-counter.yadro.ru,88.212.201.195,Multiple IPs,
88.212.196.124 → http://urlquery.net/report.php?id=1430828062628
history-news dot org,212.193.229.222,ns3.nic.ru,Parked/expired,
Stealth Name Servers: http://www.dnsinspect.com/nic.ru/1430828857
Fortinet’s Webfilter Malware Alerts 2 2015-05-05 2 -counter.yadro.ru/hit?t50.1;r;s117688524;uhtxp%3A//history-news.org/;0.7981324612639449 Malware
2015-05-05 2 -counter.yadro.ru/hit?q;t50.1;r;s117688524;uhtxp%3A//history-news.org/;0.7981324612639449 Malware
Netcraft Website Rep Status 1 red out of 10: http://toolbar.netcraft.com/site_report?url=http://history-news.org
Encryption (HTTPS) (1) - static assigned Cable/DSL IP address
Communication is NOT encryptedPossible Frontend SPOF from:
fonts.googleapis.com - Whitelist
(98%) -
vk.com - Whitelist
(48%) -
pagead2.googlesyndication.com - Whitelist
(15%) -
Javascript check: suspicious: …
Included Scripts: Suspect - please check list for unknown includes
Suspicious Script:
history-news.org///vk.com/js/api/openapi.js?98
Suspicious 404 Page:
Warning: Directory Indexing Enabled
Also blocked by any decent adblocker = htxp://top-fwz1.mail.ru/ and htxp://hit10.hotlog.ru/
Javascripts included:
-http://history-news.org/wp-includes/js/jquery/jquery.js?ver=1.11.0
-http://history-news.org/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
//vk.com/js/api/openapi.js?98
-http://www.simvolika.org/on.js
-http://pagead2.googlesyndication.com/pagead/show_ads.js
-http://history-news.org/wp-includes/js/masonry.min.js?ver=3.1.2
-http://history-news.org/wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2
-http://history-news.org/wp-content/themes/twentyfourteen/js/functions.js?ver=20140319
Infested with malware according to Sucuri’s:
ISSUE DETECTED DEFINITION INFECTED URL
Website Malware malware-entry-mwblacklisted35 htxp://history-news.org ( View Payload )
Website Malware malware-entry-mwblacklisted35 htxp://history-news.org/?p=16490
Website Malware malware-entry-mwblacklisted35 htxp://history-news.org/?cat=4
Website Malware malware-entry-mwblacklisted35 htxp://history-news.org/?p=16418
Website Malware malware-entry-mwblacklisted35 htxp://history-news.org/?p=15998( View Payload )
Suspicious domain detected. Details: http://sucuri.net/malware/malware-entry-mwblacklisted35
<embed src=“htxp://spu7.ru/banner/banner-spu.swf” rel=“nofollow”
Now /export/banners from wXw.slavrus.net →
https://www.mywot.com/en/scorecard/slavrus.net?utm_source=addon&utm_content=popup
122 malicious files → Detected reference to malicious blacklisted domain -top.mail.ru
blacklisted domain: htxp://top.mail.ru/jump?from%3D2093167 (blocked by an extension in client)
polonus