Scanned pages/files
Request | Server response | Status |
http://gameka4ka.clan.su/news/zemnaja_zhizn_presvjatoj_bogorodicy_s_opisaniem_ee_ikon/2015-05-24-550 | 200 OK Content-Length: 15161 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) f=0;while(f<89)document.write(String.fromCharCode('=tdsjqu?!wbs!ejw!>!epdvnfou/hfuFmfnfoutCzUbhObnf)(ejw(*\\1^<!ejw/joofsIUNM!>!((<!=0tdsjqu?'.charCodeAt(f++)-1)) Antivirus reports:
| ||
http://s77.ucoz.net/src/jquery-1.7.2.js | 200 OK Content-Length: 94840 Content-Type: text/javascript | clean |
http://s77.ucoz.net/src/ulightbox/ulightbox.js | 200 OK Content-Length: 22097 Content-Type: text/javascript | clean |
http://s77.ucoz.net/src/uwnd.js?2 | 200 OK Content-Length: 228554 Content-Type: text/javascript | clean |
http://s77.ucoz.net/cgi/uutils.fcg?a=soc_comment_get_data&site=6gameka4ka | 200 OK Content-Length: 526 Content-Type: application/javascript | clean |
http://s77.ucoz.net/src/socCom.js | 200 OK Content-Length: 6344 Content-Type: text/javascript | clean |
http://gameka4ka.clan.su//js.advideo.ru/aro.js/ | 404 Not Found Content-Length: 6869 Content-Type: text/html | clean |
http://gameka4ka.clan.su/ | 200 OK Content-Length: 43098 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) f=0;while(f<89)document.write(String.fromCharCode('=tdsjqu?!wbs!ejw!>!epdvnfou/hfuFmfnfoutCzUbhObnf)(ejw(*\\1^<!ejw/joofsIUNM!>!((<!=0tdsjqu?'.charCodeAt(f++)-1)) Antivirus reports:
| ||
http://gameka4ka.clan.su/blog | 200 OK Content-Length: 7713 Content-Type: text/html | clean |
http://gameka4ka.clan.su/index/0-3 | 200 OK Content-Length: 13164 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) f=0;while(f<89)document.write(String.fromCharCode('=tdsjqu?!wbs!ejw!>!epdvnfou/hfuFmfnfoutCzUbhObnf)(ejw(*\\1^<!ejw/joofsIUNM!>!((<!=0tdsjqu?'.charCodeAt(f++)-1)) Antivirus reports:
| ||
http://gameka4ka.clan.su/test404page.js | 404 Not Found Content-Length: 6869 Content-Type: text/html | clean |
http://gameka4ka.clan.su/news/federalnyj_zakon_o_statuse_voennosluzhashhikh/2015-05-24-551 | 200 OK Content-Length: 13755 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) f=0;while(f<89)document.write(String.fromCharCode('=tdsjqu?!wbs!ejw!>!epdvnfou/hfuFmfnfoutCzUbhObnf)(ejw(*\\1^<!ejw/joofsIUNM!>!((<!=0tdsjqu?'.charCodeAt(f++)-1)) Antivirus reports:
| ||
http://gameka4ka.clan.su/search/?q=ФедеÑалÑнÑй закон Ð ÑÑаÑÑÑе военноÑлÑжаÑиÑ
&m=blog | HTTP/1.1 200 OK Cache-Control: no-cache Cache-Control: no-store Cache-Control: private Connection: close Date: Sat, 05 Sep 2015 11:08:37 GMT Pragma: no-cache Server: uServ/3.2.2 Content-Type: text/html; charset=UTF-8 Set-Cookie: 6gameka4kauCoz=; path=/; expires=Thu, 05-Sep-2013 11:08:37 GMT; domain=.gameka4ka.clan.su; Set-Cookie: 6gameka4kauzll=1441451317; path=/; expires=Sun, 04-Sep-2016 11:08:37 GMT; domain=.gameka4ka.clan.su; | clean |
