Scanned pages/files
Request | Server response | Status |
http://www.crocko.com/436c80bb1faf49ec8de5e52c990e8142/db.7z | 200 OK Content-Length: 19158 Content-Type: text/html | clean |
https://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js | 200 OK Content-Length: 91342 Content-Type: text/javascript | clean |
http://i3.putags.com/53/76/38/5376386163e1fa62009c64851598f1bb.js | 200 OK Content-Length: 3562 Content-Type: application/x-javascript | clean |
http://www.crocko.com//mc.yandex.ru/metrika/watch.js/ | 404 Not Found Content-Length: 7935 Content-Type: text/html | clean |
http://ads.cpxinteractive.com/ttj?id=1121620&size=728x90 | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, private Date: Mon, 20 Jan 2014 23:10:48 GMT Pragma: no-cache Location: http://ib.adnxs.com/ttj?id=1121620&size=728x90 Content-Length: 0 Content-Type: text/html; charset=ISO-8859-1 Expires: Sat, 15 Nov 2008 16:00:00 GMT P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" X-XSS-Protection: 0 | clean |
http://ib.adnxs.com/ttj?id=1121620&size=728x90 | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, private Date: Mon, 20 Jan 2014 23:10:49 GMT Pragma: no-cache Location: http://ib.adnxs.com/bounce?%2Fttj%3Fid%3D1121620%26size%3D728x90 Content-Length: 0 Content-Type: text/html; charset=ISO-8859-1 Expires: Sat, 15 Nov 2008 16:00:00 GMT P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Set-Cookie: sess=1; path=/; expires=Tue, 21-Jan-2014 23:10:49 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: uuid2=7864821563273634623; path=/; expires=Sun, 20-Apr-2014 23:10:49 GMT; domain=.adnxs.com; HttpOnly X-XSS-Protection: 0 | clean |
http://ib.adnxs.com/bounce?%2fttj%3fid%3d1121620%26size%3d728x90 | 200 OK Content-Length: 820 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<a href="http://ams1.ib.adnxs.com/click?uB6F61G4nj8K16NwPQqXP1g5tMh2vq8_CtejcD0Klz-4HoXrUbieP9V1_kRvqKMZ4iK7xBWTSyf5rN1SAAAAAFQdEQAdAgAAcgcAAAIAAAAlUmcAIPoCAAAAAQBVU0QAVVNEANgCWgAkAwAAWcYAAgUCAQIAAAAA7yTVUQAAAAA./cnd=%21vgUsMwin12cQpaSdAxig9AsgAA../clickenc=http%3A%2F%2Faffhit.com%2Fsl-lt-hjm98psv%2F%3Faid%3D4398%26token%3Dams1COLF7KXc4uSlJxACGNXr-af0jerRGSINNzguMTU4LjExLjIyNigBMPnZ9pYF" target="_blank"><img width="728" height="90" style="border-style: none" src="http://cdn.adnxs.com/p/1e/a2/c4/54/1ea2c4543883416a87202e1052eee437.gif"/></a>');document.write('<img src="http://b.scorecardresearch.com/p?c1=8&c2=6035951&c3=163902&c4=&c5=&c6=&c15=&cv=2.0&cj=20" style="display:none" width="1" height="1"/>');document.write('<scr' + 'ipt src="http://cdn.adnxs.com/ANX_async_usersync.js"></scr'+'ipt>'); Antivirus reports:
| ||
http://ads.ad4game.com/www/delivery/apu.php?n=&zoneid=29653&popunder=1&direct=1&resizable=1&scrollbars=1 | 200 OK Content-Length: 28817 Content-Type: application/x-javascript | clean |
http://www.crocko.com/ | 200 OK Content-Length: 22251 Content-Type: text/html | clean |
http://www.crocko.com/js/main.js | 200 OK Content-Length: 8092 Content-Type: application/x-javascript | clean |
http://www.crocko.com/js/swfupload/swfupload.js | 200 OK Content-Length: 55257 Content-Type: application/x-javascript | clean |
http://www.crocko.com/js/upload.js | 200 OK Content-Length: 8488 Content-Type: application/x-javascript | clean |
https://www.crocko.com/ | 200 OK Content-Length: 22189 Content-Type: text/html | clean |
https://www.crocko.com/js/main.js | 200 OK Content-Length: 8092 Content-Type: application/x-javascript | clean |
https://www.crocko.com/js/swfupload/swfupload.js | 200 OK Content-Length: 55257 Content-Type: application/x-javascript | clean |
https://www.crocko.com/js/upload.js | 200 OK Content-Length: 8488 Content-Type: application/x-javascript | clean |
https://www.crocko.com//mc.yandex.ru/metrika/watch.js/ | 404 Not Found Content-Length: 7935 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: crocko.com
Result:
GET / HTTP/1.1
Host: crocko.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: crocko.com
Referer: http://www.google.com/search?q=crocko.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: crocko.com
Referer: http://www.google.com/search?q=crocko.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=crocko.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://crocko.com/
Result: crocko.com is not infected or malware details are not published yet.
Result: crocko.com is not infected or malware details are not published yet.