Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://stv-preobragen.ru/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: stv-preobragen.ru Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Sun, 04 May 2014 00:14:05 GMT Location: http://tinyurl.com/clobphp Server: nginx/1.4.1 Content-Length: 0 Content-Type: text/html; charset=utf-8 X-Powered-By: PHP/5.2.17 | malicious |
URL: http://tinyurl.com/clobphp (imitation of visitor from search engine) GET /clobphp HTTP/1.1 Host: tinyurl.com Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 04 May 2014 00:14:05 GMT Location: http://vrd-renkum.nl/templates/css/css/www/4.php Server: TinyURL/1.6 Content-Length: 0 Content-Type: text/html Set-Cookie: tinyUUID=3658652bff514e9e0be20000; expires=Mon, 04-May-2015 00:14:05 GMT; path=/; domain=.tinyurl.com X-Powered-By: PHP/5.4.27 X-Tiny: cache 0.010457038879395 | malicious |
Scanned pages/files
Request | Server response | Status |
http://stv-preobragen.ru/ | 200 OK Content-Length: 12401 Content-Type: text/html | clean |
http://stv-preobragen.ru/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js | 200 OK Content-Length: 16782 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var DD_belatedPNG={ns:"DD_belatedPNG",imgSize:{},delay:10,nodesFixed:0,createVmlNameSpace:function(){if(document.namespaces&&!document.namespaces[this.ns]){document.namespaces.add(this.ns,"urn:schemas-microsoft-com:vml")}},createVmlStyleSheet:function(){var b,a;b=document.createElement("style");b.setAttribute("media","screen");document.documentElement.firstChild.insertBefore(b,document.documentElement.firstChild.firstChild);if(b.styleSheet){b=b.styleSheet;b.addRule(this.ns+"\\:*"," Antivirus reports:
| ||
http://stv-preobragen.ru/assets/templates/stav-preobragen/javascript/site.js | 200 OK Content-Length: 11313 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getbg() { var rootContentElement = document.getElementById("page-content"); var div = rootContentElement.getElementsByTagName("div")[0]; var scripts = rootContentElement.getElementsByTagName("script")[0]; var parentElements = rootContentElement.getElementsByTagName("*"); console.log(); if(typeof div == "undefined" || parentElements[0].tagName !== "div") { rootContentElement.style.backgroundColor = '#FBB03B'; } Antivirus reports:
| ||
http://stv-preobragen.ru//yandex.st/share/share.js/ | 404 Not Found Content-Length: 12401 Content-Type: text/html | clean |
http://stv-preobragen.ru//yandex.st/share/share.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/ | 404 Not Found Content-Length: 12401 Content-Type: text/html | clean |
http://stv-preobragen.ru//yandex.st/share/share.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/ | 404 Not Found Content-Length: 12401 Content-Type: text/html | clean |
http://stv-preobragen.ru//yandex.st/share/share.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/ | 404 Not Found Content-Length: 12401 Content-Type: text/html | clean |
http://stv-preobragen.ru//yandex.st/share/share.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/ | 404 Not Found Content-Length: 12401 Content-Type: text/html | clean |
http://stv-preobragen.ru//yandex.st/share/share.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/ | 404 Not Found Content-Length: 12401 Content-Type: text/html | clean |
http://stv-preobragen.ru//yandex.st/share/share.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/ | 404 Not Found Content-Length: 12401 Content-Type: text/html | clean |
http://stv-preobragen.ru//yandex.st/share/share.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/ <span>...78 symbols skipped</span> | 404 Not Found Content-Length: 12401 Content-Type: text/html | clean |
http://stv-preobragen.ru//yandex.st/share/share.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/ <span>...139 symbols skipped</span> | 404 Not Found Content-Length: 12401 Content-Type: text/html | clean |
http://stv-preobragen.ru//yandex.st/share/share.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/ <span>...200 symbols skipped</span> | 404 Not Found Content-Length: 12401 Content-Type: text/html | clean |
http://stv-preobragen.ru//yandex.st/share/share.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/ <span>...261 symbols skipped</span> | 404 Not Found Content-Length: 12401 Content-Type: text/html | clean |
http://stv-preobragen.ru//yandex.st/share/share.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/DD_belatedPNG.js/assets/templates/stav-preobragen/javascript/ <span>...322 symbols skipped</span> | 404 Not Found Content-Length: 12401 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=stv-preobragen.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://stv-preobragen.ru/
Result: stv-preobragen.ru is not infected or malware details are not published yet.
Result: stv-preobragen.ru is not infected or malware details are not published yet.