Scanned pages/files
Request | Server response | Status |
http://nonmuseum.ru/ | 200 OK Content-Length: 4828 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: !-- Hacked by Virus-Dz -- <!-- Hacked by Virus-Dz --> <html> <SCRIPT LANGUAGE="JavaScript"> <!-- document.oncontextmenu = function(){return false} if(document.layers) { window.captureEvents(Event.MOUSEDOWN); window.onmousedown = function(e){ if(e.target==document)return false; } } else { document.onmousedown = function(){return false} } // --> </script> <head> ...[5060 bytes skipped]... | ||
http://nonmuseum.ru/test404page.js | 404 Not Found Content-Length: 315 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: nonmuseum.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 01 Sep 2014 05:47:21 GMT
Accept-Ranges: bytes
Age: 779
ETag: "1f4e902-12dc-4f5fb031b2dde"
Server: Apache/2.2.15 (Red Hat) mod_rpaf/0.6 PHP/5.3.27
Content-Length: 4828
Content-Type: text/html; charset=UTF-8
Last-Modified: Tue, 01 Apr 2014 13:19:04 GMT
X-Cache: HIT from turbine6.ht-systems.ru
X-Cache-Lookup: HIT from turbine6.ht-systems.ru:6667
...4828 bytes of data.
GET / HTTP/1.1
Host: nonmuseum.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 01 Sep 2014 05:47:21 GMT
Accept-Ranges: bytes
Age: 779
ETag: "1f4e902-12dc-4f5fb031b2dde"
Server: Apache/2.2.15 (Red Hat) mod_rpaf/0.6 PHP/5.3.27
Content-Length: 4828
Content-Type: text/html; charset=UTF-8
Last-Modified: Tue, 01 Apr 2014 13:19:04 GMT
X-Cache: HIT from turbine6.ht-systems.ru
X-Cache-Lookup: HIT from turbine6.ht-systems.ru:6667
...4828 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: nonmuseum.ru
Referer: http://www.google.com/search?q=nonmuseum.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: nonmuseum.ru
Referer: http://www.google.com/search?q=nonmuseum.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=nonmuseum.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://nonmuseum.ru/
Result: nonmuseum.ru is not infected or malware details are not published yet.
Result: nonmuseum.ru is not infected or malware details are not published yet.