Scanned pages/files
Request | Server response | Status |
http://truba-snab.ru/ | 200 OK Content-Length: 4337 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 1x0 src: http://www.youtube.com/embed/xjnv0ksm5ug?rel=1&autoplay=1&version=3&autohide=0&theme=dark <iframe width="1" height="0" src="http://www.youtube.com/embed/xjnv0ksm5ug?rel=1&autoplay=1&version=3&autohide=0&theme=dark"> Deface/Content modification. The following signature was found: Hacked By Mr Daryl <!doctype html> <html> <head> <meta charset="UTF-8"> <title>Hacked By Mr Daryl</title> <meta name="generator" content="WYSIWYG Web Builder 9 - http://www.wysiwygwebbuilder.com"> <style type="text/css"> body { font-size: 8px; line-height: 1.1875; margin: 0; padding: 0; background-color: #000000; color: #000000; } </style> <style type="text/css"> a { color: #0000FF; text-decoration: underl ...[4784 bytes skipped]... | ||
http://truba-snab.ru/swfobject.js | HTTP/1.1 302 Found Connection: close Date: Sun, 15 Jun 2014 14:56:08 GMT Location: http://goo.gl/1SLEHX Server: Jino.ru/mod_pizza Content-Length: 204 Content-Type: text/html | clean |
http://goo.gl/1slehx | 404 Not Found Content-Length: 4438 Content-Type: text/html | clean |
http://goo.gl/static/0045.urlshortener.js | 200 OK Content-Length: 66060 Content-Type: text/javascript | clean |
http://truba-snab.ru//www.google.com/support/websearch/bin/answer.py?answer=190768/ | HTTP/1.1 302 Found Connection: close Date: Sun, 15 Jun 2014 14:56:08 GMT Location: http://goo.gl/1SLEHX Server: Jino.ru/mod_pizza Content-Length: 204 Content-Type: text/html | clean |
http://goo.gl/test404page.js | 404 Not Found Content-Length: 4446 Content-Type: text/html | clean |
http://goo.gl/ | HTTP/1.1 302 Moved Temporarily Cache-Control: private, max-age=0 Connection: close Date: Sun, 15 Jun 2014 14:56:09 GMT Location: https://www.google.com/accounts/ServiceLogin?service=urlshortener&continue=http://goo.gl/?authed%3D1&followup=http://goo.gl/?authed%3D1&passive=true&go=true Server: GSE Content-Type: text/html; charset=UTF-8 Expires: Sun, 15 Jun 2014 14:56:09 GMT Alternate-Protocol: 80:quic Set-Cookie: authed=1;Path=/ X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block | clean |
https://www.google.com/accounts/servicelogin?service=urlshortener&continue=http://goo.gl/?authed%3d1&followup=http://goo.gl/?authed%3d1&passive=true&go=true | HTTP/1.1 302 Moved Temporarily Cache-Control: private, max-age=0 Connection: close Date: Sun, 15 Jun 2014 14:56:09 GMT Location: https://accounts.google.com/servicelogin?service=urlshortener&continue=http%3A%2F%2Fgoo.gl%2F%3Fauthed%3D1&followup=http%3A%2F%2Fgoo.gl%2F%3Fauthed%3D1&passive=true&go=true Server: GSE Content-Length: 370 Content-Type: text/html; charset=UTF-8 Expires: Sun, 15 Jun 2014 14:56:09 GMT X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block | clean |
https://accounts.google.com/servicelogin?service=urlshortener&continue=http%3a%2f%2fgoo.gl%2f%3fauthed%3d1&followup=http%3a%2f%2fgoo.gl%2f%3fauthed%3d1&passive=true&go=true | HTTP/1.1 200 OK Cache-Control: private, max-age=0 Connection: close Date: Sun, 15 Jun 2014 14:56:09 GMT Server: GSE Content-Length: 1491 Content-Type: text/html; charset=UTF-8 Expires: Sun, 15 Jun 2014 14:56:09 GMT Alternate-Protocol: 443:quic Set-Cookie: GAPS=1:Fab9RJLA4Qtg6o3QUTRMf33uFSQGRA:lVkll0qD-OM9VgrS;Path=/;Expires=Tue, 14-Jun-2016 14:56:09 GMT;Secure;HttpOnly;Priority=HIGH Strict-Transport-Security: max-age=10893354; includeSubDomains X-Content-Type-Options: nosniff X-Frame-Options: DENY X-XSS-Protection: 1; mode=block | clean |
