Scanned pages/files
| Request | Server response | Status |
http://rambler.ru/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 27 Apr 2015 18:40:59 GMT Location: http://www.rambler.ru/ Server: nginx/1.3.7 Content-Length: 184 Content-Type: text/html | clean |
http://www.rambler.ru/ | 200 OK Content-Length: 76739 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) (function(w,h){function j(a,b){var c=a.className,c=c.split?c.split(" "):[],d=c.length,e=!1,g;if(!c.length)return!1;for(g=0;g<d;g++)c[g]===b&&(e=!0);return e?!0:!1}function f(a,b,c){a.addEventListener?a.addEventListener(b,c,!1):a.attachEvent("on"+b,function(){c.call(a,window.event)})}function l(){var a;if(q)for(a=0;a<q;a++){var b=r[a].parentNode,c=b.className.split(" "),d=c.length,e=void 0;if(j(b,"r-topline__item_active"))for(e=0;e<d;e++)"r-topline__item_active"===c[e]&&d window._ExtAuth.show()},b.onreadystatechange=function(){p=!0},setTimeout(function(){p||(window.location.href=t.href)},500),a.preventDefault?a.preventDefault():a.returnValue=!1)})})(window,document); Antivirus reports:
Hidden iFrame found. size: 1x1 src: http://awaps.yandex.ru/0/9947/001001.htm <iframe src="http://awaps.yandex.ru/0/9947/001001.htm" width="1" height="1" marginwidth="0" marginheight="0" hspace="0" vspace="0" frameborder="0" scrolling="no" bordercolor="#000000" style="left: -9999px; position: absolute;"> Hidden iFrame found. size: 1x1 src: http://ads.adfox.ru/202433/getcode?p1=biozy&p2=v&p3=a&p4=a&pct=a&plp=a&pli=a&pop=a&pfc=a&pfb=a <iframe src="http://ads.adfox.ru/202433/getcode?p1=biozy&p2=v&p3=a&p4=a&pct=a&plp=a&pli=a&pop=a&pfc=a&pfb=a" frameborder="0" width="1" height="1" marginwidth="0" marginheight="0" scrolling="no" style="border: 0px; margin: 0px; padding: 0px;"> Hidden iFrame found. size: 1x1 src: http://ads.adfox.ru/202433/getcode?p1=biozy&p2=v&p3=a&p4=a&pct=a&plp=a&pli=a&pop=a&pfc=a&pfb=a&pr= <iframe src="http://ads.adfox.ru/202433/getcode?p1=biozy&p2=v&p3=a&p4=a&pct=a&plp=a&pli=a&pop=a&pfc=a&pfb=a&pr=' + pr + '&pt=b&pd=' + addate.getdate() + '&pw=' + addate.getday() + '&pv=' + addate.gethours() + '" frameborder="0" width="1" height="1" marginwidth="0" marginheight="0" scrolling="no" style="border: 0px; margin: 0px; padding: 0px;"> | ||
http://www.rambler.ru//montblanc.rambler.ru/static/js/montblanc.js/ | 404 Not Found Content-Length: 34449 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) (function(w,h){function j(a,b){var c=a.className,c=c.split?c.split(" "):[],d=c.length,e=!1,g;if(!c.length)return!1;for(g=0;g<d;g++)c[g]===b&&(e=!0);return e?!0:!1}function f(a,b,c){a.addEventListener?a.addEventListener(b,c,!1):a.attachEvent("on"+b,function(){c.call(a,window.event)})}function l(){var a;if(q)for(a=0;a<q;a++){var b=r[a].parentNode,c=b.className.split(" "),d=c.length,e=void 0;if(j(b,"r-topline__item_active"))for(e=0;e<d;e++)"r-topline__item_active"===c[e]&&d Antivirus reports:
| ||
http://www.rambler.ru//js.rl0.ru/adfox/adfox.asyn.code.ver3.js/ | 404 Not Found Content-Length: 34449 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) (function(w,h){function j(a,b){var c=a.className,c=c.split?c.split(" "):[],d=c.length,e=!1,g;if(!c.length)return!1;for(g=0;g<d;g++)c[g]===b&&(e=!0);return e?!0:!1}function f(a,b,c){a.addEventListener?a.addEventListener(b,c,!1):a.attachEvent("on"+b,function(){c.call(a,window.event)})}function l(){var a;if(q)for(a=0;a<q;a++){var b=r[a].parentNode,c=b.className.split(" "),d=c.length,e=void 0;if(j(b,"r-topline__item_active"))for(e=0;e<d;e++)"r-topline__item_active"===c[e]&&d Antivirus reports:
| ||
