Malicious/Suspicious Redirects
| Request | Server response | Status |
URL: http://www.tkdtmb.ru/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: www.tkdtmb.ru Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Cache-Control: post-check=0, pre-check=0 Connection: close Date: Sat, 13 Sep 2014 00:33:29 GMT Pragma: no-cache Location: http://web-redirect.ru/?web Server: nginx Content-Type: text/html; charset=utf-8 Expires: Mon, 1 Jan 2001 00:00:00 GMT Last-Modified: Sat, 13 Sep 2014 00:33:29 GMT P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Set-Cookie: _cutt_caches_images=1410568409; expires=Sun, 14-Sep-2014 00:33:29 GMT; path=/ Set-Cookie: 95834c21581a673f0f48d51d0f075509=5nrlk1udtb2u1ravk5ph1h4vg6; path=/ X-Powered-By: PHP/5.4.25 | malicious |
URL: http://web-redirect.ru/?web (imitation of visitor from search engine) GET /?web HTTP/1.1 Host: web-redirect.ru Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 302 Found Cache-Control: max-age=0 Connection: close Date: Sat, 13 Sep 2014 00:33:29 GMT Pragma: no-cache Location: http://kuhnigalina.ru/components/com_weblinks/2/separator.php Server: nginx/1.0.15 Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Thu, 21 Jul 1977 07:30:00 GMT Last-Modified: Sat, 13 Sep 2014 00:33:29 GMT X-Powered-By: PHP/5.3.3 | suspicious |
Scanned pages/files
| Request | Server response | Status |
http://www.tkdtmb.ru/ | 200 OK Content-Length: 41659 Content-Type: text/html | clean |
http://www.tkdtmb.ru/cache/template/js.php?id=161588a3e551ae33294c0d42ae940edc | 200 OK Content-Length: 74305 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var MooTools={version:'1.12'};function $defined(obj){return(obj!=undefined);};function $type(obj){if(!$defined(obj))return false;if(obj.htmlElement)return'element';var type=typeof obj;if(type=='object'&&obj.nodeName){switch(obj.nodeType){case 1:return'element';case 3:return(/\S/).test(obj.nodeValue)?'textnode':'whitespace';}} if(type=='object'||type=='function'){switch(obj.constructor){case Array:return'array';case RegExp:return'regexp';case Class:return'class';} if(typeof obj.le Antivirus reports:
| ||
http://www.tkdtmb.ru/cache/template/js.php?id=4c1fd15f9225a13e38a905d003d69d1b | 200 OK Content-Length: 1072 Content-Type: application/x-javascript | clean |
http://www.tkdtmb.ru/cache/template/js.php?id=83991dfe07fb4a7575458e5359a24d4e | 200 OK Content-Length: 93205 Content-Type: application/x-javascript | clean |
http://www.tkdtmb.ru/cache/template/js.php?id=f4005594d2c0775ec9fcbbf9292b68e6 | 200 OK Content-Length: 15243 Content-Type: application/x-javascript | clean |
http://www.tkdtmb.ru//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js/ | 404 Not Found Content-Length: 1402 Content-Type: text/html | clean |
http://www.tkdtmb.ru/test404page.js | 404 Not Found Content-Length: 1402 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=tkdtmb.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://tkdtmb.ru/
Result: tkdtmb.ru is not infected or malware details are not published yet.
Result: tkdtmb.ru is not infected or malware details are not published yet.