Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=xxxochu.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://xxxochu.ru/
Result: The website is marked by Yandex as SMS-fraud resource. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as SMS-fraud resource. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://xxxochu.ru/ | 200 OK Content-Length: 116310 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) mambo.use('{mambo.project}Login', function(){ mambo.project.Login({ lang: { error: "Error", login: ["Please enter your username"], password: "Please enter your password" }, unusualPlace: '', noUseAjax: false }); }); Antivirus reports:
| ||
http://images.wambacdn.net/images/default2/default/jsCore/mambo/stats/Stats.min.js?v=201408251124 | 200 OK Content-Length: 3132 Content-Type: application/x-javascript | clean |
http://images.wambacdn.net/images/default2/default/lib_versions.js?v=201412121227 | 200 OK Content-Length: 54467 Content-Type: application/x-javascript | clean |
http://images.wambacdn.net/images/default2/default/Resources/polyfill.js | 200 OK Content-Length: 7223 Content-Type: application/x-javascript | clean |
http://images.wambacdn.net/images/default2/default/Resources/jquery-1.11.1.min.js?v=201412041201 | 200 OK Content-Length: 96476 Content-Type: application/x-javascript | clean |
http://images.wambacdn.net/images/default2/default/Resources/jquery-migrate-1.2.1.min.js?v=201412041201 | 200 OK Content-Length: 7085 Content-Type: application/x-javascript | clean |
http://images.wambacdn.net/images/default2/default/Resources/lodash.4.2.1.compat.min.js?v=201412041201 | 200 OK Content-Length: 30740 Content-Type: application/x-javascript | clean |
http://images.wambacdn.net/images/default2/default/Resources/knockout-3.2.0.js?v=201412041201 | 200 OK Content-Length: 53727 Content-Type: application/x-javascript | clean |
http://images.wambacdn.net/images/default2/default/Resources/rx.all.compat.js?v=201412041201 | 200 OK Content-Length: 92485 Content-Type: application/x-javascript | clean |
http://images.wambacdn.net/images/default2/default/Resources/require.js?v=201412041201 | 200 OK Content-Length: 16833 Content-Type: application/x-javascript | clean |
http://images.wambacdn.net/images/default2/default/Resources/code.js?v=201412031732 | 200 OK Content-Length: 8310 Content-Type: application/x-javascript | clean |
http://images.wambacdn.net/images/default2/default/Resources/components.js?v=201412121227 | 200 OK Content-Length: 17169 Content-Type: application/x-javascript | clean |
http://images.wambacdn.net/images/default2/default/jsCore/lang/en.js?v=201409251349 | 200 OK Content-Length: 542 Content-Type: application/x-javascript | clean |
http://images.wambacdn.net/images/default2/default/jsCore/build/core.js?v=201412121227 | 200 OK Content-Length: 168632 Content-Type: application/x-javascript | clean |
http://images.wambacdn.net/images/default2/default/libs/angular.js/1.2.16/angular.min.js?v=201406161644 | 200 OK Content-Length: 104453 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: xxxochu.ru
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: private
Connection: close
Date: Sun, 14 Dec 2014 09:57:12 GMT
Pragma: no-cache
Server: nginx/1.7.2
Content-Type: text/html; charset=utf-8
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://www.mamba.ru/w3c/p3p.xml", CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Set-Cookie: return_token=YYP7XtHPACx5h7cVySPUFGgBMZdvOfXQ; expires=Mon, 14-Dec-2015 09:57:12 GMT; Max-Age=31536000; path=/; domain=.xxxochu.ru; httponly
Set-Cookie: s_post=5EpDK5hdjvJ5WjD9BTUSowDu3MZMTB5C; path=/; domain=xxxochu.ru; httponly
Set-Cookie: mmbsid=YjKLUvjgasbe1xqVGWdP1QdZ6dAQU44f_20141214125712_.xxxochu.ru; path=/; domain=xxxochu.ru; httponly
X-Frame-Options: SAMEORIGIN
X-MMB-Powerd-By: wwwnew8
X-MMB-Ver: 227.5
X-Powered-By: PHP/5.5.11
GET / HTTP/1.1
Host: xxxochu.ru
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: private
Connection: close
Date: Sun, 14 Dec 2014 09:57:12 GMT
Pragma: no-cache
Server: nginx/1.7.2
Content-Type: text/html; charset=utf-8
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://www.mamba.ru/w3c/p3p.xml", CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Set-Cookie: return_token=YYP7XtHPACx5h7cVySPUFGgBMZdvOfXQ; expires=Mon, 14-Dec-2015 09:57:12 GMT; Max-Age=31536000; path=/; domain=.xxxochu.ru; httponly
Set-Cookie: s_post=5EpDK5hdjvJ5WjD9BTUSowDu3MZMTB5C; path=/; domain=xxxochu.ru; httponly
Set-Cookie: mmbsid=YjKLUvjgasbe1xqVGWdP1QdZ6dAQU44f_20141214125712_.xxxochu.ru; path=/; domain=xxxochu.ru; httponly
X-Frame-Options: SAMEORIGIN
X-MMB-Powerd-By: wwwnew8
X-MMB-Ver: 227.5
X-Powered-By: PHP/5.5.11
Second query (visit from search engine):
GET / HTTP/1.1
Host: xxxochu.ru
Referer: http://www.google.com/search?q=xxxochu.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: xxxochu.ru
Referer: http://www.google.com/search?q=xxxochu.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.