http://www.rambler.ru//js.rl0.ru/adfox/adfox.asyn.code.scroll.js/ | 404 Not Found Content-Length: 34449 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) (function(w,h){function j(a,b){var c=a.className,c=c.split?c.split(" "):[],d=c.length,e=!1,g;if(!c.length)return!1;for(g=0;g<d;g++)c[g]===b&&(e=!0);return e?!0:!1}function f(a,b,c){a.addEventListener?a.addEventListener(b,c,!1):a.attachEvent("on"+b,function(){c.call(a,window.event)})}function l(){var a;if(q)for(a=0;a<q;a++){var b=r[a].parentNode,c=b.className.split(" "),d=c.length,e=void 0;if(j(b,"r-topline__item_active"))for(e=0;e<d;e++)"r-topline__item_active"===c[e]&&d Antivirus reports:
| ||
http://www.rambler.ru//rambler.ru/all/ | 404 Not Found Content-Length: 34449 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) (function(w,h){function j(a,b){var c=a.className,c=c.split?c.split(" "):[],d=c.length,e=!1,g;if(!c.length)return!1;for(g=0;g<d;g++)c[g]===b&&(e=!0);return e?!0:!1}function f(a,b,c){a.addEventListener?a.addEventListener(b,c,!1):a.attachEvent("on"+b,function(){c.call(a,window.event)})}function l(){var a;if(q)for(a=0;a<q;a++){var b=r[a].parentNode,c=b.className.split(" "),d=c.length,e=void 0;if(j(b,"r-topline__item_active"))for(e=0;e<d;e++)"r-topline__item_active"===c[e]&&d Antivirus reports:
| ||
http://www.rambler.ru//www.rambler.ru/ | 404 Not Found Content-Length: 34449 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) (function(w,h){function j(a,b){var c=a.className,c=c.split?c.split(" "):[],d=c.length,e=!1,g;if(!c.length)return!1;for(g=0;g<d;g++)c[g]===b&&(e=!0);return e?!0:!1}function f(a,b,c){a.addEventListener?a.addEventListener(b,c,!1):a.attachEvent("on"+b,function(){c.call(a,window.event)})}function l(){var a;if(q)for(a=0;a<q;a++){var b=r[a].parentNode,c=b.className.split(" "),d=c.length,e=void 0;if(j(b,"r-topline__item_active"))for(e=0;e<d;e++)"r-topline__item_active"===c[e]&&d Antivirus reports:
| ||
http://www.rambler.ru/test404page.js | 404 Not Found Content-Length: 34449 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) (function(w,h){function j(a,b){var c=a.className,c=c.split?c.split(" "):[],d=c.length,e=!1,g;if(!c.length)return!1;for(g=0;g<d;g++)c[g]===b&&(e=!0);return e?!0:!1}function f(a,b,c){a.addEventListener?a.addEventListener(b,c,!1):a.attachEvent("on"+b,function(){c.call(a,window.event)})}function l(){var a;if(q)for(a=0;a<q;a++){var b=r[a].parentNode,c=b.className.split(" "),d=c.length,e=void 0;if(j(b,"r-topline__item_active"))for(e=0;e<d;e++)"r-topline__item_active"===c[e]&&d Antivirus reports:
| ||
http://rambler.ru//mc.yandex.ru/metrika/watch.js/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 27 Apr 2015 18:41:01 GMT Location: http://www.rambler.ru/mc.yandex.ru/metrika/watch.js/ Server: nginx/1.3.7 Content-Length: 184 Content-Type: text/html | clean |
http://www.rambler.ru/mc.yandex.ru/metrika/watch.js/ | 404 Not Found Content-Length: 34449 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) (function(w,h){function j(a,b){var c=a.className,c=c.split?c.split(" "):[],d=c.length,e=!1,g;if(!c.length)return!1;for(g=0;g<d;g++)c[g]===b&&(e=!0);return e?!0:!1}function f(a,b,c){a.addEventListener?a.addEventListener(b,c,!1):a.attachEvent("on"+b,function(){c.call(a,window.event)})}function l(){var a;if(q)for(a=0;a<q;a++){var b=r[a].parentNode,c=b.className.split(" "),d=c.length,e=void 0;if(j(b,"r-topline__item_active"))for(e=0;e<d;e++)"r-topline__item_active"===c[e]&&d Antivirus reports:
| ||
http://rambler.ru//dn.rambler.ru/static/js/notice.js?v=1/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 27 Apr 2015 18:41:02 GMT Location: http://www.rambler.ru/dn.rambler.ru/static/js/notice.js?v=1/ Server: nginx/1.3.7 Content-Length: 184 Content-Type: text/html | clean |