http://keitb.ru/1325?charset=utf-8&keyword=ФедеÑалÑнÑй | HTTP/1.1 302 Moved Temporarily Cache-Control: max-age=0 Connection: close Date: Sat, 05 Sep 2015 11:08:33 GMT Pragma: no-cache Location: http://kered.ru/lim/redirect.php?site=14&page=lending&type=book&img=http%3A%2F%2Fkered.ru%2F1.png&size=0&ext=zip&sid=178153237&key=%D0%A4%D0%B5%D0%B4%D0%B5%D1%80%D0%B0%D0%BB%D1%8C%D0%BD%D1%8B%D0%B9 Server: nginx Content-Type: text/html; charset=utf-8 Expires: Thu, 21 Jul 1977 07:30:00 GMT Last-Modified: Sat, 05 Sep 2015 11:08:33 GMT | clean |
http://kered.ru/lim/redirect.php?site=14&page=lending&type=book&img=http%3a%2f%2fkered.ru%2f1.png&size=0&ext=zip&sid=178153237&key=%d0%a4%d0%b5%d0%b4%d0%b5%d1%80%d0%b0%d0%bb%d1%8c%d0%bd%d1%8b%d0%b9 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sat, 05 Sep 2015 11:08:33 GMT Location: http://dl01.loadingqcc.name?page=lending&type=book&img=http%3A%2F%2Fkered.ru%2F1.png&size=0&ext=zip&sid=178153237&key=%D0%A4%D0%B5%D0%B4%D0%B5%D1%80%D0%B0%D0%BB%D1%8C%D0%BD%D1%8B%D0%B9 Server: nginx Content-Type: text/html; charset=UTF-8 | clean |
http://dl01.loadingqcc.name?page=lending&type=book&img=http%3a%2f%2fkered.ru%2f1.png&size=0&ext=zip&sid=178153237&key=%d0%a4%d0%b5%d0%b4%d0%b5%d1%80%d0%b0%d0%bb%d1%8c%d0%bd%d1%8b%d0%b9/ | HTTP/1.1 302 Found Cache-Control: max-age=259200 Connection: close Date: Sat, 05 Sep 2015 11:08:33 GMT Pragma: no-cache Location: /?page=lending&type=book&img=http%3A%2F%2Fkered.ru%2F1.png&size=0&ext=zip&key=%D0%A4%D0%B5%D0%B4%D0%B5%D1%80%D0%B0%D0%BB%D1%8C%D0%BD%D1%8B%D0%B9%2F Server: nginx/1.0.14 Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Tue, 08 Sep 2015 11:08:33 GMT Set-Cookie: PHPSESSID=2g9l0mdjilc21dtc7i9g4997r6; path=/ X-Powered-By: PHP/5.3.10 | clean |
http://dl01.loadingqcc.name?page=lending&type=book&img=http%3a%2f%2fkered.ru%2f1.png&size=0&ext=zip&sid=178153237&key=%d0%a4%d0%b5%d0%b4%d0%b5%d1%80%d0%b0%d0%bb%d1%8c%d0%bd%d1%8b%d0%b9/?page=lending&type=book&img=http%3a%2f%2fkered.ru%2f1.png&size=0&ext=zip&key=%d0%a4%d0%b5%d0%b4%d0%b5%d1%80%d0%b0%d0%bb%d1%8c%d0%bd%d1%8b%d0%b9%2f | HTTP/1.1 302 Found Cache-Control: max-age=259200 Connection: close Date: Sat, 05 Sep 2015 11:08:33 GMT Pragma: no-cache Location: /?page=lending&type=book&img=http%3A%2F%2Fkered.ru%2F1.png&size=0&ext=zip&key=%D0%A4%D0%B5%D0%B4%D0%B5%D1%80%D0%B0%D0%BB%D1%8C%D0%BD%D1%8B%D0%B9%2F Server: nginx/1.0.14 Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Tue, 08 Sep 2015 11:08:33 GMT Set-Cookie: PHPSESSID=di90sq6cjhl7lqv59175v3fud3; path=/ X-Powered-By: PHP/5.3.10 | clean |
http://gameka4ka.clan.su/news/lunnyj_kalendar_sadovoda_ogorodnika_2005g_l_nikolaev/2015-05-24-18 | 200 OK Content-Length: 14846 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) f=0;while(f<89)document.write(String.fromCharCode('=tdsjqu?!wbs!ejw!>!epdvnfou/hfuFmfnfoutCzUbhObnf)(ejw(*\\1^<!ejw/joofsIUNM!>!((<!=0tdsjqu?'.charCodeAt(f++)-1)) Antivirus reports:
| ||
