Scanned pages/files
Request | Server response | Status |
http://obl-vesti.ru/ | 200 OK Content-Length: 635 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: HACKED BY Private User for 19.05.2015 <html>
<head><title>HACKED BY Private User for 19.05.2015</title></head> <body bgcolor="#000000"> <b><font size="145"> <font color="#FFFFFF">HACKED BY Private User for <font color="#FF0000">19.05.2015</b> <a href="http://www.uploadmusic.org"><object type="application/x-shockwave-flash" width="0" height="0"data="http://www.uploadmusic.org/musicplayer.swf?song_url=http://www.uploadmusic.org/MUSIC/4181181432379172.mp3&autoplay=true"><param name="movie"value="http://www.uploadmusic.org/musicplayer.swf?song_url=http://www.uploadmusic.org/MUSIC/4181181432379172.mp3&song_title=uploadmusic.org&autoplay=true" /></object> </html> | ||
http://obl-vesti.ru/test404page.js | HTTP/1.1 302 Found Connection: close Date: Fri, 26 Jun 2015 05:18:02 GMT Location: http://err.agava.ru/vh/404.html Server: nginx Content-Length: 215 Content-Type: text/html; charset=iso-8859-1 | clean |
http://err.agava.ru/vh/404.html | 200 OK Content-Length: 33467 Content-Type: text/html | clean |
http://err.agava.ru/vh/assets/js/jquery-1.10.2.min.js | 200 OK Content-Length: 93117 Content-Type: application/x-javascript | clean |
http://obl-vesti.ru/assets/js/check_new.min.js | HTTP/1.1 302 Found Connection: close Date: Fri, 26 Jun 2015 05:18:02 GMT Location: http://err.agava.ru/vh/404.html Server: nginx Content-Length: 215 Content-Type: text/html; charset=iso-8859-1 | clean |
http://err.agava.ru/test404page.js | HTTP/1.1 302 Moved Temporarily Connection: close Date: Fri, 26 Jun 2015 05:38:15 GMT Location: http://err.agava.ru/vh/404.html Server: nginx/0.7.67 Content-Length: 161 Content-Type: text/html | clean |
http://obl-vesti.ru/assets/js/header_script.min.js | HTTP/1.1 302 Found Connection: close Date: Fri, 26 Jun 2015 05:18:02 GMT Location: http://err.agava.ru/vh/404.html Server: nginx Content-Length: 215 Content-Type: text/html; charset=iso-8859-1 | clean |
http://obl-vesti.ru/assets/js/test-script.js | HTTP/1.1 302 Found Connection: close Date: Fri, 26 Jun 2015 05:18:02 GMT Location: http://err.agava.ru/vh/404.html Server: nginx Content-Length: 215 Content-Type: text/html; charset=iso-8859-1 | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: obl-vesti.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 26 Jun 2015 05:18:01 GMT
Pragma: no-cache
Server: nginx
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Thu, 25 Jun 2015 22:18:01 GMT
Set-Cookie: PHPSESSID=3ds1im9jkd45nlmfujo70hbjr1; path=/
Set-Cookie: dle_user_id=deleted; expires=Thu, 26-Jun-2014 05:18:00 GMT; path=/; domain=.obl-vesti.ru; httponly
Set-Cookie: dle_password=deleted; expires=Thu, 26-Jun-2014 05:18:00 GMT; path=/; domain=.obl-vesti.ru; httponly
Set-Cookie: dle_hash=deleted; expires=Thu, 26-Jun-2014 05:18:00 GMT; path=/; domain=.obl-vesti.ru; httponly
X-Powered-By: PHP/5.2.17
GET / HTTP/1.1
Host: obl-vesti.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 26 Jun 2015 05:18:01 GMT
Pragma: no-cache
Server: nginx
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Thu, 25 Jun 2015 22:18:01 GMT
Set-Cookie: PHPSESSID=3ds1im9jkd45nlmfujo70hbjr1; path=/
Set-Cookie: dle_user_id=deleted; expires=Thu, 26-Jun-2014 05:18:00 GMT; path=/; domain=.obl-vesti.ru; httponly
Set-Cookie: dle_password=deleted; expires=Thu, 26-Jun-2014 05:18:00 GMT; path=/; domain=.obl-vesti.ru; httponly
Set-Cookie: dle_hash=deleted; expires=Thu, 26-Jun-2014 05:18:00 GMT; path=/; domain=.obl-vesti.ru; httponly
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: obl-vesti.ru
Referer: http://www.google.com/search?q=obl-vesti.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: obl-vesti.ru
Referer: http://www.google.com/search?q=obl-vesti.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=obl-vesti.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://obl-vesti.ru/
Result: obl-vesti.ru is not infected or malware details are not published yet.
Result: obl-vesti.ru is not infected or malware details are not published yet.