http://www.rambler.ru/dn.rambler.ru/static/js/notice.js?v=1/ | 404 Not Found Content-Length: 34449 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) (function(w,h){function j(a,b){var c=a.className,c=c.split?c.split(" "):[],d=c.length,e=!1,g;if(!c.length)return!1;for(g=0;g<d;g++)c[g]===b&&(e=!0);return e?!0:!1}function f(a,b,c){a.addEventListener?a.addEventListener(b,c,!1):a.attachEvent("on"+b,function(){c.call(a,window.event)})}function l(){var a;if(q)for(a=0;a<q;a++){var b=r[a].parentNode,c=b.className.split(" "),d=c.length,e=void 0;if(j(b,"r-topline__item_active"))for(e=0;e<d;e++)"r-topline__item_active"===c[e]&&d Antivirus reports:
| ||
http://h02.rl0.ru/3.20.69/src/js/vendor/requirejs.min.js | 200 OK Content-Length: 15218 Content-Type: application/x-javascript | clean |
http://rambler.ru//id.rambler.ru/js/extauth.min.js/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 27 Apr 2015 18:41:02 GMT Location: http://www.rambler.ru/id.rambler.ru/js/extauth.min.js/ Server: nginx/1.3.7 Content-Length: 184 Content-Type: text/html | clean |
http://www.rambler.ru/id.rambler.ru/js/extauth.min.js/ | 404 Not Found Content-Length: 34449 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) (function(w,h){function j(a,b){var c=a.className,c=c.split?c.split(" "):[],d=c.length,e=!1,g;if(!c.length)return!1;for(g=0;g<d;g++)c[g]===b&&(e=!0);return e?!0:!1}function f(a,b,c){a.addEventListener?a.addEventListener(b,c,!1):a.attachEvent("on"+b,function(){c.call(a,window.event)})}function l(){var a;if(q)for(a=0;a<q;a++){var b=r[a].parentNode,c=b.className.split(" "),d=c.length,e=void 0;if(j(b,"r-topline__item_active"))for(e=0;e<d;e++)"r-topline__item_active"===c[e]&&d Antivirus reports:
| ||
http://rambler.ru/all.shtml | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 27 Apr 2015 18:41:02 GMT Location: http://www.rambler.ru/all.shtml Server: nginx/1.3.7 Content-Length: 184 Content-Type: text/html | clean |
http://www.rambler.ru/all.shtml | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 27 Apr 2015 18:41:02 GMT Location: http://www.rambler.ru/all Server: nginx/1.3.7 Content-Length: 184 Content-Type: text/html P3P: CP="NON DSP NID ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV" Set-Cookie: dv=gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA:1430160062; path=/; expires=Thu, 31-Dec-37 23:55:55 GMT Set-Cookie: dvr=gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA:1430160062; domain=.rambler.ru; path=/; expires=Thu, 31-Dec-37 23:55:55 GMT Set-Cookie: lv=1430160062; path=/; expires=Thu, 31-Dec-37 23:55:55 GMT Set-Cookie: lvr=1430160062; domain=.rambler.ru; path=/; expires=Thu, 31-Dec-37 23:55:55 GMT Set-Cookie: ruid=AQAAAL6CPlXs2bmpAY/sAQB=; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.rambler.ru; path=/ | clean |
http://www.rambler.ru/all | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 27 Apr 2015 18:41:02 GMT Location: http://www.rambler.ru/all/ Server: nginx/1.3.7 Content-Length: 184 Content-Type: text/html P3P: CP="NON DSP NID ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV" Set-Cookie: dv=gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA:1430160062; path=/; expires=Thu, 31-Dec-37 23:55:55 GMT Set-Cookie: dvr=gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA:1430160062; domain=.rambler.ru; path=/; expires=Thu, 31-Dec-37 23:55:55 GMT Set-Cookie: lv=1430160062; path=/; expires=Thu, 31-Dec-37 23:55:55 GMT Set-Cookie: lvr=1430160062; domain=.rambler.ru; path=/; expires=Thu, 31-Dec-37 23:55:55 GMT Set-Cookie: ruid=AQAAAL6CPlXs2bmpAZDsAQB=; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.rambler.ru; path=/ | clean |
