See: http://killmalware.com/kinogo-net-2015.ru/
Nothing: http://zulu.zscaler.com/submission/show/7f3871afd72764324ba0a47e053afce1-1438434951
Nothing: https://www.virustotal.com/nl/url/99046a71ed3b132d2f8df16774275bdb239f9a3d6db8b548ec62641cc6dd10c1/analysis/1438435162/
System Details:
Running on: nginx/1.2.1
Powered by: PHP/5.4.41-0+deb7u1
Outdated Web Server Nginx Found: nginx/1.2.1
Problems for external link: https://www.eff.org/https-everywhere/atlas/domains/yastatic.net.html
Spyware from -counter.yadro.ru?
Also consider 2 potentially suspicious files found up by Quttera’s: http://quttera.com/detailed_report/kinogo-net-2015.ru
Too low entropy detected in string [[‘J cR;J fc='';I 1c(3y){J 8E=B;J bQ=;J C;J 7s;J c6='';J aF=U;J eJ=U;J bX=U;J 4M=U;J 5g=U;J cE=U;’]] of length 91184 which may point to obfuscation or shellcode.
and potentially suspicious PHP: File name: /templates/newfilmz/carusel/jquery.elegantcarousel.min_ob.js
[[\x68\x6F\x72\x69\x7A]]
obfuscated vars.json code used, not uncommon.
polonus