Scanned pages/files
Request | Server response | Status |
http://roter.3dn.ru/ | 200 OK Content-Length: 117969 Content-Type: text/html | clean |
http://s108.ucoz.net/src/jquery-1.7.2.js | 200 OK Content-Length: 94840 Content-Type: text/javascript | clean |
http://s108.ucoz.net/src/ulightbox/ulightbox.js | 200 OK Content-Length: 22097 Content-Type: text/javascript | clean |
http://s108.ucoz.net/src/uwnd.js?2 | 200 OK Content-Length: 228554 Content-Type: text/javascript | clean |
http://jb.revolvermaps.com/t.js | 200 OK Content-Length: 1494 Content-Type: application/javascript | clean |
http://roter.3dn.ru/tegi/swfobject.js | 200 OK Content-Length: 9759 Content-Type: text/javascript | clean |
http://roter.3dn.ru/widget/?44;187|200|0 | 200 OK Content-Length: 812 Content-Type: text/javascript | clean |
http://roter.3dn.ru/rssi/2 | 200 OK Content-Length: 4018 Content-Type: text/javascript | clean |
http://roter.3dn.ru/load/mixmeister_fusion_7_4_4_rus/1-1-0-159 | 200 OK Content-Length: 84388 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function addcom(f){if (document.getElementById('addcBut')){document.getElementById('addcBut').disabled=true;}else {try{document.addform.submit.disabled=true;}catch(e){}}if (document.getElementById('eMessage')){document.getElementById('eMessage').innerHTML='<span style="color:#8B8B8B"><img src="http://s108.ucoz.net/img/ma/m/i2.gif" border="0" align="absmiddle" width="13" height="13"> ÐÐ´ÐµÑ Ð¿ÐµÑедаÑа даннÑÑ
...</span>';}_uPostForm('acform',{type:'POST',url:'http://roter.3dn.ru/index/'});}var _y8M=''; function _dS(s){ var i;var r=""; var l=s.length-1; var k=s.substr(l,1); for (i=0;i<l;i++){ c=s.charCodeAt(i)-k; if(c<32){ c=127-(32-c);} r+=String.fromCharCode(c); } return r;} _y8M=_dS('Erwy~})}#ynF+qrmmnw+)wjvnF+|x|+) ju~nF+;9;9:@A<:?+)8G9'); Antivirus reports:
| ||
http://s108.ucoz.net/cgi/uutils.fcg?a=soc_comment_get_data&site=4roter | 200 OK Content-Length: 522 Content-Type: application/javascript | clean |
http://s108.ucoz.net/src/socCom.js | 200 OK Content-Length: 6344 Content-Type: text/javascript | clean |
http://wm.letitbit.net/tools/letitbit.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 16 Dec 2014 14:48:54 GMT Location: http://lib.wm-panel.com/tools/letitbit.js Server: nginx Content-Length: 185 Content-Type: text/html Set-Cookie: lrpth=dffXOqwDMmZAAcbqmcEZFnfrKnA%3d_1564222916; path=/; expires=Wed, 17-Dec-14 14:48:54 GMT X-My-Name: s6 | clean |
http://lib.wm-panel.com/tools/letitbit.js | 200 OK Content-Length: 1467 Content-Type: application/x-javascript | clean |
http://cdn.connect.mail.ru/js/loader.js | 200 OK Content-Length: 4120 Content-Type: application/x-javascript | clean |
http://roter.3dn.ru/otherlink/otherlink.js | 200 OK Content-Length: 8699 Content-Type: text/javascript | clean |
http://roter.3dn.ru/load/windows_7_maksimalnaja_sp1kh86_by_totl/1-1-0-1886 | 200 OK Content-Length: 87957 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function addcom(f){if (document.getElementById('addcBut')){document.getElementById('addcBut').disabled=true;}else {try{document.addform.submit.disabled=true;}catch(e){}}if (document.getElementById('eMessage')){document.getElementById('eMessage').innerHTML='<span style="color:#8B8B8B"><img src="http://s108.ucoz.net/img/ma/m/i2.gif" border="0" align="absmiddle" width="13" height="13"> ÐÐ´ÐµÑ Ð¿ÐµÑедаÑа даннÑÑ
...</span>';}_uPostForm('acform',{type:'POST',url:'http://roter.3dn.ru/index/'});}var _y8M=''; function _dS(s){ var i;var r=""; var l=s.length-1; var k=s.substr(l,1); for (i=0;i<l;i++){ c=s.charCodeAt(i)-k; if(c<32){ c=127-(32-c);} r+=String.fromCharCode(c); } return r;} _y8M=_dS('>kprwv"v{rg?$jkffgp$"pcog?$uqu$"xcnwg?$424239:538$"1@2'); Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: roter.3dn.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Cache-Control: no-store
Cache-Control: private
Connection: close
Date: Tue, 16 Dec 2014 14:48:46 GMT
Pragma: no-cache
Server: uServ/3.2.2
Content-Type: text/html; charset=UTF-8
Set-Cookie: 4roteruCoz=; path=/; expires=Sun, 16-Dec-2012 14:48:46 GMT; domain=.roter.3dn.ru;
Set-Cookie: 4roteruCoz=; path=/; expires=Sun, 16-Dec-2012 14:48:46 GMT; domain=.roter.3dn.ru;
Set-Cookie: 4roteruCoz=; path=/; expires=Sun, 16-Dec-2012 14:48:46 GMT; domain=.roter.3dn.ru;
Set-Cookie: 4roteruCoz=; path=/; expires=Sun, 16-Dec-2012 14:48:46 GMT; domain=.roter.3dn.ru;
Set-Cookie: 4roteruzll=1418741326; path=/; expires=Wed, 16-Dec-2015 14:48:46 GMT; domain=.roter.3dn.ru;
Set-Cookie: ucvid=mHYHE4NYE1; domain=3dn.ru; path=/; expires=Wed, 16-Dec-2015 14:48:46 GMT
GET / HTTP/1.1
Host: roter.3dn.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Cache-Control: no-store
Cache-Control: private
Connection: close
Date: Tue, 16 Dec 2014 14:48:46 GMT
Pragma: no-cache
Server: uServ/3.2.2
Content-Type: text/html; charset=UTF-8
Set-Cookie: 4roteruCoz=; path=/; expires=Sun, 16-Dec-2012 14:48:46 GMT; domain=.roter.3dn.ru;
Set-Cookie: 4roteruCoz=; path=/; expires=Sun, 16-Dec-2012 14:48:46 GMT; domain=.roter.3dn.ru;
Set-Cookie: 4roteruCoz=; path=/; expires=Sun, 16-Dec-2012 14:48:46 GMT; domain=.roter.3dn.ru;
Set-Cookie: 4roteruCoz=; path=/; expires=Sun, 16-Dec-2012 14:48:46 GMT; domain=.roter.3dn.ru;
Set-Cookie: 4roteruzll=1418741326; path=/; expires=Wed, 16-Dec-2015 14:48:46 GMT; domain=.roter.3dn.ru;
Set-Cookie: ucvid=mHYHE4NYE1; domain=3dn.ru; path=/; expires=Wed, 16-Dec-2015 14:48:46 GMT
Second query (visit from search engine):
GET / HTTP/1.1
Host: roter.3dn.ru
Referer: http://www.google.com/search?q=roter.3dn.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: roter.3dn.ru
Referer: http://www.google.com/search?q=roter.3dn.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=roter.3dn.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://roter.3dn.ru/
Result: roter.3dn.ru is not infected or malware details are not published yet.
Result: roter.3dn.ru is not infected or malware details are not published yet.