http://gameka4ka.clan.su/search/?q=ÐÑннÑй календаÑÑ Ñадовода-огоÑодника 2005г - Ð. Ðиколаев&m=blog | HTTP/1.1 200 OK Cache-Control: no-cache Cache-Control: no-store Cache-Control: private Connection: close Date: Sat, 05 Sep 2015 11:08:39 GMT Pragma: no-cache Server: uServ/3.2.2 Content-Type: text/html; charset=UTF-8 Set-Cookie: 6gameka4kauCoz=; path=/; expires=Thu, 05-Sep-2013 11:08:39 GMT; domain=.gameka4ka.clan.su; Set-Cookie: 6gameka4kauzll=1441451319; path=/; expires=Sun, 04-Sep-2016 11:08:39 GMT; domain=.gameka4ka.clan.su; | clean |
http://keitb.ru/1325?charset=utf-8&keyword=ÐÑннÑй | HTTP/1.1 302 Moved Temporarily Cache-Control: max-age=0 Connection: close Date: Sat, 05 Sep 2015 11:08:35 GMT Pragma: no-cache Location: http://kered.ru/lp/?r=8398&q=%D0%9B%D1%83%D0%BD%D0%BD%D1%8B%D0%B9&service=LoadBooks&i=http%3A%2F%2Fkered.ru%2F1.png&type=book&size=3&date=4&hm=1&hs=1&cl=0&qr=1&dt=0&trans=0&pu=1&wap=1 Server: nginx Content-Type: text/html; charset=utf-8 Expires: Thu, 21 Jul 1977 07:30:00 GMT Last-Modified: Sat, 05 Sep 2015 11:08:35 GMT | clean |
http://kered.ru/lp/?r=8398&q=%d0%9b%d1%83%d0%bd%d0%bd%d1%8b%d0%b9&service=loadbooks&i=http%3a%2f%2fkered.ru%2f1.png&type=book&size=3&date=4&hm=1&hs=1&cl=0&qr=1&dt=0&trans=0&pu=1&wap=1 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sat, 05 Sep 2015 11:08:35 GMT Location: http://l0adbbukus.cuisines.pp.ua/?r=8398&q=%D0%9B%D1%83%D0%BD%D0%BD%D1%8B%D0%B9&i=http%3A%2F%2Fkered.ru%2F1.png&type=book&size=3&date=4&hm=1&hs=1&qr=1&pu=1&wap=1&comt=vk Server: nginx Content-Type: text/html; charset=UTF-8 | clean |
http://l0adbbukus.cuisines.pp.ua/?r=8398&q=%d0%9b%d1%83%d0%bd%d0%bd%d1%8b%d0%b9&i=http%3a%2f%2fkered.ru%2f1.png&type=book&size=3&date=4&hm=1&hs=1&qr=1&pu=1&wap=1&comt=vk | 200 OK Content-Length: 74233 Content-Type: text/html | clean |
http://l0adbbukus.cuisines.pp.ua/js/jquery.min.js | 200 OK Content-Length: 93867 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: gameka4ka.clan.su
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 05 Sep 2015 11:08:35 GMT
Server: uServ/3.2.2
Content-Length: 43098
Content-Type: text/html; charset=UTF-8
...43098 bytes of data.
GET / HTTP/1.1
Host: gameka4ka.clan.su
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 05 Sep 2015 11:08:35 GMT
Server: uServ/3.2.2
Content-Length: 43098
Content-Type: text/html; charset=UTF-8
...43098 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: gameka4ka.clan.su
Referer: http://www.google.com/search?q=gameka4ka.clan.su
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: gameka4ka.clan.su
Referer: http://www.google.com/search?q=gameka4ka.clan.su
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=gameka4ka.clan.su
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://gameka4ka.clan.su/
Result: gameka4ka.clan.su is not infected or malware details are not published yet.
Result: gameka4ka.clan.su is not infected or malware details are not published yet.