Scanned pages/files
Request | Server response | Status |
http://mults.3dn.ru/ | 200 OK Content-Length: 41450 Content-Type: text/html | clean |
http://s28.ucoz.net/src/jquery-1.7.2.js | 200 OK Content-Length: 94840 Content-Type: text/javascript | clean |
http://s28.ucoz.net/src/ulightbox/ulightbox.js | 200 OK Content-Length: 22097 Content-Type: text/javascript | clean |
http://s28.ucoz.net/src/uwnd.js?2 | 200 OK Content-Length: 228554 Content-Type: text/javascript | clean |
http://www.anekdot.ru/rss/randomu.html | 200 OK Content-Length: 1748 Content-Type: text/html | clean |
http://www.anekdot.ru/ | 200 OK Content-Length: 36109 Content-Type: text/html | suspicious |
Suspicious code found <div class="b-soc"> <a class="b-soc-icon b-soc-icon_vk" target="_blank" rel="nofollow" href="/away/?id=2" title="Àíåêäîòû èç Ðîññèè â ÂÊîíòàêòå"></a> <a class="b-soc-icon b-soc-icon_fb" target="_blank" rel="nofollow" href="/away/?id=3" title="Àíåêäîòû èç Ðîññèè â Facebook"></a> <a class="b-soc-icon b-soc-icon_tw" target="_blank" rel="nofollow" href="/away/?id=1" title="Åæåäíåâíûå àíåêäîòû â Twitter"></a> <a class="b-soc-icon b-soc-icon_od" target="_blank" rel="nofollow" href="/away/?id=4" title="Àíåêäîòû èç Ðîññèè â Îäíîêëàññíèêàõ"></a> </div> | ||
http://www.anekdot.ru/js/s_index.js?64 | 200 OK Content-Length: 24676 Content-Type: application/x-javascript | clean |
http://www.anekdot.ru//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js/ | HTTP/1.1 404 Not Found Connection: close Date: Wed, 29 Oct 2014 14:19:51 GMT ETag: "138e92-b4a-4bcd8f60f5380" Server: nginx Content-Type: text/html; charset=windows-1251 | clean |
http://www.anekdot.ru/test404page.js | 404 Not Found Content-Length: 564 Content-Type: text/html | clean |
http://www.anekdot.ru/scripts/rand_anekdot.php?t=j | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 29 Oct 2014 14:19:51 GMT Location: /random/anekdot/ Server: nginx Content-Length: 0 Content-Type: text/html; charset=windows-1251 Set-Cookie: uid=AAAAAVRQ94cAAQ8XCAnAAg==; expires=Sat, 26-Oct-2024 14:19:51 GMT; path=/; domain=.anekdot.ru | clean |
http://www.anekdot.ru/random/anekdot/ | 200 OK Content-Length: 44160 Content-Type: text/html | suspicious |
Suspicious code found <a href="http://video.anekdot.ru/" rel="nofollow" title="Âèäåî-àíåêäîòû">âèäåî</a> • | ||
http://www.anekdot.ru/js/s_main.js?64 | 200 OK Content-Length: 18155 Content-Type: application/x-javascript | clean |
http://vk.com/js/api/share.js?90 | 200 OK Content-Length: 10156 Content-Type: application/x-javascript | clean |
http://profitwizard.net/top/10/ | 200 OK Content-Length: 180 Content-Type: text/javascript | clean |
http://www.anekdot.ru//server.adeasy.ru/code/jsasync/7161?cid=adeasy-7130/ | HTTP/1.1 404 Not Found Connection: close Date: Wed, 29 Oct 2014 14:19:53 GMT ETag: "138e92-b4a-4bcd8f60f5380" Server: nginx Content-Type: text/html; charset=windows-1251 | clean |
http://www.anekdot.ru//server.adeasy.ru/code/jsasync/7164?cid=adeasy-7133/ | HTTP/1.1 404 Not Found Connection: close Date: Wed, 29 Oct 2014 14:19:53 GMT ETag: "138e92-b4a-4bcd8f60f5380" Server: nginx Content-Type: text/html; charset=windows-1251 | clean |
https://apis.google.com/js/plusone.js | 200 OK Content-Length: 12600 Content-Type: application/javascript | clean |
http://mults.3dn.ru/widget/?8;2009|10|31|%D0%A1%D0%B0%D0%B9%D1%82%20%D1%81%D1%83%D1%89%D0%B5%D1%81%D1%82%D0%B2%D1%83%D0%B5%D1%82%20%3Cb%3E%25N%25%3C%2Fb%3E%20%D0%B4%D0%BD%D0%B5%D0%B9 | 200 OK Content-Length: 524 Content-Type: text/javascript | clean |
http://odnaknopka.ru/ok3.js | 200 OK Content-Length: 2766 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function NewOdnaknopka3() {
this.domain=location.href+'/'; this.domain=this.domain.substr(this.domain.indexOf('://')+3); this.domain=this.domain.substr(0,this.domain.indexOf('/')); this.location=false; this.url=function(system) { var title=encodeURIComponent(document.title); var url=encodeURIComponent(location.href); switch (system) { case 1: return 'http://vkontakte.ru/share.php?url='+url; case 2: return 'http://www.facebook.com/sharer.php?u='+u for (i=0;i<12;i++) { html+='<a href="'+this.url(i+1)+'" onclick="return odnaknopka3.go('+(i+1)+');"><img src="http://odnaknopka.ru/images/blank.gif" width="16" height="16" alt=" #" title="'+titles[i]+'" style="border:0;padding:0;margin:0 4px 0 0;background:url(http://odnaknopka.ru/images/panel.png) no-repeat -270px -'+(i*16)+'px"/></a>'; } document.write(html); } } odnaknopka3=new NewOdnaknopka3(); odnaknopka3.init(); Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: mults.3dn.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 29 Oct 2014 14:19:47 GMT
Server: uServ/3.2.2
Content-Length: 41450
Content-Type: text/html; charset=UTF-8
...41450 bytes of data.
GET / HTTP/1.1
Host: mults.3dn.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 29 Oct 2014 14:19:47 GMT
Server: uServ/3.2.2
Content-Length: 41450
Content-Type: text/html; charset=UTF-8
...41450 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: mults.3dn.ru
Referer: http://www.google.com/search?q=mults.3dn.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: mults.3dn.ru
Referer: http://www.google.com/search?q=mults.3dn.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=mults.3dn.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://mults.3dn.ru/
Result: mults.3dn.ru is not infected or malware details are not published yet.
Result: mults.3dn.ru is not infected or malware details are not published yet.