Scanned pages/files
Request | Server response | Status |
http://poleznaya-statya.ru/ | 200 OK Content-Length: 78829 Content-Type: text/html | clean |
http://poleznaya-statya.ru/wp-includes/js/jquery/jquery.js?ver=1.11.0 | 200 OK Content-Length: 96402 Content-Type: application/x-javascript | clean |
http://poleznaya-statya.ru/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/x-javascript | clean |
http://poleznaya-statya.ru/wp-content/themes/Choco/chocotheme/js/fn.js | 200 OK Content-Length: 81 Content-Type: application/x-javascript | clean |
http://odnaknopka.ru/wp/ok3.utf8.js | 200 OK Content-Length: 3450 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function NewOdnaknopka3() {
this.domain=location.href+'/'; this.domain=this.domain.substr(this.domain.indexOf('://')+3); this.domain=this.domain.substr(0,this.domain.indexOf('/')); this.location=false; this.wpurl=false; this.wptitle=false; this.selection=function() { var sel; if (window.getSelection) sel=window.getSelection(); else if (document.selection) sel=document.selection.createRange(); else sel=''; if (sel.text) sel=sel.text; } html+='</div>'; document.write(html); } } odnaknopka3=new NewOdnaknopka3(); function okbm(url,title) { odnaknopka3.wp(url,title); odnaknopka3.init(); } Antivirus reports:
| ||
http://poleznaya-statya.ru/wp-content/plugins/wp-cumulus/swfobject.js | 200 OK Content-Length: 5955 Content-Type: application/x-javascript | clean |
http://poleznaya-statya.ru/karta-sajta | 200 OK Content-Length: 102960 Content-Type: text/html | clean |
http://poleznaya-statya.ru/feed/rss | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 14 May 2014 14:25:48 GMT ETag: "fcb2fe07d5946e4b159e492066fc1809" Location: http://poleznaya-statya.ru/feed Server: nginx/0.7.67 Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8 Last-Modified: Thu, 01 May 2014 17:35:15 GMT X-Pingback: http://poleznaya-statya.ru/xmlrpc.php X-Powered-By: PHP/5.3.3-7+squeeze18 | clean |
http://poleznaya-statya.ru/feed | 200 OK Content-Length: 73391 Content-Type: text/xml | clean |
http://poleznaya-statya.ru/wp-content/uploads/2014/04/tropicheskii-interier-i-ego-pravila.jpg | 200 OK Content-Length: 52760 Content-Type: image/jpeg | clean |
http://poleznaya-statya.ru/test404page.js | 404 Not Found Content-Length: 32446 Content-Type: text/html | clean |
http://poleznaya-statya.ru/category/hi-tech | 200 OK Content-Length: 42939 Content-Type: text/html | clean |
http://poleznaya-statya.ru/hi-tech/dostup-k-elektronnoj-pochte.html | 200 OK Content-Length: 42131 Content-Type: text/html | clean |
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 19828 Content-Type: text/javascript | clean |
http://tweetmeme.com/i/scripts/button.js | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=86400 Connection: close Date: Wed, 14 May 2014 14:25:52 GMT Location: http://tweetmeme.com/ Server: nginx Content-Length: 178 Content-Type: text/html Expires: Thu, 15 May 2014 14:25:52 GMT X-Served-By: h03 | clean |
http://tweetmeme.com/ | 200 OK Content-Length: 1833 Content-Type: text/html | clean |
http://tweetmeme.com/js/vendor/jquery-1.9.1.min.js | 200 OK Content-Length: 92630 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: poleznaya-statya.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 14 May 2014 14:25:43 GMT
Server: nginx/0.7.67
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
X-Pingback: http://poleznaya-statya.ru/xmlrpc.php
X-Powered-By: PHP/5.3.3-7+squeeze18
GET / HTTP/1.1
Host: poleznaya-statya.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 14 May 2014 14:25:43 GMT
Server: nginx/0.7.67
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
X-Pingback: http://poleznaya-statya.ru/xmlrpc.php
X-Powered-By: PHP/5.3.3-7+squeeze18
Second query (visit from search engine):
GET / HTTP/1.1
Host: poleznaya-statya.ru
Referer: http://www.google.com/search?q=poleznaya-statya.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: poleznaya-statya.ru
Referer: http://www.google.com/search?q=poleznaya-statya.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=poleznaya-statya.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://poleznaya-statya.ru/
Result: poleznaya-statya.ru is not infected or malware details are not published yet.
Result: poleznaya-statya.ru is not infected or malware details are not published yet.