https://accounts.google.com/& | 404 Not Found Content-Length: 23425 Content-Type: text/html | clean |
https://accounts.google.com/TOS?loc=LT&hl=en | HTTP/1.1 302 Moved Temporarily Cache-Control: no-cache, no-store Connection: close Date: Sun, 15 Jun 2014 14:56:09 GMT Pragma: no-cache Location: https://www.google.lt/intl/en/policies/terms/ Server: GSE Content-Length: 227 Content-Type: text/html; charset=UTF-8 Expires: Mon, 01-Jan-1990 00:00:00 GMT Alternate-Protocol: 443:quic Set-Cookie: GoogleAccountsLocale_session=en; Path=/; Secure; HttpOnly Strict-Transport-Security: max-age=10893354; includeSubDomains X-Content-Type-Options: nosniff X-Frame-Options: DENY X-XSS-Protection: 1; mode=block | clean |
https://www.google.lt/intl/en/policies/terms/ | HTTP/1.1 200 OK Cache-Control: private, max-age=0 Connection: close Date: Sun, 15 Jun 2014 14:56:10 GMT Server: sffe Vary: Accept-Encoding Content-Type: text/html Expires: Sun, 15 Jun 2014 14:56:10 GMT Last-Modified: Tue, 24 Jan 2012 14:44:29 GMT X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block | clean |
https://www.google.lt/intl/en/policies/terms/regional.html | 200 OK Content-Length: 20900 Content-Type: text/html | clean |
https://www.google.lt//www.google.com/js/google.js/ | 404 Not Found Content-Length: 1438 Content-Type: text/html | clean |
https://www.google.lt//www.google.com/ | 404 Not Found Content-Length: 1425 Content-Type: text/html | clean |
http://www.google.lt/test404page.js | 404 Not Found Content-Length: 1439 Content-Type: text/html | clean |
http://www.google.lt//www.google.com/ | 404 Not Found Content-Length: 1440 Content-Type: text/html | clean |
https://accounts.google.com//www.google.com/js/maia.js/ | 404 Not Found Content-Length: 23425 Content-Type: text/html | clean |
http://goo.gl//www.google.com/support/websearch/bin/answer.py?answer=190768/ | 404 Not Found Content-Length: 4493 Content-Type: text/html | clean |
http://goo.gl//www.google.com/privacy.html/ | 404 Not Found Content-Length: 4460 Content-Type: text/html | clean |
http://goo.gl//www.google.com/accounts/TOS/ | 404 Not Found Content-Length: 4460 Content-Type: text/html | clean |
http://goo.gl//www.google.com/ | 404 Not Found Content-Length: 4447 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: truba-snab.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 15 Jun 2014 14:56:07 GMT
Accept-Ranges: bytes
ETag: "9ef4e-10f1-4fa592c78f300"
Server: Jino.ru/mod_pizza
Content-Length: 4337
Content-Type: text/html; charset=utf-8
Last-Modified: Tue, 27 May 2014 03:20:12 GMT
...4337 bytes of data.
GET / HTTP/1.1
Host: truba-snab.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 15 Jun 2014 14:56:07 GMT
Accept-Ranges: bytes
ETag: "9ef4e-10f1-4fa592c78f300"
Server: Jino.ru/mod_pizza
Content-Length: 4337
Content-Type: text/html; charset=utf-8
Last-Modified: Tue, 27 May 2014 03:20:12 GMT
...4337 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: truba-snab.ru
Referer: http://www.google.com/search?q=truba-snab.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: truba-snab.ru
Referer: http://www.google.com/search?q=truba-snab.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=truba-snab.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://truba-snab.ru/
Result: truba-snab.ru is not infected or malware details are not published yet.
Result: truba-snab.ru is not infected or malware details are not published yet.