http://www.rambler.ru/all/ | 200 OK Content-Length: 33682 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) (function(w,h){function j(a,b){var c=a.className,c=c.split?c.split(" "):[],d=c.length,e=!1,g;if(!c.length)return!1;for(g=0;g<d;g++)c[g]===b&&(e=!0);return e?!0:!1}function f(a,b,c){a.addEventListener?a.addEventListener(b,c,!1):a.attachEvent("on"+b,function(){c.call(a,window.event)})}function l(){var a;if(q)for(a=0;a<q;a++){var b=r[a].parentNode,c=b.className.split(" "),d=c.length,e=void 0;if(j(b,"r-topline__item_active"))for(e=0;e<d;e++)"r-topline__item_active"===c[e]&&d Antivirus reports:
| ||
http://www.rambler.ru//dn.rambler.ru/static/js/notice.js?v=1/ | 404 Not Found Content-Length: 34449 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) (function(w,h){function j(a,b){var c=a.className,c=c.split?c.split(" "):[],d=c.length,e=!1,g;if(!c.length)return!1;for(g=0;g<d;g++)c[g]===b&&(e=!0);return e?!0:!1}function f(a,b,c){a.addEventListener?a.addEventListener(b,c,!1):a.attachEvent("on"+b,function(){c.call(a,window.event)})}function l(){var a;if(q)for(a=0;a<q;a++){var b=r[a].parentNode,c=b.className.split(" "),d=c.length,e=void 0;if(j(b,"r-topline__item_active"))for(e=0;e<d;e++)"r-topline__item_active"===c[e]&&d Antivirus reports:
| ||
http://rambler.ru/jobs/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 27 Apr 2015 18:41:06 GMT Location: http://www.rambler.ru/jobs/ Server: nginx/1.3.7 Content-Length: 184 Content-Type: text/html | clean |
http://www.rambler.ru/jobs/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 27 Apr 2015 18:41:06 GMT Location: http://rambler-co.ru/jobs Server: nginx/1.3.7 Content-Length: 184 Content-Type: text/html P3P: CP="NON DSP NID ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV" Set-Cookie: dv=gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA:1430160066; path=/; expires=Thu, 31-Dec-37 23:55:55 GMT Set-Cookie: dvr=gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA:1430160066; domain=.rambler.ru; path=/; expires=Thu, 31-Dec-37 23:55:55 GMT Set-Cookie: lv=1430160066; path=/; expires=Thu, 31-Dec-37 23:55:55 GMT Set-Cookie: lvr=1430160066; domain=.rambler.ru; path=/; expires=Thu, 31-Dec-37 23:55:55 GMT Set-Cookie: ruid=AQAAAMKCPlVJsQMOAbvZAwB=; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.rambler.ru; path=/ | clean |
http://rambler-co.ru/jobs | 200 OK Content-Length: 253245 Content-Type: text/html | clean |
http://counter.rambler.ru/top100.jcn?3014549 | 200 OK Content-Length: 6853 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: rambler.ru
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 27 Apr 2015 18:40:59 GMT
Location: http://www.rambler.ru/
Server: nginx/1.3.7
Content-Length: 184
Content-Type: text/html
...184 bytes of data.
GET / HTTP/1.1
Host: rambler.ru
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 27 Apr 2015 18:40:59 GMT
Location: http://www.rambler.ru/
Server: nginx/1.3.7
Content-Length: 184
Content-Type: text/html
...184 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: rambler.ru
Referer: http://www.google.com/search?q=rambler.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: rambler.ru
Referer: http://www.google.com/search?q=rambler.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=rambler.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://rambler.ru/
Result: rambler.ru is not infected or malware details are not published yet.
Result: rambler.ru is not infected or malware details are not published yet.