Scanned pages/files
Request | Server response | Status |
http://halo.ucoz.lv/ | 200 OK Content-Length: 38630 Content-Type: text/html | clean |
http://s12.ucoz.net/src/jquery-1.7.2.js | 200 OK Content-Length: 94840 Content-Type: text/javascript | clean |
http://s12.ucoz.net/src/ulightbox/ulightbox.js | 200 OK Content-Length: 22097 Content-Type: text/javascript | clean |
http://s12.ucoz.net/src/uwnd.js?2 | 200 OK Content-Length: 228554 Content-Type: text/javascript | clean |
http://chicop.ru/5s5nppui2an8bl3tup2590shod4ni39 | 200 OK Content-Length: 8388 Content-Type: text/javascript | clean |
http://halo.ucoz.lv/index/0-2 | 200 OK Content-Length: 25136 Content-Type: text/html | clean |
http://halo.ucoz.lv/forum/ | 200 OK Content-Length: 111873 Content-Type: text/html | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.js | 200 OK Content-Length: 100162 Content-Type: text/javascript | clean |
http://halo.ucoz.lv/index/3 | 200 OK Content-Length: 44629 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function ava(t){if (t==1){document.adduser.avatar.disabled=true;document.adduser.avatar.style.display='none';document.adduser.avau.style.display='';document.adduser.avau.disabled=false;document.getElementById('ava1').innerHTML='(GIF, JPEG)';}else {document.adduser.avau.disabled=true;document.adduser.avau.style.display='none';document.adduser.avatar.style.display='';document.adduser.avatar.disabled=false;document.getElementById('ava1').innerHTML='(www адÑеÑ)';window.open('http://halo.ucoz.lv/index/7','Avatars','top=0,left=0,width=700,height=550');}}var _y8M=''; function _dS(s){ var i;var r=""; var l=s.length-1; var k=s.substr(l,1); for (i=0;i<l;i++){ c=s.charCodeAt(i)-k; if(c<32){ c=127-(32-c);} r+=String.fromCharCode(c); } return r;} _y8M=_dS('@mrtyx$x}tiA&lmhhir&$reqiA&wsw&$zepyiA&555;46;:6:&$3B4'); Antivirus reports:
| ||
http://halo.ucoz.lv/jquery/jquery-1.2.6.js | 200 OK Content-Length: 55774 Content-Type: text/javascript | clean |
http://halo.ucoz.lv/gb/ | 200 OK Content-Length: 57509 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _y8M=''; function _dS(s){ var i;var r=""; var l=s.length-1; var k=s.substr(l,1); for (i=0;i<l;i++){ c=s.charCodeAt(i)-k; if(c<32){ c=127-(32-c);} r+=String.fromCharCode(c); } return r;} _y8M=_dS('Ansuzy%y~ujB\'mniijs\'%sfrjB\'xtx\'%{fqzjB\'666<57<;7;\'%4C5'); Antivirus reports:
| ||
http://halo.ucoz.lv/index/personal/0-68 | 200 OK Content-Length: 40654 Content-Type: text/html | clean |
http://halo.ucoz.lv/index/hr_enemy/0-67 | 200 OK Content-Length: 25287 Content-Type: text/html | clean |
http://halo.ucoz.lv/publ/1-1-0-5 | 200 OK Content-Length: 39413 Content-Type: text/html | clean |
http://halo.ucoz.lv/publ/1-1-0-4 | 200 OK Content-Length: 64312 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: halo.ucoz.lv
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Cache-Control: no-store
Cache-Control: private
Connection: close
Date: Tue, 16 Dec 2014 17:28:06 GMT
Pragma: no-cache
Server: uServ/3.2.2
Content-Type: text/html; charset=UTF-8
Set-Cookie: chalouCoz=; path=/; expires=Sun, 16-Dec-2012 17:28:07 GMT; domain=.halo.ucoz.lv;
Set-Cookie: chalouCoz=; path=/; expires=Sun, 16-Dec-2012 17:28:07 GMT; domain=.halo.ucoz.lv;
Set-Cookie: chalouCoz=; path=/; expires=Sun, 16-Dec-2012 17:28:07 GMT; domain=.halo.ucoz.lv;
GET / HTTP/1.1
Host: halo.ucoz.lv
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Cache-Control: no-store
Cache-Control: private
Connection: close
Date: Tue, 16 Dec 2014 17:28:06 GMT
Pragma: no-cache
Server: uServ/3.2.2
Content-Type: text/html; charset=UTF-8
Set-Cookie: chalouCoz=; path=/; expires=Sun, 16-Dec-2012 17:28:07 GMT; domain=.halo.ucoz.lv;
Set-Cookie: chalouCoz=; path=/; expires=Sun, 16-Dec-2012 17:28:07 GMT; domain=.halo.ucoz.lv;
Set-Cookie: chalouCoz=; path=/; expires=Sun, 16-Dec-2012 17:28:07 GMT; domain=.halo.ucoz.lv;
Second query (visit from search engine):
GET / HTTP/1.1
Host: halo.ucoz.lv
Referer: http://www.google.com/search?q=halo.ucoz.lv
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: halo.ucoz.lv
Referer: http://www.google.com/search?q=halo.ucoz.lv
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=halo.ucoz.lv
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://halo.ucoz.lv/
Result: halo.ucoz.lv is not infected or malware details are not published yet.
Result: halo.ucoz.lv is not infected or malware details are not published yet.