="7" face="Agency FB" color="#003300">Hacked By</font>&l ...[1488 bytes skipped]... | ||
http://modexp.ru/test404page.js | 200 OK Content-Length: 1625 Content-Type: text/html | clean |
http://modexp.ru/products | 200 OK Content-Length: 1625 Content-Type: text/html | clean |
http://modexp.ru/blok-konteynery | 200 OK Content-Length: 42123 Content-Type: text/html | clean |
http://modexp.ru/sites/default/files/js/js_geVQ_PT6lwbiE-8kMa16a_ca_0L4v9wo_q3bBrKNins.js | 200 OK Content-Length: 30234 Content-Type: application/x-javascript | clean |
http://modexp.ru/modulnye-zdaniya | 200 OK Content-Length: 1625 Content-Type: text/html | clean |
http://modexp.ru/o-produkcii-i-kompanii-containex | 200 OK Content-Length: 1625 Content-Type: text/html | clean |
http://modexp.ru/sravnenie-kapitalnogo-i-modulnogo-stroitelstva | 200 OK Content-Length: 42818 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: modexp.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 29 Jul 2015 00:52:08 GMT
Accept-Ranges: bytes
ETag: "a7fd-5196ed2114f40"
Server: nginx/1.7.6
Vary: Accept-Encoding
Vary: Accept-Encoding
Content-Length: 43005
Content-Type: text/html; charset=utf-8
Expires: Sun, 19 Nov 1978 05:00:00 GMT
X-Cached-By: Boost
...43005 bytes of data.
GET / HTTP/1.1
Host: modexp.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 29 Jul 2015 00:52:08 GMT
Accept-Ranges: bytes
ETag: "a7fd-5196ed2114f40"
Server: nginx/1.7.6
Vary: Accept-Encoding
Vary: Accept-Encoding
Content-Length: 43005
Content-Type: text/html; charset=utf-8
Expires: Sun, 19 Nov 1978 05:00:00 GMT
X-Cached-By: Boost
...43005 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: modexp.ru
Referer: http://www.google.com/search?q=modexp.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: modexp.ru
Referer: http://www.google.com/search?q=modexp.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=modexp.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://modexp.ru/
Result: modexp.ru is not infected or malware details are not published yet.
Result: modexp.ru is not infected or malware details are not published yet.