Scanned pages/files
| Request | Server response | Status |
http://first-soft.at.ua/load/4-1-0-136 | 200 OK Content-Length: 52780 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- function Decode(){var temp="",i,c=0,out="";var str="1057!1082!1072!1095!1072!1090!1100!32!1073!1077!1089!1087!1083!1072!1090!1085!1086!32!1089!1086!1092!1090!44!32!1087!1088!1086!1075!1088!1072!1084!1084!1099!44!32!1080!1075!1088!1099!44!32!1092!1080!1083!1100!1084!1099!44!32!1084!1091!1079!1099!1082!1091!44!32!1086!1073!1086!1080!33!33!33!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++;out=out+String.fromCharCode(temp);temp="";}document.write(out);} Antivirus reports:
| ||
http://s32.ucoz.net/src/jquery-1.7.2.js | 200 OK Content-Length: 94840 Content-Type: text/javascript | clean |
http://s32.ucoz.net/src/ulightbox/ulightbox.js | 200 OK Content-Length: 22097 Content-Type: text/javascript | clean |
http://s32.ucoz.net/src/uwnd.js?2 | 200 OK Content-Length: 228554 Content-Type: text/javascript | clean |
http://s32.ucoz.net/src/socCom.js | 200 OK Content-Length: 6344 Content-Type: text/javascript | clean |
http://s32.ucoz.net/cgi/uutils.fcg?a=soc_comment_get_data&site=2first-soft | 200 OK Content-Length: 527 Content-Type: application/javascript | clean |
http://z390.takru.com/in.php?id=399587 | 200 OK Content-Length: 3120 Content-Type: text/html | clean |
http://z390.takru.com/cl.php?key=2501153130414412010755263999281528547354319293873 | HTTP/1.1 200 OK Connection: close Date: Tue, 28 Jul 2015 09:01:13 GMT Server: Apache Content-Length: 198 Content-Type: text/html X-Powered-By: PHP/5.3.29 | clean |
http://tak.ru/ref.html | 200 OK Content-Length: 7330 Content-Type: text/html | clean |
http://tak.ru/rules.html | 200 OK Content-Length: 6094 Content-Type: text/html | clean |
http://tak.ru/ | 200 OK Content-Length: 7639 Content-Type: text/html | clean |
http://tak.ru/docs/faqseller.shtml | 200 OK Content-Length: 12850 Content-Type: text/html | clean |
http://tak.ru/docs/ | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://tak.ru/test404page.js | HTTP/1.1 302 Found Connection: close Date: Tue, 28 Jul 2015 09:01:15 GMT Location: http://tak.ru Server: Apache/1.3.41 (Unix) PHP/5.2.5 mod_log_bytes/1.2 mod_bwlimited/1.4 mod_auth_passthrough/1.8 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.7a Content-Type: text/html; charset=iso-8859-1 | clean |
http://tak.ru/docs/faqbuyer.shtml | 200 OK Content-Length: 19524 Content-Type: text/html | clean |
http://tak.ru/alllinks.php | HTTP/1.1 200 OK Connection: close Date: Tue, 28 Jul 2015 09:01:17 GMT Server: Apache/1.3.41 (Unix) PHP/5.2.5 mod_log_bytes/1.2 mod_bwlimited/1.4 mod_auth_passthrough/1.8 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.7a Content-Type: text/html X-Powered-By: PHP/5.2.5 | clean |
http://web.tak.ru/alllinks.php | 200 OK Content-Length: 17596 Content-Type: text/html | clean |
http://web.tak.ru/ | 200 OK Content-Length: 7634 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: first-soft.at.ua
Result:
GET / HTTP/1.1
Host: first-soft.at.ua
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: first-soft.at.ua
Referer: http://www.google.com/search?q=first-soft.at.ua
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: first-soft.at.ua
Referer: http://www.google.com/search?q=first-soft.at.ua
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=first-soft.at.ua
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://first-soft.at.ua/
Result: first-soft.at.ua is not infected or malware details are not published yet.
Result: first-soft.at.ua is not infected or malware details are not published yet.