Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=tsca.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://tsca.ru/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Malicious/Suspicious Redirects
| Request | Server response | Status |
URL: http://tsca.ru/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: tsca.ru Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Tue, 30 Sep 2014 16:28:37 GMT Location: http://alfsystem.com.my/includes/domit/1.php Server: Apache/2.2.17 (Unix) PHP/5.2.17 Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.2.17 | malicious |
URL: http://alfsystem.com.my/includes/domit/1.php (imitation of visitor from search engine) GET /includes/domit/1.php HTTP/1.1 Host: alfsystem.com.my Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Tue, 30 Sep 2014 16:28:37 GMT Location: http://www.csra.de/includes/domit/1.php Server: Apache Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.4.33 | malicious |
Scanned pages/files
| Request | Server response | Status |
http://tsca.ru/ | 200 OK Content-Length: 38048 Content-Type: text/html | clean |
http://tsca.ru/media/system/js/caption.js | 200 OK Content-Length: 1837 Content-Type: application/x-javascript | clean |
http://tsca.ru/modules/mod_yj_live_search/mod_yj_live_search/script/LiveSearch.js | 200 OK Content-Length: 3664 Content-Type: application/x-javascript | clean |
http://tsca.ru/modules/mod_flipphoto_pro/swfobject.js | 200 OK Content-Length: 6887 Content-Type: application/x-javascript | clean |
http://tsca.ru/modules/mod_flipphoto_pro/js/flashscript.js | 200 OK Content-Length: 2417 Content-Type: application/x-javascript | clean |
http://tsca.ru/templates/untitled/script.js | 200 OK Content-Length: 15157 Content-Type: application/x-javascript | clean |
http://odnaknopka.ru/ok2.js | 200 OK Content-Length: 6105 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function NewOdnaknopka2() {
this.domain=location.href+'/'; this.domain=this.domain.substr(this.domain.indexOf('://')+3); this.domain=this.domain.substr(0,this.domain.indexOf('/')); this.location=false; this.selection=function() { var sel; if (window.getSelection) sel=window.getSelection(); else if (document.selection) sel=document.selection.createRange(); else sel=''; if (sel.text) sel=sel.text; return encodeURIComponent(sel); } th } } odnaknopka2=new NewOdnaknopka2(); odnaknopka2.init(); Antivirus reports:
| ||
http://www.informer.ru/js/weather_eye_01/17.js | 200 OK Content-Length: 560 Content-Type: application/x-javascript | clean |
http://userapi.com/js/api/openapi.js?34 | 200 OK Content-Length: 64013 Content-Type: application/x-javascript | clean |
http://tsca.ru//mc.yandex.ru/metrika/watch.js/ | 404 Not Found Content-Length: 310 Content-Type: text/html | clean |
http://tsca.ru/test404page.js | 404 Not Found Content-Length: 283 Content-Type: text/html | clean |