Scanned pages/files
Request | Server response | Status |
http://peoplemagazine.ru/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 15 Sep 2014 08:18:22 GMT Location: http://www.people.com Server: Apache-Coyote/1.1 Content-Length: 0 | clean |
http://www.people.com/ | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=0, no-cache, no-store Connection: close Date: Mon, 15 Sep 2014 08:18:23 GMT Pragma: no-cache Accept-Ranges: bytes Location: http://www.people.com/people/ Server: Apache Content-Length: 237 Content-Type: text/html; charset=iso-8859-1 Expires: Mon, 15 Sep 2014 08:18:23 GMT Set-Cookie: TI_PREFS=default; path=/; domain=.people.com X-Varnish: 1032495116 | clean |
http://www.people.com/people/ | 200 OK Content-Length: 126896 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="https://3980839.fls.doubleclick.net/activityi;src=3980839;type=peopl017;cat=homep1;ord=1;num=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports:
| ||
http://tiads.people.com/ads/tgx.js | 200 OK Content-Length: 50328 Content-Type: application/javascript | clean |
http://img2-2.timeinc.net/people/static/j/main.js?74 | 200 OK Content-Length: 192884 Content-Type: application/javascript | clean |
http://img2-2.timeinc.net/people/static/j/homepage/home.js?74 | 200 OK Content-Length: 112810 Content-Type: application/javascript | clean |
http://admin.brightcove.com/js/BrightcoveExperiences.js | 200 OK Content-Length: 33142 Content-Type: application/x-javascript | clean |
http://img2-2.timeinc.net/people/static/j/video/module.js | 200 OK Content-Length: 22962 Content-Type: application/javascript | clean |
http://peoplemagazine.ru//fonts.timeinc.net/xsp5fzp.js/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 15 Sep 2014 08:18:26 GMT Location: http://www.people.com Server: Apache-Coyote/1.1 Content-Length: 0 | clean |
http://www.people.com/test404page.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 15 Sep 2014 08:18:27 GMT Accept-Ranges: bytes Location: http://www.people.com/people/test404page.js Server: Apache Content-Length: 251 Content-Type: text/html; charset=iso-8859-1 X-Varnish: 1032495418 | clean |
http://www.people.com/people/test404page.js | 404 Not Found Content-Length: 1592 Content-Type: text/html | clean |
http://img.timeinc.net/tii/omniture/h/common.js | 200 OK Content-Length: 51684 Content-Type: application/javascript | clean |
http://img.timeinc.net/tii/omniture/h/config/people.js | 200 OK Content-Length: 30538 Content-Type: application/javascript | clean |
http://www.people.com/people/static/j/auth.js | 200 OK Content-Length: 9553 Content-Type: application/javascript | clean |
http://js.revsci.net/gateway/gw.js?csid=H07710 | 200 OK Content-Length: 5855 Content-Type: application/javascript | clean |
http://edge.quantserve.com/quant.js | 200 OK Content-Length: 7874 Content-Type: application/x-javascript | clean |
http://img2.timeinc.net/people/static/j/global/chartbeat.js | 200 OK Content-Length: 4374 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: peoplemagazine.ru
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 15 Sep 2014 08:18:22 GMT
Location: http://www.people.com
Server: Apache-Coyote/1.1
Content-Length: 0
...0 bytes of data.
GET / HTTP/1.1
Host: peoplemagazine.ru
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 15 Sep 2014 08:18:22 GMT
Location: http://www.people.com
Server: Apache-Coyote/1.1
Content-Length: 0
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: peoplemagazine.ru
Referer: http://www.google.com/search?q=peoplemagazine.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: peoplemagazine.ru
Referer: http://www.google.com/search?q=peoplemagazine.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=peoplemagazine.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://peoplemagazine.ru/
Result: peoplemagazine.ru is not infected or malware details are not published yet.
Result: peoplemagazine.ru is not infected or malware details are not published yet.