Scanned pages/files
Request | Server response | Status |
http://cxema.my1.ru/publ/ehkvalajzery_zvukovykh_signalov_na_ba3822ls_ls2009_ba3842f_tea6360/5-1-0-607 | 200 OK Content-Length: 121204 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function addcom(f){if (document.getElementById('addcBut')){document.getElementById('addcBut').disabled=true;}else {try{document.addform.submit.disabled=true;}catch(e){}}if (document.getElementById('eMessage')){document.getElementById('eMessage').innerHTML='<span style="color:#8B8B8B"><img src="http://s2.ucoz.net/img/ma/m/i2.gif" border="0" align="absmiddle" width="13" height="13"> ÐÐ´ÐµÑ Ð¿ÐµÑедаÑа даннÑÑ
...</span>';}_uPostForm('acform',{type:'POST',url:'http://cxema.my1.ru/index/'});}var _y8M=''; function _dS(s){ var i;var r=""; var l=s.length-1; var k=s.substr(l,1); for (i=0;i<l;i++){ c=s.charCodeAt(i)-k; if(c<32){ c=127-(32-c);} r+=String.fromCharCode(c); } return r;} _y8M=_dS('Ansuzy%y~ujB\'mniijs\'%sfrjB\'xtx\'%{fqzjB\'7789<9=>85\'%4C5'); Antivirus reports:
| ||
http://s2.ucoz.net/src/jquery-1.7.2.js | 200 OK Content-Length: 94840 Content-Type: text/javascript | clean |
http://s2.ucoz.net/src/ulightbox/ulightbox.js | 200 OK Content-Length: 22097 Content-Type: text/javascript | clean |
http://s2.ucoz.net/src/uwnd.js?2 | 200 OK Content-Length: 228554 Content-Type: text/javascript | clean |
http://s2.ucoz.net/src/socCom.js | 200 OK Content-Length: 6344 Content-Type: text/javascript | clean |
http://s2.ucoz.net/cgi/uutils.fcg?a=soc_comment_get_data&site=5cxema | 200 OK Content-Length: 522 Content-Type: application/javascript | clean |
http://cxema.my1.ru/csshorizontalmenu.js | 200 OK Content-Length: 1251 Content-Type: text/javascript | clean |
http://s2.ucoz.net/uwbb/lang/ru.js | 200 OK Content-Length: 2994 Content-Type: text/javascript | clean |
http://s2.ucoz.net/uwbb/uwbb.js | 200 OK Content-Length: 123744 Content-Type: text/javascript | clean |
http://cxema.my1.ru/bbcodes/bbcodes.js | 200 OK Content-Length: 7628 Content-Type: text/javascript | clean |
http://code.directadvert.ru/show.cgi?adp=162144&div=DIV_DA_162144 | 200 OK Content-Length: 946 Content-Type: application/x-javascript | clean |
http://cxema.my1.ru/js/toTop.js | 200 OK Content-Length: 351 Content-Type: text/javascript | clean |
http://counter.rambler.ru/top100.jcn?1771213 | 200 OK Content-Length: 6853 Content-Type: application/x-javascript | clean |
http://st.pc.adonweb.ru/js/adv_out.js | 200 OK Content-Length: 8095 Content-Type: application/x-javascript | clean |
http://code.directadvert.ru/show.cgi?adp=162194&div=DIV_DA_162194 | 200 OK Content-Length: 946 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: cxema.my1.ru
Result:
GET / HTTP/1.1
Host: cxema.my1.ru
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: cxema.my1.ru
Referer: http://www.google.com/search?q=cxema.my1.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: cxema.my1.ru
Referer: http://www.google.com/search?q=cxema.my1.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=cxema.my1.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://cxema.my1.ru/
Result: cxema.my1.ru is not infected or malware details are not published yet.
Result: cxema.my1.ru is not infected or malware details are not published yet.