Scanned pages/files
Request | Server response | Status |
http://moytriumf.ru/ | 200 OK Content-Length: 84437 Content-Type: text/html | clean |
http://moytriumf.ru/wp-content/themes/time_is_money_v10/script.js | 200 OK Content-Length: 6575 Content-Type: application/x-javascript | clean |
http://moytriumf.ru/wp-includes/js/jquery/jquery.js?ver=1.10.2 | 200 OK Content-Length: 93085 Content-Type: application/x-javascript | clean |
http://moytriumf.ru/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/x-javascript | clean |
http://moytriumf.ru/wp-content/plugins/nkfireworks/fireworks.js | 200 OK Content-Length: 3600 Content-Type: application/x-javascript | clean |
http://cdn.topsy.com/topsy.js?init=topsyWidgetCreator | 200 OK Content-Length: 17264 Content-Type: text/javascript | clean |
http://moytriumf.ru/wp-content/plugins/wp_testme/js/testme.js | 200 OK Content-Length: 1497 Content-Type: application/x-javascript | clean |
http://odnaknopka.ru/wp/ok2.utf8.js | 200 OK Content-Length: 6155 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function NewOdnaknopka2() {
this.domain=location.href+'/'; this.domain=this.domain.substr(this.domain.indexOf('://')+3); this.domain=this.domain.substr(0,this.domain.indexOf('/')); this.location=false; this.wpurl=false; this.wptitle=false; this.selection=function() { var sel; if (window.getSelection) sel=window.getSelection(); else if (document.selection) sel=document.selection.createRange(); else sel=''; if (sel.text) sel=sel.text; } } odnaknopka2=new NewOdnaknopka2(); function okbm(url,title) { odnaknopka2.wp(url,title); odnaknopka2.init(); } Antivirus reports:
| ||
http://i.likebot.com/button.js | 200 OK Content-Length: 88605 Content-Type: application/x-javascript | clean |
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 22456 Content-Type: text/javascript | clean |
http://moytriumf.ru/izrecheniya-mudretsov/ | 200 OK Content-Length: 45755 Content-Type: text/html | clean |
http://moytriumf.ru/obo-mne/ | 200 OK Content-Length: 32251 Content-Type: text/html | clean |
http://moytriumf.ru/poleznyie-knigi/ | 200 OK Content-Length: 49530 Content-Type: text/html | clean |
http://moytriumf.ru/predlozhit-statyu/ | 200 OK Content-Length: 29585 Content-Type: text/html | clean |
http://moytriumf.ru/reklama-na-sayte/ | 200 OK Content-Length: 36354 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: moytriumf.ru
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=3, must-revalidate
Connection: close
Date: Sat, 10 May 2014 15:36:02 GMT
Server: nginx/1.4.1
Vary: Accept-Encoding
Vary: Accept-Encoding,Cookie
Content-Type: text/html; charset=UTF-8
WP-Super-Cache: Served supercache file from PHP
X-Powered-By: PHP/5.2.17
GET / HTTP/1.1
Host: moytriumf.ru
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=3, must-revalidate
Connection: close
Date: Sat, 10 May 2014 15:36:02 GMT
Server: nginx/1.4.1
Vary: Accept-Encoding
Vary: Accept-Encoding,Cookie
Content-Type: text/html; charset=UTF-8
WP-Super-Cache: Served supercache file from PHP
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: moytriumf.ru
Referer: http://www.google.com/search?q=moytriumf.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: moytriumf.ru
Referer: http://www.google.com/search?q=moytriumf.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=moytriumf.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://moytriumf.ru/
Result: moytriumf.ru is not infected or malware details are not published yet.
Result: moytriumf.ru is not infected or malware details are not published yet.