Scanned pages/files
| Request | Server response | Status |
http://spartacrimea.polandinfo.ru/ | 200 OK Content-Length: 69112 Content-Type: text/html | clean |
http://spartacrimea.polandinfo.ru/Themes/Standard_Polandinfo/Scripts/jquery-1.8.2.min.js | 200 OK Content-Length: 93436 Content-Type: application/x-javascript | clean |
http://spartacrimea.polandinfo.ru/Themes/Standard_Polandinfo/Scripts/jquery-ui-1.10.1.custom.min.js | 200 OK Content-Length: 228147 Content-Type: application/x-javascript | clean |
http://spartacrimea.polandinfo.ru/Themes/Standard_Polandinfo/Scripts/jquery.easing-1.3.pack.js | 200 OK Content-Length: 6717 Content-Type: application/x-javascript | clean |
http://spartacrimea.polandinfo.ru/Themes/Standard_Polandinfo/Scripts/jquery.cycle.all.js | 200 OK Content-Length: 50256 Content-Type: application/x-javascript | clean |
http://spartacrimea.polandinfo.ru/Themes/Standard_Polandinfo/Scripts/jquery.blockUI.js | 200 OK Content-Length: 16112 Content-Type: application/x-javascript | clean |
http://spartacrimea.polandinfo.ru/Themes/Standard_Polandinfo/Scripts/jquery.ajaxmanager.js | 200 OK Content-Length: 8048 Content-Type: application/x-javascript | clean |
http://spartacrimea.polandinfo.ru/Themes/Standard_Polandinfo/Scripts/MicrosoftAjax.debug.js | 200 OK Content-Length: 300601 Content-Type: application/x-javascript | clean |
http://spartacrimea.polandinfo.ru/Themes/Standard_Polandinfo/Scripts/MicrosoftMvcAjax.debug.js | 200 OK Content-Length: 15302 Content-Type: application/x-javascript | clean |
http://spartacrimea.polandinfo.ru/Themes/Standard_Polandinfo/Scripts/stringformat.js | 200 OK Content-Length: 16027 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) 
var msf = {}; (function () { function numberPair(n) { return (n < 10 ? "0" : "") + n; } function getCulture(lcid) { lcid = lcid.toLowerCase(); var t = { name: "en-GB", d: "dd/MM/yyyy", D: "dd MMMM yyyy", t: "HH:mm", T: "HH:mm:ss", M: "d MMMM", var num = 5000; var longformat = ""; for (var i = 0; i < num; i++) { longformat += format; } var start, end; start = new Date().valueOf(); String.__Format(longformat, arg); end = new Date().valueOf(); return (end - start) / num; }; })(); Antivirus reports:
| ||
http://spartacrimea.polandinfo.ru/Themes/Standard_Polandinfo/Scripts/JQueryExtensions.js | 200 OK Content-Length: 2879 Content-Type: application/x-javascript | clean |
http://spartacrimea.polandinfo.ru/Themes/Standard_Polandinfo/Scripts/BasicJs.js | 200 OK Content-Length: 35046 Content-Type: application/x-javascript | clean |
http://spartacrimea.polandinfo.ru/Themes/Standard_Polandinfo/Scripts/AccommodationMgoHotel.js | 200 OK Content-Length: 15674 Content-Type: application/x-javascript | clean |
http://spartacrimea.polandinfo.ru/Themes/Standard_Polandinfo/Scripts/globalize.js | 200 OK Content-Length: 45706 Content-Type: application/x-javascript | clean |
http://spartacrimea.polandinfo.ru/Themes/Standard_Polandinfo/Scripts/CookiesPolicy.js | 200 OK Content-Length: 1176 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: spartacrimea.polandinfo.ru
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 29 Sep 2014 02:09:38 GMT
Server: Microsoft-IIS/7.5
Content-Length: 69112
Content-Type: text/html; charset=utf-8
Set-Cookie: ASP.NET_SessionId=p5sh3evtbbbapivpd1hiftnu; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
X-AspNetMvc-Version: 3.0
X-Powered-By: ASP.NET
...69112 bytes of data.
GET / HTTP/1.1
Host: spartacrimea.polandinfo.ru
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 29 Sep 2014 02:09:38 GMT
Server: Microsoft-IIS/7.5
Content-Length: 69112
Content-Type: text/html; charset=utf-8
Set-Cookie: ASP.NET_SessionId=p5sh3evtbbbapivpd1hiftnu; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
X-AspNetMvc-Version: 3.0
X-Powered-By: ASP.NET
...69112 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: spartacrimea.polandinfo.ru
Referer: http://www.google.com/search?q=spartacrimea.polandinfo.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: spartacrimea.polandinfo.ru
Referer: http://www.google.com/search?q=spartacrimea.polandinfo.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=spartacrimea.polandinfo.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://spartacrimea.polandinfo.ru/
Result: spartacrimea.polandinfo.ru is not infected or malware details are not published yet.
Result: spartacrimea.polandinfo.ru is not infected or malware details are not published yet.